add workflow to upload release to GitHub packages #233
Conversation
Tiihott
left a comment
Tiihott
left a comment
There was a problem hiding this comment.
Overall looks consistent with the mvn_01 example and the additional logic for fork handling seems fine.
The addition of content read permission requires clarification though.
| name: Upload | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: read |
There was a problem hiding this comment.
Is read permission required? The read permission is not used in mvn_01 example.
There was a problem hiding this comment.
I tried to give the jobs minimum permissions when using an access token, as recommended here GitHub Guide
There was a problem hiding this comment.
The read permission should not be necessary as mvn_01 repository version is known to work at the moment
kortemik
requested review from
StrongestNumber9
and removed request for
StrongestNumber9
elliVM
force-pushed
the
release-github-packages
branch
from
b4c673b to
4bb4f70
Compare
|
rebased |
| name: Upload | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: read |
There was a problem hiding this comment.
The read permission should not be necessary as mvn_01 repository version is known to work at the moment
| if [ "${{ github.repository_owner }}" = "teragrep" ]; then | ||
| mvn --batch-mode -Drevision=${{ github.event.release.tag_name }} -Dsha1= -Dchangelist= -Dgithub.packages.url="https://maven.pkg.github.com/${{ github.repository_owner }}/pth_06" clean deploy -Ppublish-github-packages | ||
| else | ||
| mvn --batch-mode -Drevision=${{ github.event.release.tag_name }}-${{ github.actor }} -Dsha1= -Dchangelist= -Dgithub.packages.url="https://maven.pkg.github.com/${{ github.repository_owner }}/pth_06" -Dgpg.skip=true clean deploy -Ppublish-github-packages |
There was a problem hiding this comment.
I guess this is good compromise between security and readability. I think we have removed gpg plugin completely for some other builds which weren't published to maven central. Edit: Ah, there were github.actor as well. Then it is all good otherwise.
What is the point of the github.packages.url property though? In mvn_01 the url is set as such https://github.com/teragrep/mvn_01/blob/main/workflows/pom.xml#L168C11-L168C75
There was a problem hiding this comment.
Additional note: The signing is not set up. Read https://github.com/teragrep/mvn_01/blob/main/workflows/upload_release_maven_central.yaml#L24-L41 for more
There was a problem hiding this comment.
skipping signing completely since it's not really relevant for GitHub packages
pom.xml
Outdated
| <id>github</id> | ||
| <name>GitHub Packages</name> | ||
| <url>https://maven.pkg.github.com/teragrep/pth_06</url> | ||
| <url>${github.packages.url}</url> |
There was a problem hiding this comment.
Use https://maven.pkg.github.com/${env.GITHUB_REPOSITORY} as the value, do not pass anything as property
There was a problem hiding this comment.
fixed to use suggestion value
elliVM
force-pushed
the
release-github-packages
branch
from
4bb4f70 to
d245500
Compare
|
rebased |
|
|
|
decided to remove the gpa signing completely from this workflow since packages doesn't require signed artifacts |
…to github packages
elliVM
force-pushed
the
release-github-packages
branch
from
0a29318 to
f0f7374
Compare
|
rebased |
3 participants
Description
Allows for publishing releases as GitHub Packages based on mvn_01 example.