mirror of
https://github.com/actions/setup-java.git
synced 2026-07-12 00:55:39 +00:00
Compare commits
4 Commits
16068d598f
...
7df144eabc
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
7df144eabc | ||
|
|
799ee7c97e | ||
|
|
e518b2fd8d | ||
|
|
58d36cecb0 |
@ -118,6 +118,8 @@ Currently, the following distributions are supported:
|
|||||||
|
|
||||||
**NOTE:** For Azul Zulu OpenJDK architectures x64 and arm64 are mapped to x86 / arm with proper hw_bitness.
|
**NOTE:** For Azul Zulu OpenJDK architectures x64 and arm64 are mapped to x86 / arm with proper hw_bitness.
|
||||||
|
|
||||||
|
**NOTE:** To comply with the GraalVM Free Terms and Conditions (GFTC) license, it is recommended to use GraalVM JDK 17 version 17.0.12, as this is the only version of GraalVM JDK 17 available under the GFTC license. Additionally, it is encouraged to consider upgrading to GraalVM JDK 21, which offers the latest features and improvements.
|
||||||
|
|
||||||
### Caching packages dependencies
|
### Caching packages dependencies
|
||||||
The action has a built-in functionality for caching and restoring dependencies. It uses [toolkit/cache](https://github.com/actions/toolkit/tree/main/packages/cache) under hood for caching dependencies but requires less configuration settings. Supported package managers are gradle, maven and sbt. The format of the used cache key is `setup-java-${{ platform }}-${{ packageManager }}-${{ fileHash }}`, where the hash is based on the following files:
|
The action has a built-in functionality for caching and restoring dependencies. It uses [toolkit/cache](https://github.com/actions/toolkit/tree/main/packages/cache) under hood for caching dependencies but requires less configuration settings. Supported package managers are gradle, maven and sbt. The format of the used cache key is `setup-java-${{ platform }}-${{ packageManager }}-${{ fileHash }}`, where the hash is based on the following files:
|
||||||
|
|
||||||
|
|||||||
@ -370,14 +370,13 @@ jobs:
|
|||||||
server-id: maven # Value of the distributionManagement/repository/id field of the pom.xml
|
server-id: maven # Value of the distributionManagement/repository/id field of the pom.xml
|
||||||
server-username: MAVEN_USERNAME # env variable for username in deploy
|
server-username: MAVEN_USERNAME # env variable for username in deploy
|
||||||
server-password: MAVEN_CENTRAL_TOKEN # env variable for token in deploy
|
server-password: MAVEN_CENTRAL_TOKEN # env variable for token in deploy
|
||||||
gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
|
|
||||||
gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
|
|
||||||
|
|
||||||
- name: Publish to Apache Maven Central
|
- name: Publish to Apache Maven Central
|
||||||
run: mvn deploy
|
run: mvn deploy -Dgpg.signer=bc
|
||||||
env:
|
env:
|
||||||
MAVEN_USERNAME: maven_username123
|
MAVEN_USERNAME: maven_username123
|
||||||
MAVEN_CENTRAL_TOKEN: ${{ secrets.MAVEN_CENTRAL_TOKEN }}
|
MAVEN_CENTRAL_TOKEN: ${{ secrets.MAVEN_CENTRAL_TOKEN }}
|
||||||
|
MAVEN_GPG_KEY: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
|
||||||
MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
|
MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
|
||||||
```
|
```
|
||||||
|
|
||||||
@ -413,10 +412,6 @@ The two `settings.xml` files created from the above example look like the follow
|
|||||||
<username>${env.MAVEN_USERNAME}</username>
|
<username>${env.MAVEN_USERNAME}</username>
|
||||||
<password>${env.MAVEN_CENTRAL_TOKEN}</password>
|
<password>${env.MAVEN_CENTRAL_TOKEN}</password>
|
||||||
</server>
|
</server>
|
||||||
<server>
|
|
||||||
<id>gpg.passphrase</id>
|
|
||||||
<passphrase>${env.MAVEN_GPG_PASSPHRASE}</passphrase>
|
|
||||||
</server>
|
|
||||||
</servers>
|
</servers>
|
||||||
</settings>
|
</settings>
|
||||||
```
|
```
|
||||||
@ -425,21 +420,6 @@ The two `settings.xml` files created from the above example look like the follow
|
|||||||
|
|
||||||
If you don't want to overwrite the `settings.xml` file, you can set `overwrite-settings: false`
|
If you don't want to overwrite the `settings.xml` file, you can set `overwrite-settings: false`
|
||||||
|
|
||||||
### Extra setup for pom.xml:
|
|
||||||
|
|
||||||
The Maven GPG Plugin configuration in the pom.xml file should contain the following structure to avoid possible issues like `Inappropriate ioctl for device` or `gpg: signing failed: No such file or directory`:
|
|
||||||
|
|
||||||
```xml
|
|
||||||
<configuration>
|
|
||||||
<!-- Prevent gpg from using pinentry programs -->
|
|
||||||
<gpgArguments>
|
|
||||||
<arg>--pinentry-mode</arg>
|
|
||||||
<arg>loopback</arg>
|
|
||||||
</gpgArguments>
|
|
||||||
</configuration>
|
|
||||||
```
|
|
||||||
GPG 2.1 requires `--pinentry-mode` to be set to `loopback` in order to pick up the `gpg.passphrase` value defined in Maven `settings.xml`.
|
|
||||||
|
|
||||||
### GPG
|
### GPG
|
||||||
|
|
||||||
If `gpg-private-key` input is provided, the private key will be written to a file in the runner's temp directory, the private key file will be imported into the GPG keychain, and then the file will be promptly removed before proceeding with the rest of the setup process. A cleanup step will remove the imported private key from the GPG keychain after the job completes regardless of the job status. This ensures that the private key is no longer accessible on self-hosted runners and cannot "leak" between jobs (hosted runners are always clean instances).
|
If `gpg-private-key` input is provided, the private key will be written to a file in the runner's temp directory, the private key file will be imported into the GPG keychain, and then the file will be promptly removed before proceeding with the rest of the setup process. A cleanup step will remove the imported private key from the GPG keychain after the job completes regardless of the job status. This ensures that the private key is no longer accessible on self-hosted runners and cannot "leak" between jobs (hosted runners are always clean instances).
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user