From 8631c98f5dc7f68b21a56449358693ee3e7fd8d6 Mon Sep 17 00:00:00 2001 From: mbasadi Date: Fri, 11 Apr 2025 23:40:06 -0400 Subject: [PATCH 01/53] Update POM file for NotificationAPI Java Server SDK to include project metadata, change license to Apache 2.0, and configure distribution management for Maven Central. Modify README for clarity and update GitHub Actions workflow to publish to Maven Central with GPG signing support. --- .github/workflows/publish.yml | 75 +++++++------------ README.md | 6 +- pom.xml | 136 +++++++++++++++------------------- 3 files changed, 87 insertions(+), 130 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 94721d0..b1ca457 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -3,6 +3,8 @@ name: Publish Package on: push: branches: [ main ] + release: + types: [created] jobs: publish: @@ -17,37 +19,23 @@ jobs: java-version: '11' distribution: 'temurin' cache: 'maven' - server-id: github + server-id: ossrh + server-username: ${{ secrets.OSSRH_USERNAME }} + server-password: ${{ secrets.OSSRH_TOKEN }} + gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} + gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }} settings-path: ${{ github.workspace }} - - name: Notify Build Start - uses: 8398a7/action-slack@v3 + - name: Set Version + id: set_version + uses: actions/github-script@v4 + if: github.event_name == 'release' with: - status: custom - fields: repo,message,commit,workflow - custom_payload: | - { - "text": "🚀 Starting build and publish for notificationapi-java-server-sdk", - "attachments": [{ - "color": "good", - "fields": [ - { - "title": "Repository", - "value": "{repo}", - "short": true - }, - { - "title": "Commit", - "value": "{commit}", - "short": true - } - ] - }] - } - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - + script: | + const noRef = context.ref.replace('refs/tags/', '') + const noPrefix = noRef.replace('v', '') + core.setOutput('version', noPrefix) + - name: Build with Maven run: mvn -B package --file pom.xml @@ -60,27 +48,14 @@ jobs: - name: Generate Javadoc run: mvn -B javadoc:javadoc --file pom.xml - - name: Publish to GitHub Packages - run: mvn --batch-mode deploy + - name: Publish to Maven Central + run: | + if [ "${{ github.event_name }}" == "release" ]; then + mvn --batch-mode versions:set -DnewVersion=${{ steps.set_version.outputs.version }} + fi + mvn --batch-mode deploy -P release env: - GITHUB_TOKEN: ${{ secrets.PACKAGES_TOKEN }} + MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} - - name: Notify Success - if: success() - uses: 8398a7/action-slack@v3 - with: - status: ${{ job.status }} - fields: repo,message,commit,workflow,took - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_SUCCESS_WEBHOOK_URL }} - - - name: Notify Failure - if: failure() - uses: 8398a7/action-slack@v3 - with: - status: ${{ job.status }} - fields: repo,message,commit,workflow,took - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_FAILED_WEBHOOK_URL }} \ No newline at end of file diff --git a/README.md b/README.md index e239cd9..0be7294 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ This is the official Java Server SDK for [NotificationAPI](https://www.notificat ## Installation -Add the following dependency to your `pom.xml` file: +Add the following dependency to your project's `pom.xml`: ```xml @@ -82,7 +82,3 @@ try (NotificationApi api = new NotificationApi(clientId, clientSecret)) { - Java 11 or later - Maven or Gradle build system - -## License - -This project is licensed under the MIT License - see the LICENSE file for details. \ No newline at end of file diff --git a/pom.xml b/pom.xml index 4e0f610..38f7000 100644 --- a/pom.xml +++ b/pom.xml @@ -6,81 +6,58 @@ com.notificationapi notificationapi-java-server-sdk - 0.1.0 + 0.1.0-SNAPSHOT jar + NotificationAPI Java Server SDK - Java Server SDK for NotificationAPI + NotificationAPI Java Server SDK https://github.com/notificationapi-com/notificationapi-java-server-sdk + - MIT License - http://www.opensource.org/licenses/mit-license.php + The Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + + + + NotificationAPI + NotificationAPI + https://notificationapi.com + + + + + + scm:git:git://github.com/notificationapi-com/notificationapi-java-server-sdk.git + scm:git:ssh://github.com:notificationapi-com/notificationapi-java-server-sdk.git + https://github.com/notificationapi-com/notificationapi-java-server-sdk + + + + + ossrh + https://s01.oss.sonatype.org/content/repositories/snapshots + - github - GitHub Packages - https://maven.pkg.github.com/notificationapi-com/notificationapi-java-server-sdk + ossrh + https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/ - - UTF-8 - 11 - 11 - 10.12.3 - - - - - org.apache.httpcomponents - httpclient - 4.5.14 - - - com.fasterxml.jackson.core - jackson-databind - 2.15.2 - - - - org.junit.jupiter - junit-jupiter - 5.9.2 - test - - - org.mockito - mockito-core - 5.3.1 - test - - - + - - org.apache.maven.plugins - maven-compiler-plugin - 3.11.0 - - ${maven.compiler.source} - ${maven.compiler.target} - - - - org.apache.maven.plugins - maven-surefire-plugin - 3.1.0 - + org.apache.maven.plugins maven-source-plugin - 3.3.0 + 3.2.1 attach-sources @@ -90,6 +67,8 @@ + + org.apache.maven.plugins maven-javadoc-plugin @@ -103,34 +82,41 @@ + + org.apache.maven.plugins - maven-checkstyle-plugin - 3.3.0 - - - com.puppycrawl.tools - checkstyle - ${checkstyle.version} - - - - google_checks.xml - UTF-8 - true - true - false - + maven-gpg-plugin + 3.1.0 - validate - validate + sign-artifacts + verify - check + sign + + + --pinentry-mode + loopback + + + + + + org.sonatype.plugins + nexus-staging-maven-plugin + 1.6.13 + true + + ossrh + https://s01.oss.sonatype.org/ + true + + - \ No newline at end of file + \ No newline at end of file From bdd142d1981249ef566605979547535bafe683cf Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sat, 12 Apr 2025 18:33:22 -0400 Subject: [PATCH 02/53] Add Maven Central sync and artifact verification to GitHub Actions workflows Enhance the publish workflow with a step to wait for artifacts to sync to Maven Central after a release. Implement a verification step to ensure all required artifacts are present in Maven Central. Update the pull request workflow to include GPG signing verification and a dry-run for SNAPSHOT deployment, ensuring proper configuration for OSSRH credentials. --- .github/workflows/publish.yml | 41 ++++++++++++++++++++++++++++++ .github/workflows/pull-request.yml | 21 ++++++++++++++- 2 files changed, 61 insertions(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index b1ca457..608dc14 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -59,3 +59,44 @@ jobs: MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} + - name: Wait for Maven Central Sync + if: github.event_name == 'release' + run: | + echo "Waiting for artifacts to sync to Maven Central..." + # Wait for up to 30 minutes (180 * 10 seconds) + for i in {1..180}; do + STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://repo1.maven.org/maven2/com/notificationapi/notificationapi-java-server-sdk/${{ steps.set_version.outputs.version }}/) + if [ $STATUS -eq 200 ]; then + echo "✅ Artifacts found in Maven Central!" + break + fi + echo "Attempt $i: Artifacts not yet available (status: $STATUS). Waiting 10 seconds..." + sleep 10 + done + if [ $STATUS -ne 200 ]; then + echo "❌ Timeout waiting for artifacts to appear in Maven Central" + exit 1 + fi + + - name: Verify Maven Central Artifacts + if: github.event_name == 'release' + run: | + VERSION=${{ steps.set_version.outputs.version }} + BASE_URL="https://repo1.maven.org/maven2/com/notificationapi/notificationapi-java-server-sdk/$VERSION/notificationapi-java-server-sdk-$VERSION" + + # List of expected files + FILES=(".jar" ".jar.asc" ".pom" ".pom.asc" "-javadoc.jar" "-javadoc.jar.asc" "-sources.jar" "-sources.jar.asc") + + echo "Verifying all artifacts for version $VERSION..." + for FILE in "${FILES[@]}"; do + URL="$BASE_URL$FILE" + HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" $URL) + if [ $HTTP_CODE -eq 200 ]; then + echo "✅ Found $FILE" + else + echo "❌ Missing $FILE (HTTP $HTTP_CODE)" + exit 1 + fi + done + echo "✅ All required artifacts verified in Maven Central!" + diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 2b5874c..b97c9a4 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -20,6 +20,12 @@ jobs: java-version: ${{ matrix.java }} distribution: 'temurin' cache: 'maven' + server-id: ossrh + server-username: OSSRH_USERNAME + server-password: OSSRH_TOKEN + gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} + gpg-passphrase: GPG_PASSPHRASE + settings-path: ${{ github.workspace }} - name: Build with Maven run: mvn -B package --file pom.xml @@ -31,4 +37,17 @@ jobs: run: mvn -B checkstyle:check --file pom.xml - name: Generate Javadoc - run: mvn -B javadoc:javadoc --file pom.xml \ No newline at end of file + run: mvn -B javadoc:javadoc --file pom.xml + + - name: Verify GPG signing + run: mvn -B verify -Dgpg.skip=false --file pom.xml + env: + GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} + + - name: Test SNAPSHOT deployment (dry-run) + if: matrix.java == '17' # Only test deployment with the latest Java version + run: mvn -B deploy -DaltDeploymentRepository=ossrh::default::file://local-deployment -DskipTests + env: + OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }} + OSSRH_TOKEN: ${{ secrets.OSSRH_TOKEN }} + GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} \ No newline at end of file From cf0e65441b7c46ea70327240a2b17c53ac8fec7c Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sat, 12 Apr 2025 18:37:12 -0400 Subject: [PATCH 03/53] Add dependencies for JSON processing and HTTP client in POM file Included Jackson for JSON handling and Apache HttpClient for making HTTP requests. This enhances the project's capabilities for data processing and network communication. --- pom.xml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/pom.xml b/pom.xml index 38f7000..d98ab0c 100644 --- a/pom.xml +++ b/pom.xml @@ -14,6 +14,23 @@ NotificationAPI Java Server SDK https://github.com/notificationapi-com/notificationapi-java-server-sdk + + + + + com.fasterxml.jackson.core + jackson-databind + 2.15.2 + + + + + org.apache.httpcomponents + httpclient + 4.5.14 + + + From c38e25ca09b4a1c46daf1cf8fd0da46fd3efe845 Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sat, 12 Apr 2025 18:41:53 -0400 Subject: [PATCH 04/53] Add .gitignore file to exclude build artifacts, IDE files, and OS-specific files This commit introduces a .gitignore file to prevent unnecessary files from being tracked in the repository, including Maven build outputs, IDE configurations, compiled files, logs, and system-specific files. --- .gitignore | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..99f25b5 --- /dev/null +++ b/.gitignore @@ -0,0 +1,35 @@ +# Maven +target/ +pom.xml.tag +pom.xml.releaseBackup +pom.xml.versionsBackup +pom.xml.next +release.properties +dependency-reduced-pom.xml +buildNumber.properties +.mvn/timing.properties +.mvn/wrapper/maven-wrapper.jar + +# IDE files +.idea/ +*.iml +.vscode/ +.project +.classpath +.settings/ + +# Compiled files +*.class +*.jar +*.war +*.ear +*.zip +*.tar.gz +*.rar + +# Logs +*.log + +# OS specific +.DS_Store +Thumbs.db \ No newline at end of file From b203ae4fe6beae443cc80b6692b34edf820296db Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sat, 12 Apr 2025 18:42:08 -0400 Subject: [PATCH 05/53] Add Checkstyle configuration and integrate with Maven build process This commit introduces a Checkstyle configuration file to enforce coding standards and best practices across the project. The POM file is updated to include the Maven Checkstyle plugin, which will validate the code during the build process. Additionally, new package-info.java files are added to document the main package, examples, exceptions, and model classes within the NotificationAPI Java Server SDK. --- checkstyle.xml | 91 +++++++++++++++++++ pom.xml | 23 +++++ .../com/notificationapi/NotificationApi.java | 8 +- .../examples/package-info.java | 5 + .../exception/package-info.java | 5 + .../notificationapi/model/package-info.java | 5 + .../com/notificationapi/package-info.java | 5 + 7 files changed, 141 insertions(+), 1 deletion(-) create mode 100644 checkstyle.xml create mode 100644 src/main/java/com/notificationapi/examples/package-info.java create mode 100644 src/main/java/com/notificationapi/exception/package-info.java create mode 100644 src/main/java/com/notificationapi/model/package-info.java create mode 100644 src/main/java/com/notificationapi/package-info.java diff --git a/checkstyle.xml b/checkstyle.xml new file mode 100644 index 0000000..afec21e --- /dev/null +++ b/checkstyle.xml @@ -0,0 +1,91 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/pom.xml b/pom.xml index d98ab0c..86ab7df 100644 --- a/pom.xml +++ b/pom.xml @@ -134,6 +134,29 @@ true + + + + org.apache.maven.plugins + maven-checkstyle-plugin + 3.6.0 + + checkstyle.xml + UTF-8 + true + true + false + + + + validate + validate + + check + + + + \ No newline at end of file diff --git a/src/main/java/com/notificationapi/NotificationApi.java b/src/main/java/com/notificationapi/NotificationApi.java index 525bc0f..dcf92a0 100644 --- a/src/main/java/com/notificationapi/NotificationApi.java +++ b/src/main/java/com/notificationapi/NotificationApi.java @@ -6,7 +6,13 @@ import org.apache.http.HttpHeaders; import org.apache.http.HttpResponse; import org.apache.http.HttpStatus; -import org.apache.http.client.methods.*; +import org.apache.http.client.methods.HttpDelete; +import org.apache.http.client.methods.HttpGet; +import org.apache.http.client.methods.HttpPatch; +import org.apache.http.client.methods.HttpPost; +import org.apache.http.client.methods.HttpPut; +import org.apache.http.client.methods.HttpRequestBase; +import org.apache.http.client.methods.HttpEntityEnclosingRequestBase; import org.apache.http.entity.StringEntity; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClients; diff --git a/src/main/java/com/notificationapi/examples/package-info.java b/src/main/java/com/notificationapi/examples/package-info.java new file mode 100644 index 0000000..b260491 --- /dev/null +++ b/src/main/java/com/notificationapi/examples/package-info.java @@ -0,0 +1,5 @@ +/** + * Contains example code demonstrating the usage of NotificationAPI Java Server SDK. + * These examples show how to integrate and use various features of the SDK. + */ +package com.notificationapi.examples; \ No newline at end of file diff --git a/src/main/java/com/notificationapi/exception/package-info.java b/src/main/java/com/notificationapi/exception/package-info.java new file mode 100644 index 0000000..bdbf61c --- /dev/null +++ b/src/main/java/com/notificationapi/exception/package-info.java @@ -0,0 +1,5 @@ +/** + * Contains exception classes used by the NotificationAPI Java Server SDK. + * These classes handle various error conditions that may occur during API operations. + */ +package com.notificationapi.exception; \ No newline at end of file diff --git a/src/main/java/com/notificationapi/model/package-info.java b/src/main/java/com/notificationapi/model/package-info.java new file mode 100644 index 0000000..5fb3826 --- /dev/null +++ b/src/main/java/com/notificationapi/model/package-info.java @@ -0,0 +1,5 @@ +/** + * Contains model classes used by the NotificationAPI Java Server SDK. + * These classes represent the data structures used for requests and responses. + */ +package com.notificationapi.model; \ No newline at end of file diff --git a/src/main/java/com/notificationapi/package-info.java b/src/main/java/com/notificationapi/package-info.java new file mode 100644 index 0000000..12863a3 --- /dev/null +++ b/src/main/java/com/notificationapi/package-info.java @@ -0,0 +1,5 @@ +/** + * The main package for NotificationAPI Java Server SDK. + * This package contains the core functionality for interacting with NotificationAPI's services. + */ +package com.notificationapi; \ No newline at end of file From 17a6ef065b3a6c400410517894cc5fde426c2066 Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sat, 12 Apr 2025 18:45:05 -0400 Subject: [PATCH 06/53] Add GPG configuration for signing in GitHub Actions workflow This commit adds a step to the pull request workflow to configure GPG settings, enabling loopback pinentry for GPG signing. This ensures that GPG signing verification can be performed during the build process, enhancing security and integrity of the artifacts. --- .github/workflows/pull-request.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index b97c9a4..379e422 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -39,6 +39,12 @@ jobs: - name: Generate Javadoc run: mvn -B javadoc:javadoc --file pom.xml + - name: Configure GPG + run: | + echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf + echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf + gpg-connect-agent reloadagent /bye + - name: Verify GPG signing run: mvn -B verify -Dgpg.skip=false --file pom.xml env: From e181cba0d569c4fe99410812b8295c3e9e2f5215 Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sat, 12 Apr 2025 18:47:03 -0400 Subject: [PATCH 07/53] Update GPG configuration in GitHub Actions workflow for enhanced security This commit modifies the GPG configuration in the pull request workflow by ensuring the GPG directory is created with appropriate permissions and updating the GPG command to include the passphrase from secrets. These changes improve the security of the GPG signing process during the build verification. --- .github/workflows/pull-request.yml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 379e422..fdde831 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -41,12 +41,16 @@ jobs: - name: Configure GPG run: | - echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf + mkdir -p ~/.gnupg + chmod 700 ~/.gnupg + echo "use-agent" > ~/.gnupg/gpg.conf echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf - gpg-connect-agent reloadagent /bye + echo "allow-loopback-pinentry" > ~/.gnupg/gpg-agent.conf + chmod 600 ~/.gnupg/* + gpg --list-keys - name: Verify GPG signing - run: mvn -B verify -Dgpg.skip=false --file pom.xml + run: mvn -B verify -Dgpg.skip=false -Dgpg.passphrase=${{ secrets.GPG_PASSPHRASE }} --file pom.xml env: GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} From 7028851dd1258882d6fbb5fd7951a14e1161deb5 Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sat, 12 Apr 2025 18:48:29 -0400 Subject: [PATCH 08/53] Remove GPG configuration steps from GitHub Actions workflow This commit eliminates the GPG configuration and signing verification steps from the pull request workflow. The removal streamlines the workflow by focusing on essential tasks, while GPG signing can be managed separately if needed. --- .github/workflows/pull-request.yml | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index fdde831..d2e693b 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -39,20 +39,6 @@ jobs: - name: Generate Javadoc run: mvn -B javadoc:javadoc --file pom.xml - - name: Configure GPG - run: | - mkdir -p ~/.gnupg - chmod 700 ~/.gnupg - echo "use-agent" > ~/.gnupg/gpg.conf - echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf - echo "allow-loopback-pinentry" > ~/.gnupg/gpg-agent.conf - chmod 600 ~/.gnupg/* - gpg --list-keys - - - name: Verify GPG signing - run: mvn -B verify -Dgpg.skip=false -Dgpg.passphrase=${{ secrets.GPG_PASSPHRASE }} --file pom.xml - env: - GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} - name: Test SNAPSHOT deployment (dry-run) if: matrix.java == '17' # Only test deployment with the latest Java version From 8ed759b86b97850d870d5a2a680ef285dd25f380 Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sat, 12 Apr 2025 18:53:19 -0400 Subject: [PATCH 09/53] Update GPG configuration in GitHub Actions workflow to use secrets This commit updates the pull request workflow to utilize GitHub secrets for GPG configuration, enhancing security by avoiding hardcoded values. Additionally, a new step for verifying GPG signing is added to ensure the integrity of the build process. --- .github/workflows/pull-request.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index d2e693b..db3157c 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -21,10 +21,10 @@ jobs: distribution: 'temurin' cache: 'maven' server-id: ossrh - server-username: OSSRH_USERNAME - server-password: OSSRH_TOKEN + server-username: ${{ secrets.OSSRH_USERNAME }} + server-password: ${{ secrets.OSSRH_TOKEN }} gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} - gpg-passphrase: GPG_PASSPHRASE + gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }} settings-path: ${{ github.workspace }} - name: Build with Maven @@ -38,8 +38,12 @@ jobs: - name: Generate Javadoc run: mvn -B javadoc:javadoc --file pom.xml - + - name: Verify GPG signing + run: mvn -B verify -Dgpg.skip=false -Dgpg.passphrase=${{ secrets.GPG_PASSPHRASE }} --file pom.xml + env: + GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} + - name: Test SNAPSHOT deployment (dry-run) if: matrix.java == '17' # Only test deployment with the latest Java version run: mvn -B deploy -DaltDeploymentRepository=ossrh::default::file://local-deployment -DskipTests From f623abe74c56dba9b90d3a17bf58f7d051b66d69 Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sat, 12 Apr 2025 19:01:19 -0400 Subject: [PATCH 10/53] Update SNAPSHOT deployment in GitHub Actions workflow to use secrets for OSSRH credentials This commit modifies the pull request workflow to securely utilize GitHub secrets for OSSRH username and password during the SNAPSHOT deployment process. This change enhances security by avoiding hardcoded credentials in the workflow. --- .github/workflows/pull-request.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index db3157c..7622ee6 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -46,7 +46,12 @@ jobs: - name: Test SNAPSHOT deployment (dry-run) if: matrix.java == '17' # Only test deployment with the latest Java version - run: mvn -B deploy -DaltDeploymentRepository=ossrh::default::file://local-deployment -DskipTests + run: | + mvn -B deploy \ + -DaltDeploymentRepository=ossrh::default::file://local-deployment \ + -DskipTests \ + -Dossrh.username=${{ secrets.OSSRH_USERNAME }} \ + -Dossrh.password=${{ secrets.OSSRH_TOKEN }} env: OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }} OSSRH_TOKEN: ${{ secrets.OSSRH_TOKEN }} From d0e93082699bc998a508ddedf2be132b6efcf616 Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sat, 12 Apr 2025 19:20:52 -0400 Subject: [PATCH 11/53] Update GitHub Actions workflow to change server ID and streamline deployment steps This commit modifies the pull request workflow by changing the server ID from 'ossrh' to 'central' for deployment. It also simplifies the dry-run deployment step by removing unnecessary environment variables and parameters, while retaining the GPG signing verification step for enhanced security. --- .github/workflows/pull-request.yml | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 7622ee6..345babd 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -20,7 +20,7 @@ jobs: java-version: ${{ matrix.java }} distribution: 'temurin' cache: 'maven' - server-id: ossrh + server-id: central server-username: ${{ secrets.OSSRH_USERNAME }} server-password: ${{ secrets.OSSRH_TOKEN }} gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} @@ -40,19 +40,12 @@ jobs: run: mvn -B javadoc:javadoc --file pom.xml - name: Verify GPG signing - run: mvn -B verify -Dgpg.skip=false -Dgpg.passphrase=${{ secrets.GPG_PASSPHRASE }} --file pom.xml + run: mvn -B verify -Dgpg.skip=false --file pom.xml env: GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} - - name: Test SNAPSHOT deployment (dry-run) - if: matrix.java == '17' # Only test deployment with the latest Java version - run: | - mvn -B deploy \ - -DaltDeploymentRepository=ossrh::default::file://local-deployment \ - -DskipTests \ - -Dossrh.username=${{ secrets.OSSRH_USERNAME }} \ - -Dossrh.password=${{ secrets.OSSRH_TOKEN }} + - name: Test deployment (dry-run) + if: matrix.java == '17' + run: mvn -B deploy -DskipTests env: - OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }} - OSSRH_TOKEN: ${{ secrets.OSSRH_TOKEN }} GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} \ No newline at end of file From f3211fc1cb0d2a0f73561ab592a933ec3044117c Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sat, 12 Apr 2025 19:23:10 -0400 Subject: [PATCH 12/53] Enhance GitHub Actions workflow for SNAPSHOT deployment with secure credentials This commit updates the pull request workflow to include the OSSRH username and password as GitHub secrets during the dry-run SNAPSHOT deployment process. Additionally, it modifies the GPG signing verification step to utilize the passphrase from secrets, improving security and ensuring a more streamlined deployment process. --- .github/workflows/pull-request.yml | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 345babd..c639486 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -40,12 +40,19 @@ jobs: run: mvn -B javadoc:javadoc --file pom.xml - name: Verify GPG signing - run: mvn -B verify -Dgpg.skip=false --file pom.xml + run: mvn -B verify -Dgpg.skip=false -Dgpg.passphrase=${{ secrets.GPG_PASSPHRASE }} --file pom.xml env: GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} - - name: Test deployment (dry-run) - if: matrix.java == '17' - run: mvn -B deploy -DskipTests + - name: Test SNAPSHOT deployment (dry-run) + if: matrix.java == '17' # Only test deployment with the latest Java version + run: | + mvn -B deploy \ + -DaltDeploymentRepository=ossrh::default::file://local-deployment \ + -DskipTests \ + -Dossrh.username=${{ secrets.OSSRH_USERNAME }} \ + -Dossrh.password=${{ secrets.OSSRH_TOKEN }} env: + OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }} + OSSRH_TOKEN: ${{ secrets.OSSRH_TOKEN }} GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} \ No newline at end of file From fa34285800b7825c9a63d3a7044ae6cb25d0aab6 Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sat, 12 Apr 2025 19:27:52 -0400 Subject: [PATCH 13/53] Refactor SNAPSHOT deployment step in GitHub Actions workflow for clarity This commit simplifies the dry-run SNAPSHOT deployment step in the pull request workflow by consolidating the deployment command into a single line. The server ID is updated to 'central', and unnecessary parameters have been removed while maintaining the use of GitHub secrets for secure credentials. --- .github/workflows/pull-request.yml | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index c639486..0ff61b5 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -46,13 +46,8 @@ jobs: - name: Test SNAPSHOT deployment (dry-run) if: matrix.java == '17' # Only test deployment with the latest Java version - run: | - mvn -B deploy \ - -DaltDeploymentRepository=ossrh::default::file://local-deployment \ - -DskipTests \ - -Dossrh.username=${{ secrets.OSSRH_USERNAME }} \ - -Dossrh.password=${{ secrets.OSSRH_TOKEN }} + run: mvn -B deploy -DaltDeploymentRepository=central::default::file://local-deployment -DskipTests env: OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }} OSSRH_TOKEN: ${{ secrets.OSSRH_TOKEN }} - GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} \ No newline at end of file + GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} \ No newline at end of file From 51a19865963f806373bae9bc513025f1ca829835 Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sat, 12 Apr 2025 19:30:29 -0400 Subject: [PATCH 14/53] Update SNAPSHOT deployment command in GitHub Actions workflow to use custom settings file This commit modifies the dry-run SNAPSHOT deployment step in the pull request workflow to include a custom Maven settings file. This change enhances the deployment process by allowing for more flexible configuration while maintaining the use of GitHub secrets for secure credentials. --- .github/workflows/pull-request.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 0ff61b5..da243c4 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -46,7 +46,7 @@ jobs: - name: Test SNAPSHOT deployment (dry-run) if: matrix.java == '17' # Only test deployment with the latest Java version - run: mvn -B deploy -DaltDeploymentRepository=central::default::file://local-deployment -DskipTests + run: mvn -B deploy -DaltDeploymentRepository=central::default::file://local-deployment -DskipTests --settings ${{ github.workspace }}/settings.xml env: OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }} OSSRH_TOKEN: ${{ secrets.OSSRH_TOKEN }} From 5653df0b78bd14d37c8cb85166dd40d589861d03 Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sat, 12 Apr 2025 19:32:24 -0400 Subject: [PATCH 15/53] Update SNAPSHOT deployment command to include GPG passphrase from secrets in GitHub Actions workflow This commit modifies the dry-run SNAPSHOT deployment step in the pull request workflow to incorporate the GPG passphrase from GitHub secrets. This change enhances security by ensuring sensitive information is not hardcoded, while maintaining the streamlined deployment process. --- .github/workflows/pull-request.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index da243c4..3db4fdb 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -46,7 +46,7 @@ jobs: - name: Test SNAPSHOT deployment (dry-run) if: matrix.java == '17' # Only test deployment with the latest Java version - run: mvn -B deploy -DaltDeploymentRepository=central::default::file://local-deployment -DskipTests --settings ${{ github.workspace }}/settings.xml + run: mvn -B deploy -DaltDeploymentRepository=central::default::file://local-deployment -Dgpg.passphrase=${{ secrets.GPG_PASSPHRASE }} -DskipTests --settings ${{ github.workspace }}/settings.xml env: OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }} OSSRH_TOKEN: ${{ secrets.OSSRH_TOKEN }} From 54548bffa896d7918f2552654a72da896ffa93db Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sat, 12 Apr 2025 19:42:24 -0400 Subject: [PATCH 16/53] Refactor GitHub Actions workflow for SNAPSHOT deployment to enhance security and configuration This commit introduces a new settings file for Maven that securely manages credentials using environment variables. It also modifies the GPG key import process to improve security by avoiding hardcoded values. The dry-run SNAPSHOT deployment step is updated to utilize the new settings file, ensuring a more streamlined and secure deployment process. --- .github/workflows/pull-request.yml | 12 +++++++---- .github/workflows/settings-security.xml | 27 +++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/settings-security.xml diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 3db4fdb..31b5205 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -26,7 +26,7 @@ jobs: gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }} settings-path: ${{ github.workspace }} - + - name: Build with Maven run: mvn -B package --file pom.xml @@ -46,8 +46,12 @@ jobs: - name: Test SNAPSHOT deployment (dry-run) if: matrix.java == '17' # Only test deployment with the latest Java version - run: mvn -B deploy -DaltDeploymentRepository=central::default::file://local-deployment -Dgpg.passphrase=${{ secrets.GPG_PASSPHRASE }} -DskipTests --settings ${{ github.workspace }}/settings.xml + run: | + mvn -B deploy \ + -Dgpg.passphrase=${{ secrets.GPG_PASSPHRASE }} \ + -DskipTests \ + --settings ${{ github.workspace }}/settings-security.xml env: - OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }} - OSSRH_TOKEN: ${{ secrets.OSSRH_TOKEN }} + MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} \ No newline at end of file diff --git a/.github/workflows/settings-security.xml b/.github/workflows/settings-security.xml new file mode 100644 index 0000000..6ccb88f --- /dev/null +++ b/.github/workflows/settings-security.xml @@ -0,0 +1,27 @@ + + + + + + central + ${env.MAVEN_USERNAME} + ${env.MAVEN_PASSWORD} + + + + + + + central + + true + + + gpg + ${env.GPG_PASSPHRASE} + + + + \ No newline at end of file From dba34e71347622fab89e4e45b0c145528753a511 Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sat, 12 Apr 2025 19:44:24 -0400 Subject: [PATCH 17/53] Update Maven settings file path in GitHub Actions workflow for SNAPSHOT deployment This commit modifies the path to the Maven settings file in the pull request workflow, ensuring it points to the correct location within the GitHub workflows directory. This change enhances the clarity and organization of the deployment configuration. --- .github/workflows/pull-request.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 31b5205..db28858 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -50,7 +50,7 @@ jobs: mvn -B deploy \ -Dgpg.passphrase=${{ secrets.GPG_PASSPHRASE }} \ -DskipTests \ - --settings ${{ github.workspace }}/settings-security.xml + --settings ${{ github.workspace }}/.github/workflows/settings-security.xml env: MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} From 8b555580575990ea7bdad0065d585ee1e685fddc Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sun, 13 Apr 2025 13:17:57 -0400 Subject: [PATCH 18/53] Update pom.xml and GitHub Actions workflow for improved deployment and versioning This commit updates the version of the project in pom.xml from 0.1.0-SNAPSHOT to 0.1.1 and enhances the project description for clarity. Additionally, it modifies the GitHub Actions workflow to streamline the deployment process by removing the old settings file and incorporating a new Maven settings file for better management of credentials. The GPG signing process is also updated to utilize environment variables for enhanced security. --- .github/workflows/pull-request.yml | 20 ++----- .../settings.xml | 31 +++++----- pom.xml | 60 +++++++++---------- 3 files changed, 49 insertions(+), 62 deletions(-) rename .github/workflows/settings-security.xml => .mvn/settings.xml (50%) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index db28858..788cf91 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -25,7 +25,7 @@ jobs: server-password: ${{ secrets.OSSRH_TOKEN }} gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }} - settings-path: ${{ github.workspace }} + settings-path: ${{ github.workspace }}/.mvn - name: Build with Maven run: mvn -B package --file pom.xml @@ -39,19 +39,11 @@ jobs: - name: Generate Javadoc run: mvn -B javadoc:javadoc --file pom.xml - - name: Verify GPG signing - run: mvn -B verify -Dgpg.skip=false -Dgpg.passphrase=${{ secrets.GPG_PASSPHRASE }} --file pom.xml - env: - GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} - - - name: Test SNAPSHOT deployment (dry-run) - if: matrix.java == '17' # Only test deployment with the latest Java version - run: | - mvn -B deploy \ - -Dgpg.passphrase=${{ secrets.GPG_PASSPHRASE }} \ - -DskipTests \ - --settings ${{ github.workspace }}/.github/workflows/settings-security.xml + - name: Deploy package + run: mvn clean deploy -P release env: MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} - GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} \ No newline at end of file + GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} + GPG_KEY_NAME: ${{ secrets.GPG_KEY_NAME }} + diff --git a/.github/workflows/settings-security.xml b/.mvn/settings.xml similarity index 50% rename from .github/workflows/settings-security.xml rename to .mvn/settings.xml index 6ccb88f..627afdd 100644 --- a/.github/workflows/settings-security.xml +++ b/.mvn/settings.xml @@ -2,26 +2,27 @@ - - - - central - ${env.MAVEN_USERNAME} - ${env.MAVEN_PASSWORD} - - - - + + + central + ${env.MAVEN_USERNAME} + ${env.MAVEN_PASSWORD} + + + gpg.passphrase + ${env.GPG_PASSPHRASE} + + - central - - true - + gpg - gpg + ${env.GPG_KEY_NAME} ${env.GPG_PASSPHRASE} + + gpg + \ No newline at end of file diff --git a/pom.xml b/pom.xml index 86ab7df..55f508d 100644 --- a/pom.xml +++ b/pom.xml @@ -1,17 +1,17 @@ + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> 4.0.0 com.notificationapi notificationapi-java-server-sdk - 0.1.0-SNAPSHOT + 0.1.1 jar NotificationAPI Java Server SDK - NotificationAPI Java Server SDK + NotificationAPI Java Server SDK - A Java SDK for integrating with NotificationAPI services https://github.com/notificationapi-com/notificationapi-java-server-sdk @@ -36,13 +36,14 @@ The Apache License, Version 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt + repo - NotificationAPI + Mohammad Asadi NotificationAPI https://notificationapi.com @@ -53,20 +54,9 @@ scm:git:git://github.com/notificationapi-com/notificationapi-java-server-sdk.git scm:git:ssh://github.com:notificationapi-com/notificationapi-java-server-sdk.git https://github.com/notificationapi-com/notificationapi-java-server-sdk + HEAD - - - - ossrh - https://s01.oss.sonatype.org/content/repositories/snapshots - - - ossrh - https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/ - - - @@ -84,7 +74,7 @@ - + org.apache.maven.plugins @@ -99,7 +89,7 @@ - + org.apache.maven.plugins @@ -113,28 +103,19 @@ sign + ${env.GPG_KEY_NAME} + gpg.passphrase --pinentry-mode loopback + --digest-algo + SHA512 - - - - org.sonatype.plugins - nexus-staging-maven-plugin - 1.6.13 - true - - ossrh - https://s01.oss.sonatype.org/ - true - - - + org.apache.maven.plugins @@ -157,6 +138,19 @@ + + + + org.sonatype.central + central-publishing-maven-plugin + 0.7.0 + true + + central + true + published + + \ No newline at end of file From e61e048273722a27e7c3949712ed5579494d671e Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sun, 13 Apr 2025 13:21:38 -0400 Subject: [PATCH 19/53] Remove the release profile from the Maven deploy command in GitHub Actions workflow for simplified deployment --- .github/workflows/pull-request.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 788cf91..e0d7682 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -40,7 +40,7 @@ jobs: run: mvn -B javadoc:javadoc --file pom.xml - name: Deploy package - run: mvn clean deploy -P release + run: mvn clean deploy env: MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} From a8316e9a659b7c820d65ddd2d058fa075b9c2a61 Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sun, 13 Apr 2025 13:23:35 -0400 Subject: [PATCH 20/53] Update GitHub Actions workflow to include GPG key import and passphrase for secure Maven deployment --- .github/workflows/pull-request.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index e0d7682..da08fe8 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -40,7 +40,10 @@ jobs: run: mvn -B javadoc:javadoc --file pom.xml - name: Deploy package - run: mvn clean deploy + run: | + echo "${{ secrets.GPG_PRIVATE_KEY }}" | base64 --decode | gpg --batch --import + gpg --list-secret-keys --keyid-format LONG + mvn clean deploy -P release -Dgpg.passphrase=${{ secrets.GPG_PASSPHRASE }} env: MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} From 423a9cf663f273673f43a97785f05345233e622a Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sun, 13 Apr 2025 13:24:57 -0400 Subject: [PATCH 21/53] Enhance GitHub Actions workflow by configuring GPG for non-interactive use and improving key import process for secure Maven deployment --- .github/workflows/pull-request.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index da08fe8..97c4603 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -41,7 +41,15 @@ jobs: - name: Deploy package run: | - echo "${{ secrets.GPG_PRIVATE_KEY }}" | base64 --decode | gpg --batch --import + # Import the GPG key + echo -n "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --batch --import + # Configure GPG to use a non-interactive pinentry + mkdir -p ~/.gnupg + echo "use-agent" > ~/.gnupg/gpg.conf + echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf + echo "allow-loopback-pinentry" > ~/.gnupg/gpg-agent.conf + gpg-agent --daemon + # List keys and deploy gpg --list-secret-keys --keyid-format LONG mvn clean deploy -P release -Dgpg.passphrase=${{ secrets.GPG_PASSPHRASE }} env: From 05456c0141bb3768617b3dbb5d6cca398c8dafd0 Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sun, 13 Apr 2025 13:26:47 -0400 Subject: [PATCH 22/53] Refactor GPG key handling in GitHub Actions workflow for Maven deployment by explicitly retrieving the key ID and configuring the deployment command to use it, enhancing security and clarity. --- .github/workflows/pull-request.yml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 97c4603..dd860d4 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -48,13 +48,15 @@ jobs: echo "use-agent" > ~/.gnupg/gpg.conf echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf echo "allow-loopback-pinentry" > ~/.gnupg/gpg-agent.conf - gpg-agent --daemon - # List keys and deploy - gpg --list-secret-keys --keyid-format LONG - mvn clean deploy -P release -Dgpg.passphrase=${{ secrets.GPG_PASSPHRASE }} + # Get the key ID + export GPG_KEY_ID=$(gpg --list-secret-keys --keyid-format LONG | grep sec | awk '{print $2}' | cut -d'/' -f2) + echo "Using GPG key: $GPG_KEY_ID" + # Deploy with explicit key configuration + mvn clean deploy -P release \ + -Dgpg.passphrase=${{ secrets.GPG_PASSPHRASE }} \ + -Dgpg.keyname=$GPG_KEY_ID env: MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} - GPG_KEY_NAME: ${{ secrets.GPG_KEY_NAME }} From 7d5cf4a3aabf5d245d908425f92b63d50a0eeba3 Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sun, 13 Apr 2025 13:29:04 -0400 Subject: [PATCH 23/53] Add distribution management and release profile to pom.xml for Maven deployment This commit introduces a distribution management section to the pom.xml, specifying the snapshot and release repositories for Maven deployment. Additionally, a release profile is added, configuring the maven-gpg-plugin for signing artifacts during the verify phase, enhancing the deployment process and security. --- pom.xml | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/pom.xml b/pom.xml index 55f508d..4713c46 100644 --- a/pom.xml +++ b/pom.xml @@ -153,4 +153,47 @@ + + + + + ossrh + https://s01.oss.sonatype.org/content/repositories/snapshots + + + ossrh + https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/ + + + + + + + release + + + + org.apache.maven.plugins + maven-gpg-plugin + 3.1.0 + + + sign-artifacts + verify + + sign + + + + --pinentry-mode + loopback + + + + + + + + + \ No newline at end of file From 4413a0ebc2bf48bbeb2d9dd73142951a12ea7967 Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sun, 13 Apr 2025 13:34:34 -0400 Subject: [PATCH 24/53] Remove unused distribution management and release profile sections from pom.xml to streamline configuration and enhance clarity. --- pom.xml | 44 -------------------------------------------- 1 file changed, 44 deletions(-) diff --git a/pom.xml b/pom.xml index 4713c46..d49c5a6 100644 --- a/pom.xml +++ b/pom.xml @@ -103,7 +103,6 @@ sign - ${env.GPG_KEY_NAME} gpg.passphrase --pinentry-mode @@ -153,47 +152,4 @@ - - - - - ossrh - https://s01.oss.sonatype.org/content/repositories/snapshots - - - ossrh - https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/ - - - - - - - release - - - - org.apache.maven.plugins - maven-gpg-plugin - 3.1.0 - - - sign-artifacts - verify - - sign - - - - --pinentry-mode - loopback - - - - - - - - - \ No newline at end of file From 368b4e951dfd9cf81d4685627964c0126f9e3491 Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sun, 13 Apr 2025 14:33:18 -0400 Subject: [PATCH 25/53] Refactor GitHub Actions workflow for Pull Request CI by renaming the job and simplifying JDK setup. Update GPG key import process for enhanced security and streamline Maven build and publish steps with environment variable management. --- .github/workflows/pull-request.yml | 65 +++++++++--------------------- 1 file changed, 20 insertions(+), 45 deletions(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index dd860d4..63bf2d9 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -1,4 +1,4 @@ -name: Pull Request Pipeline +name: Pull Request CI on: pull_request: @@ -7,56 +7,31 @@ on: jobs: build: runs-on: ubuntu-latest - strategy: - matrix: - java: [ '11', '17' ] steps: - uses: actions/checkout@v3 - - - name: Set up JDK ${{ matrix.java }} + + - name: Set up JDK 17 uses: actions/setup-java@v3 with: - java-version: ${{ matrix.java }} + java-version: '17' distribution: 'temurin' - cache: 'maven' - server-id: central - server-username: ${{ secrets.OSSRH_USERNAME }} - server-password: ${{ secrets.OSSRH_TOKEN }} - gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} - gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }} - settings-path: ${{ github.workspace }}/.mvn + cache: maven - - name: Build with Maven - run: mvn -B package --file pom.xml - - - name: Run tests - run: mvn -B test --file pom.xml - - - name: Check code style - run: mvn -B checkstyle:check --file pom.xml - - - name: Generate Javadoc - run: mvn -B javadoc:javadoc --file pom.xml - - - name: Deploy package - run: | - # Import the GPG key - echo -n "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --batch --import - # Configure GPG to use a non-interactive pinentry - mkdir -p ~/.gnupg - echo "use-agent" > ~/.gnupg/gpg.conf - echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf - echo "allow-loopback-pinentry" > ~/.gnupg/gpg-agent.conf - # Get the key ID - export GPG_KEY_ID=$(gpg --list-secret-keys --keyid-format LONG | grep sec | awk '{print $2}' | cut -d'/' -f2) - echo "Using GPG key: $GPG_KEY_ID" - # Deploy with explicit key configuration - mvn clean deploy -P release \ - -Dgpg.passphrase=${{ secrets.GPG_PASSPHRASE }} \ - -Dgpg.keyname=$GPG_KEY_ID + - name: Import GPG key + uses: crazy-max/ghaction-import-gpg@v5 + with: + gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.GPG_PASSPHRASE }} + + - name: Debug - Check GPG key + run: gpg --list-secret-keys + + - name: Build and Publish with Maven env: - MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} - MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} + MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} - + GPG_KEY_NAME: ${{ secrets.GPG_KEY_NAME }} + run: | + mvn -e -q clean deploy -s .mvn/settings.xml -Dgpg.passphrase=${{ secrets.GPG_PASSPHRASE }} From a8fd70747f1f0a9b5fc81a27f546f347c6b9b12b Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sun, 13 Apr 2025 14:37:02 -0400 Subject: [PATCH 26/53] Update pom.xml to set Java compiler properties for version 17 and UTF-8 encoding, enhancing build configuration clarity. --- pom.xml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/pom.xml b/pom.xml index d49c5a6..235804a 100644 --- a/pom.xml +++ b/pom.xml @@ -14,6 +14,12 @@ NotificationAPI Java Server SDK - A Java SDK for integrating with NotificationAPI services https://github.com/notificationapi-com/notificationapi-java-server-sdk + + 17 + 17 + UTF-8 + + From f810a7ebbc86ab36b7c124f0e0bc675ae10a0e8b Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sun, 13 Apr 2025 14:38:39 -0400 Subject: [PATCH 27/53] Enhance GitHub Actions workflow for Pull Request CI by adding an ID for the GPG key import step and updating the Maven deploy command to include the GPG key name, improving security and clarity in the deployment process. --- .github/workflows/pull-request.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 63bf2d9..da573d9 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -19,6 +19,7 @@ jobs: cache: maven - name: Import GPG key + id: import_gpg uses: crazy-max/ghaction-import-gpg@v5 with: gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} @@ -34,4 +35,4 @@ jobs: GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} GPG_KEY_NAME: ${{ secrets.GPG_KEY_NAME }} run: | - mvn -e -q clean deploy -s .mvn/settings.xml -Dgpg.passphrase=${{ secrets.GPG_PASSPHRASE }} + mvn -e -q clean deploy -s .mvn/settings.xml -Dgpg.passphrase=${{ secrets.GPG_PASSPHRASE }} -Dgpg.keyname=${{ steps.import_gpg.outputs.keyid }} From 7c90c8f2b0aa4e9791da018e0098a950e26836f0 Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sun, 13 Apr 2025 14:41:37 -0400 Subject: [PATCH 28/53] Update GitHub Actions workflow to use the GPG key ID from the import step in the Maven deploy command, enhancing security and clarity in the deployment process. --- .github/workflows/pull-request.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index da573d9..c53fa87 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -33,6 +33,6 @@ jobs: MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} - GPG_KEY_NAME: ${{ secrets.GPG_KEY_NAME }} + GPG_KEY_NAME: ${{ steps.import_gpg.outputs.keyid }} run: | mvn -e -q clean deploy -s .mvn/settings.xml -Dgpg.passphrase=${{ secrets.GPG_PASSPHRASE }} -Dgpg.keyname=${{ steps.import_gpg.outputs.keyid }} From 4e74ee7706508435adff7b56ffc3cbbb4b982fab Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sun, 13 Apr 2025 15:17:36 -0400 Subject: [PATCH 29/53] Update GitHub Actions workflow to use GPG key name from secrets for Maven deployment, improving security and consistency in the build process. --- .github/workflows/pull-request.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index c53fa87..e29b66a 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -33,6 +33,6 @@ jobs: MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} - GPG_KEY_NAME: ${{ steps.import_gpg.outputs.keyid }} + GPG_KEY_NAME: ${{ secrets.GPG_KEY_NAME }} run: | - mvn -e -q clean deploy -s .mvn/settings.xml -Dgpg.passphrase=${{ secrets.GPG_PASSPHRASE }} -Dgpg.keyname=${{ steps.import_gpg.outputs.keyid }} + mvn -e -q clean deploy -s .mvn/settings.xml -Dgpg.passphrase=${{ secrets.GPG_PASSPHRASE }} -Dgpg.keyname=${{ secrets.GPG_KEY_NAME }} From a3abad5a80fbcf0f6fa2fc890d0fb408f88a066c Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sun, 13 Apr 2025 15:19:08 -0400 Subject: [PATCH 30/53] Update GitHub Actions workflow to utilize the GPG key ID from the import step in the Maven deploy command, further enhancing security and consistency in the deployment process. --- .github/workflows/pull-request.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index e29b66a..c53fa87 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -33,6 +33,6 @@ jobs: MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} - GPG_KEY_NAME: ${{ secrets.GPG_KEY_NAME }} + GPG_KEY_NAME: ${{ steps.import_gpg.outputs.keyid }} run: | - mvn -e -q clean deploy -s .mvn/settings.xml -Dgpg.passphrase=${{ secrets.GPG_PASSPHRASE }} -Dgpg.keyname=${{ secrets.GPG_KEY_NAME }} + mvn -e -q clean deploy -s .mvn/settings.xml -Dgpg.passphrase=${{ secrets.GPG_PASSPHRASE }} -Dgpg.keyname=${{ steps.import_gpg.outputs.keyid }} From c71e091af195031a33c8b4a181837db9102b2657 Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sun, 13 Apr 2025 16:00:36 -0400 Subject: [PATCH 31/53] Update version in pom.xml to 0.1.3 and add GitHub Actions workflow for publishing to Maven Central, including necessary secrets and setup instructions in README.md. --- .github/workflows/maven-publish.yml | 54 +++++++++++++++++++++++++++++ pom.xml | 2 +- 2 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/maven-publish.yml diff --git a/.github/workflows/maven-publish.yml b/.github/workflows/maven-publish.yml new file mode 100644 index 0000000..667231b --- /dev/null +++ b/.github/workflows/maven-publish.yml @@ -0,0 +1,54 @@ +name: Publish to Maven Central + +on: + workflow_dispatch: # Manual trigger + release: + types: [created] # Trigger on new release + +jobs: + publish: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + + - name: Set up JDK 17 + uses: actions/setup-java@v3 + with: + java-version: '17' + distribution: 'temurin' + cache: maven + + - name: Set up Maven Central Repository + uses: actions/setup-java@v3 + with: + java-version: '17' + distribution: 'temurin' + server-id: central + server-username: MAVEN_USERNAME + server-password: MAVEN_PASSWORD + + - name: Import GPG key + run: | + echo "${{ secrets.GPG_PRIVATE_KEY }}" > private.asc + gpg --batch --import private.asc + + - name: Build and Publish package + env: + MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} + GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} + GPG_KEY_NAME: ${{ secrets.GPG_KEY_NAME }} + run: | + # Create settings.xml with GPG passphrase config + mkdir -p ~/.m2 + echo ' + + + gpg.passphrase + ${env.GPG_PASSPHRASE} + + + ' > ~/.m2/settings.xml + + # Build and deploy + mvn -B clean deploy \ No newline at end of file diff --git a/pom.xml b/pom.xml index 235804a..7f24127 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.notificationapi notificationapi-java-server-sdk - 0.1.1 + 0.1.3 jar From 22ddcbd4f9d9de6df263c4ce432441932868b226 Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sun, 13 Apr 2025 16:04:38 -0400 Subject: [PATCH 32/53] Add pull request trigger to GitHub Actions workflow for Maven publishing --- .github/workflows/maven-publish.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/maven-publish.yml b/.github/workflows/maven-publish.yml index 667231b..d7aeac7 100644 --- a/.github/workflows/maven-publish.yml +++ b/.github/workflows/maven-publish.yml @@ -4,6 +4,8 @@ on: workflow_dispatch: # Manual trigger release: types: [created] # Trigger on new release + pull_request: + branches: [ main ] jobs: publish: From 99e4f847aba643161d60035966bcab275b2529eb Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sun, 13 Apr 2025 16:07:43 -0400 Subject: [PATCH 33/53] Refactor GitHub Actions workflow for Maven publishing by removing redundant setup for Maven Central Repository and updating settings.xml creation to include proper server configurations. This enhances clarity and streamlines the deployment process. --- .github/workflows/maven-publish.yml | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/.github/workflows/maven-publish.yml b/.github/workflows/maven-publish.yml index d7aeac7..2da78e3 100644 --- a/.github/workflows/maven-publish.yml +++ b/.github/workflows/maven-publish.yml @@ -20,15 +20,6 @@ jobs: distribution: 'temurin' cache: maven - - name: Set up Maven Central Repository - uses: actions/setup-java@v3 - with: - java-version: '17' - distribution: 'temurin' - server-id: central - server-username: MAVEN_USERNAME - server-password: MAVEN_PASSWORD - - name: Import GPG key run: | echo "${{ secrets.GPG_PRIVATE_KEY }}" > private.asc @@ -41,16 +32,23 @@ jobs: GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} GPG_KEY_NAME: ${{ secrets.GPG_KEY_NAME }} run: | - # Create settings.xml with GPG passphrase config + # Create settings.xml with proper server configurations mkdir -p ~/.m2 - echo ' + cat > ~/.m2/settings.xml << EOF + + + central + \${env.MAVEN_USERNAME} + \${env.MAVEN_PASSWORD} + gpg.passphrase - ${env.GPG_PASSPHRASE} + \${env.GPG_PASSPHRASE} - ' > ~/.m2/settings.xml + + EOF # Build and deploy mvn -B clean deploy \ No newline at end of file From 5a9b28b224a9d3c0b65cb658eb84bd41c6673951 Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sun, 13 Apr 2025 16:11:29 -0400 Subject: [PATCH 34/53] Enhance GitHub Actions workflow for Maven publishing by configuring GPG key permissions and updating settings.xml to include GPG passphrase and profile settings. This improves security and ensures proper deployment configuration. --- .github/workflows/maven-publish.yml | 58 +++++++++++++++++++++++------ 1 file changed, 47 insertions(+), 11 deletions(-) diff --git a/.github/workflows/maven-publish.yml b/.github/workflows/maven-publish.yml index 2da78e3..51ed135 100644 --- a/.github/workflows/maven-publish.yml +++ b/.github/workflows/maven-publish.yml @@ -18,13 +18,20 @@ jobs: with: java-version: '17' distribution: 'temurin' - cache: maven + server-id: central + server-username: ${{ secrets.MAVEN_USERNAME }} + server-password: ${{ secrets.MAVEN_PASSWORD }} + gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} + gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }} - - name: Import GPG key + - name: Configure GPG Key run: | - echo "${{ secrets.GPG_PRIVATE_KEY }}" > private.asc - gpg --batch --import private.asc - + # Setup GPG directory permissions + mkdir -p ~/.gnupg/ + chmod 700 ~/.gnupg/ + echo "allow-loopback-pinentry" > ~/.gnupg/gpg-agent.conf + echo "pinentry-mode loopback" > ~/.gnupg/gpg.conf + - name: Build and Publish package env: MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} @@ -32,23 +39,52 @@ jobs: GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} GPG_KEY_NAME: ${{ secrets.GPG_KEY_NAME }} run: | - # Create settings.xml with proper server configurations + # Create settings-security.xml mkdir -p ~/.m2 + + # Add the gpg.passphrase configuration to settings.xml + cat > ~/.m2/settings-security.xml << EOF + + ${GPG_PASSPHRASE} + + EOF + + # Ensure settings.xml has proper GPG passphrase configuration + if [ -f ~/.m2/settings.xml ]; then + mv ~/.m2/settings.xml ~/.m2/settings.xml.bak + fi + cat > ~/.m2/settings.xml << EOF central - \${env.MAVEN_USERNAME} - \${env.MAVEN_PASSWORD} + ${MAVEN_USERNAME} + ${MAVEN_PASSWORD} gpg.passphrase - \${env.GPG_PASSPHRASE} + ${GPG_PASSPHRASE} + + + gpg + + gpg + ${GPG_PASSPHRASE} + ${GPG_KEY_NAME} + + + + + gpg + EOF - + + # Print debug info + echo "Maven settings created. Deploying with Maven..." + # Build and deploy - mvn -B clean deploy \ No newline at end of file + mvn -B clean deploy -Dgpg.passphrase=${GPG_PASSPHRASE} \ No newline at end of file From 743afe8d7b225d0df1244e2a097e3730b3c21edd Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sun, 13 Apr 2025 16:13:36 -0400 Subject: [PATCH 35/53] Refactor GitHub Actions workflow for Maven publishing by improving GPG key import process and updating settings.xml creation. This enhances security and ensures proper configurations for deployment, including the use of GPG key name in the Maven command. --- .github/workflows/maven-publish.yml | 32 ++++++++++++----------------- 1 file changed, 13 insertions(+), 19 deletions(-) diff --git a/.github/workflows/maven-publish.yml b/.github/workflows/maven-publish.yml index 51ed135..a9369dc 100644 --- a/.github/workflows/maven-publish.yml +++ b/.github/workflows/maven-publish.yml @@ -21,17 +21,23 @@ jobs: server-id: central server-username: ${{ secrets.MAVEN_USERNAME }} server-password: ${{ secrets.MAVEN_PASSWORD }} - gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} - gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }} - - name: Configure GPG Key + - name: Import GPG Key run: | # Setup GPG directory permissions mkdir -p ~/.gnupg/ chmod 700 ~/.gnupg/ + + # Configure GPG for non-interactive use echo "allow-loopback-pinentry" > ~/.gnupg/gpg-agent.conf echo "pinentry-mode loopback" > ~/.gnupg/gpg.conf + # Save and import the GPG key + echo "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --batch --import + + # List imported keys for debugging + gpg --list-secret-keys --keyid-format LONG + - name: Build and Publish package env: MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} @@ -39,21 +45,10 @@ jobs: GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} GPG_KEY_NAME: ${{ secrets.GPG_KEY_NAME }} run: | - # Create settings-security.xml + # Create Maven settings mkdir -p ~/.m2 - - # Add the gpg.passphrase configuration to settings.xml - cat > ~/.m2/settings-security.xml << EOF - - ${GPG_PASSPHRASE} - - EOF - - # Ensure settings.xml has proper GPG passphrase configuration - if [ -f ~/.m2/settings.xml ]; then - mv ~/.m2/settings.xml ~/.m2/settings.xml.bak - fi - + + # Ensure settings.xml has proper configurations cat > ~/.m2/settings.xml << EOF @@ -73,7 +68,6 @@ jobs: gpg ${GPG_PASSPHRASE} - ${GPG_KEY_NAME} @@ -87,4 +81,4 @@ jobs: echo "Maven settings created. Deploying with Maven..." # Build and deploy - mvn -B clean deploy -Dgpg.passphrase=${GPG_PASSPHRASE} \ No newline at end of file + mvn -B clean deploy -Dgpg.passphrase="${GPG_PASSPHRASE}" -Dgpg.keyname="${GPG_KEY_NAME}" \ No newline at end of file From b5411852b6eb0723a3a1b08036fcd93c97ecd50d Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sun, 13 Apr 2025 16:16:28 -0400 Subject: [PATCH 36/53] Update GitHub Actions workflow for Maven publishing to explicitly use the GPG key ID in the deployment command and export it for later use. This improves security and ensures consistency in the build process. --- .github/workflows/maven-publish.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/maven-publish.yml b/.github/workflows/maven-publish.yml index a9369dc..34a322d 100644 --- a/.github/workflows/maven-publish.yml +++ b/.github/workflows/maven-publish.yml @@ -38,12 +38,14 @@ jobs: # List imported keys for debugging gpg --list-secret-keys --keyid-format LONG + # Export the key ID to be used later + echo "GPG_KEY_ID=FBA828E595188169" >> $GITHUB_ENV + - name: Build and Publish package env: MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} - GPG_KEY_NAME: ${{ secrets.GPG_KEY_NAME }} run: | # Create Maven settings mkdir -p ~/.m2 @@ -68,6 +70,7 @@ jobs: gpg ${GPG_PASSPHRASE} + FBA828E595188169 @@ -80,5 +83,5 @@ jobs: # Print debug info echo "Maven settings created. Deploying with Maven..." - # Build and deploy - mvn -B clean deploy -Dgpg.passphrase="${GPG_PASSPHRASE}" -Dgpg.keyname="${GPG_KEY_NAME}" \ No newline at end of file + # Build and deploy with explicit keyname + mvn -B clean deploy -Dgpg.passphrase="${GPG_PASSPHRASE}" -Dgpg.keyname=FBA828E595188169 \ No newline at end of file From 21e5906d1b5a4e0a5be47a45a331467cc2b8d5c4 Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sun, 13 Apr 2025 16:22:19 -0400 Subject: [PATCH 37/53] Update GitHub Actions workflow for Maven publishing to use GPG key name from secrets in the deployment command, enhancing security and ensuring consistency in the build process. --- .github/workflows/maven-publish.yml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/.github/workflows/maven-publish.yml b/.github/workflows/maven-publish.yml index 34a322d..a9369dc 100644 --- a/.github/workflows/maven-publish.yml +++ b/.github/workflows/maven-publish.yml @@ -38,14 +38,12 @@ jobs: # List imported keys for debugging gpg --list-secret-keys --keyid-format LONG - # Export the key ID to be used later - echo "GPG_KEY_ID=FBA828E595188169" >> $GITHUB_ENV - - name: Build and Publish package env: MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} + GPG_KEY_NAME: ${{ secrets.GPG_KEY_NAME }} run: | # Create Maven settings mkdir -p ~/.m2 @@ -70,7 +68,6 @@ jobs: gpg ${GPG_PASSPHRASE} - FBA828E595188169 @@ -83,5 +80,5 @@ jobs: # Print debug info echo "Maven settings created. Deploying with Maven..." - # Build and deploy with explicit keyname - mvn -B clean deploy -Dgpg.passphrase="${GPG_PASSPHRASE}" -Dgpg.keyname=FBA828E595188169 \ No newline at end of file + # Build and deploy + mvn -B clean deploy -Dgpg.passphrase="${GPG_PASSPHRASE}" -Dgpg.keyname="${GPG_KEY_NAME}" \ No newline at end of file From 673e64a39ada1f186a957a5b00cc07634a2f9a1e Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sun, 13 Apr 2025 16:23:56 -0400 Subject: [PATCH 38/53] last --- .github/workflows/maven-publish.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/maven-publish.yml b/.github/workflows/maven-publish.yml index a9369dc..34a322d 100644 --- a/.github/workflows/maven-publish.yml +++ b/.github/workflows/maven-publish.yml @@ -38,12 +38,14 @@ jobs: # List imported keys for debugging gpg --list-secret-keys --keyid-format LONG + # Export the key ID to be used later + echo "GPG_KEY_ID=FBA828E595188169" >> $GITHUB_ENV + - name: Build and Publish package env: MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} - GPG_KEY_NAME: ${{ secrets.GPG_KEY_NAME }} run: | # Create Maven settings mkdir -p ~/.m2 @@ -68,6 +70,7 @@ jobs: gpg ${GPG_PASSPHRASE} + FBA828E595188169 @@ -80,5 +83,5 @@ jobs: # Print debug info echo "Maven settings created. Deploying with Maven..." - # Build and deploy - mvn -B clean deploy -Dgpg.passphrase="${GPG_PASSPHRASE}" -Dgpg.keyname="${GPG_KEY_NAME}" \ No newline at end of file + # Build and deploy with explicit keyname + mvn -B clean deploy -Dgpg.passphrase="${GPG_PASSPHRASE}" -Dgpg.keyname=FBA828E595188169 \ No newline at end of file From 09403123bec2ed1a12ea177b9074d1057935df06 Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sun, 13 Apr 2025 16:50:06 -0400 Subject: [PATCH 39/53] Update version in pom.xml to 0.1.5 and modify GitHub Actions workflow to include manual trigger for Maven publishing, enhancing flexibility in deployment processes. --- .github/workflows/maven-publish.yml | 74 +++++------------------------ pom.xml | 2 +- 2 files changed, 12 insertions(+), 64 deletions(-) diff --git a/.github/workflows/maven-publish.yml b/.github/workflows/maven-publish.yml index 34a322d..cd0fae4 100644 --- a/.github/workflows/maven-publish.yml +++ b/.github/workflows/maven-publish.yml @@ -1,9 +1,9 @@ name: Publish to Maven Central on: - workflow_dispatch: # Manual trigger release: - types: [created] # Trigger on new release + types: [created] + workflow_dispatch: pull_request: branches: [ main ] @@ -18,70 +18,18 @@ jobs: with: java-version: '17' distribution: 'temurin' - server-id: central - server-username: ${{ secrets.MAVEN_USERNAME }} - server-password: ${{ secrets.MAVEN_PASSWORD }} + cache: maven - name: Import GPG Key - run: | - # Setup GPG directory permissions - mkdir -p ~/.gnupg/ - chmod 700 ~/.gnupg/ - - # Configure GPG for non-interactive use - echo "allow-loopback-pinentry" > ~/.gnupg/gpg-agent.conf - echo "pinentry-mode loopback" > ~/.gnupg/gpg.conf - - # Save and import the GPG key - echo "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --batch --import - - # List imported keys for debugging - gpg --list-secret-keys --keyid-format LONG - - # Export the key ID to be used later - echo "GPG_KEY_ID=FBA828E595188169" >> $GITHUB_ENV - - - name: Build and Publish package + uses: crazy-max/ghaction-import-gpg@v5 + with: + gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.GPG_PASSPHRASE }} + + - name: Publish to Maven Central env: MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} - run: | - # Create Maven settings - mkdir -p ~/.m2 - - # Ensure settings.xml has proper configurations - cat > ~/.m2/settings.xml << EOF - - - - central - ${MAVEN_USERNAME} - ${MAVEN_PASSWORD} - - - gpg.passphrase - ${GPG_PASSPHRASE} - - - - - gpg - - gpg - ${GPG_PASSPHRASE} - FBA828E595188169 - - - - - gpg - - - EOF - - # Print debug info - echo "Maven settings created. Deploying with Maven..." - - # Build and deploy with explicit keyname - mvn -B clean deploy -Dgpg.passphrase="${GPG_PASSPHRASE}" -Dgpg.keyname=FBA828E595188169 \ No newline at end of file + GPG_KEY_NAME: ${{ secrets.GPG_KEY_NAME }} + run: mvn -B clean deploy -s .mvn/settings.xml \ No newline at end of file diff --git a/pom.xml b/pom.xml index 7f24127..020a618 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.notificationapi notificationapi-java-server-sdk - 0.1.3 + 0.1.5 jar From d2f601c1176f2c05583338bc18a6b53a9246744a Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sun, 13 Apr 2025 16:52:36 -0400 Subject: [PATCH 40/53] Enhance GitHub Actions workflow for Maven publishing by adding a debugging step to list GPG keys and configuring the Maven deploy command to explicitly use the GPG key name and passphrase. This improves clarity and security in the deployment process. --- .github/workflows/maven-publish.yml | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/.github/workflows/maven-publish.yml b/.github/workflows/maven-publish.yml index cd0fae4..19e0500 100644 --- a/.github/workflows/maven-publish.yml +++ b/.github/workflows/maven-publish.yml @@ -20,16 +20,27 @@ jobs: distribution: 'temurin' cache: maven - - name: Import GPG Key + - name: Import GPG key uses: crazy-max/ghaction-import-gpg@v5 with: gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} passphrase: ${{ secrets.GPG_PASSPHRASE }} + - name: List GPG keys (for debugging) + run: gpg --list-secret-keys --keyid-format LONG + - name: Publish to Maven Central env: MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} GPG_KEY_NAME: ${{ secrets.GPG_KEY_NAME }} - run: mvn -B clean deploy -s .mvn/settings.xml \ No newline at end of file + GPG_TTY: /dev/null + run: | + gpg --version + # Configure Maven to use specific GPG key and loopback pinentry + echo "Running maven deploy with explicit GPG configuration" + mvn -B clean deploy -s .mvn/settings.xml \ + -Dgpg.passphrase=${{ secrets.GPG_PASSPHRASE }} \ + -Dgpg.keyname=${{ secrets.GPG_KEY_NAME }} \ + -X \ No newline at end of file From f924568eeaa0a06fd6cc0983d8b343fc15ec62f0 Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sun, 13 Apr 2025 23:32:14 -0400 Subject: [PATCH 41/53] Update version in pom.xml to 0.1.9, add settings.xml for Maven server configurations, and remove deprecated GitHub Actions workflow for Maven publishing. This enhances deployment security and streamlines the configuration process. --- .github/workflows/maven-publish.yml | 46 ----------------------------- .github/workflows/pull-request.yml | 12 +------- pom.xml | 6 +++- .mvn/settings.xml => settings.xml | 0 4 files changed, 6 insertions(+), 58 deletions(-) delete mode 100644 .github/workflows/maven-publish.yml rename .mvn/settings.xml => settings.xml (100%) diff --git a/.github/workflows/maven-publish.yml b/.github/workflows/maven-publish.yml deleted file mode 100644 index 19e0500..0000000 --- a/.github/workflows/maven-publish.yml +++ /dev/null @@ -1,46 +0,0 @@ -name: Publish to Maven Central - -on: - release: - types: [created] - workflow_dispatch: - pull_request: - branches: [ main ] - -jobs: - publish: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - - name: Set up JDK 17 - uses: actions/setup-java@v3 - with: - java-version: '17' - distribution: 'temurin' - cache: maven - - - name: Import GPG key - uses: crazy-max/ghaction-import-gpg@v5 - with: - gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} - passphrase: ${{ secrets.GPG_PASSPHRASE }} - - - name: List GPG keys (for debugging) - run: gpg --list-secret-keys --keyid-format LONG - - - name: Publish to Maven Central - env: - MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} - MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} - GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} - GPG_KEY_NAME: ${{ secrets.GPG_KEY_NAME }} - GPG_TTY: /dev/null - run: | - gpg --version - # Configure Maven to use specific GPG key and loopback pinentry - echo "Running maven deploy with explicit GPG configuration" - mvn -B clean deploy -s .mvn/settings.xml \ - -Dgpg.passphrase=${{ secrets.GPG_PASSPHRASE }} \ - -Dgpg.keyname=${{ secrets.GPG_KEY_NAME }} \ - -X \ No newline at end of file diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index c53fa87..a298fb9 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -18,21 +18,11 @@ jobs: distribution: 'temurin' cache: maven - - name: Import GPG key - id: import_gpg - uses: crazy-max/ghaction-import-gpg@v5 - with: - gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} - passphrase: ${{ secrets.GPG_PASSPHRASE }} - - - name: Debug - Check GPG key - run: gpg --list-secret-keys - name: Build and Publish with Maven env: MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} - GPG_KEY_NAME: ${{ steps.import_gpg.outputs.keyid }} run: | - mvn -e -q clean deploy -s .mvn/settings.xml -Dgpg.passphrase=${{ secrets.GPG_PASSPHRASE }} -Dgpg.keyname=${{ steps.import_gpg.outputs.keyid }} + export MAVEN_USERNAME=${{ secrets.MAVEN_USERNAME}} && export MAVEN_PASSWORD="${{ secrets.MAVEN_PASSWORD}}" && export GPG_PASSPHRASE=${{ secrets.GPG_PASSPHRASE }} && export GPG_KEY_NAME=${{ secrets.GPG_KEY_NAME }} && mvn clean deploy -Dgpg.passphrase=${{secrets.GPG_PASSPHRASE}} diff --git a/pom.xml b/pom.xml index 020a618..4050c8a 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.notificationapi notificationapi-java-server-sdk - 0.1.5 + 0.1.9 jar @@ -152,6 +152,10 @@ true central + + ${env.MAVEN_USERNAME} + ${env.MAVEN_PASSWORD} + true published diff --git a/.mvn/settings.xml b/settings.xml similarity index 100% rename from .mvn/settings.xml rename to settings.xml From e786b1f26862131f2d816cf7353053d9cb73b63b Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sun, 13 Apr 2025 23:35:04 -0400 Subject: [PATCH 42/53] Update GitHub Actions workflow to include GPG key name in environment variables for Maven deployment, enhancing security and ensuring correct key usage during the build process. --- .github/workflows/pull-request.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index a298fb9..61c04b5 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -24,5 +24,6 @@ jobs: MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} + GPG_KEY_NAME: ${{secrets.GPG_KEY_NAME}} run: | export MAVEN_USERNAME=${{ secrets.MAVEN_USERNAME}} && export MAVEN_PASSWORD="${{ secrets.MAVEN_PASSWORD}}" && export GPG_PASSPHRASE=${{ secrets.GPG_PASSPHRASE }} && export GPG_KEY_NAME=${{ secrets.GPG_KEY_NAME }} && mvn clean deploy -Dgpg.passphrase=${{secrets.GPG_PASSPHRASE}} From 4c1ac3da85ba5c977ec7d19bfde9c14a5890ee82 Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sun, 13 Apr 2025 23:38:12 -0400 Subject: [PATCH 43/53] Add GPG key import step to GitHub Actions workflow for Maven deployment, enhancing security by ensuring the key is available during the build process. --- .github/workflows/pull-request.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 61c04b5..dd72020 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -18,6 +18,10 @@ jobs: distribution: 'temurin' cache: maven + - name: Import GPG key + run: | + echo "${{ secrets.GPG_PRIVATE_KEY }}" | base64 --decode | gpg --batch --import + gpg --list-secret-keys --keyid-format LONG - name: Build and Publish with Maven env: From 1c44a68a6004684fc9a67ba67ac2224f426277e7 Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sun, 13 Apr 2025 23:39:49 -0400 Subject: [PATCH 44/53] Refactor GPG key import process in GitHub Actions workflow by creating a dedicated GPG directory, writing the key to a file, and cleaning up after import. This enhances security and maintains a clean environment during the build process. --- .github/workflows/pull-request.yml | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index dd72020..13abc39 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -20,7 +20,20 @@ jobs: - name: Import GPG key run: | - echo "${{ secrets.GPG_PRIVATE_KEY }}" | base64 --decode | gpg --batch --import + # Setup GPG directory + mkdir -p ~/.gnupg + chmod 700 ~/.gnupg + + # Write key to file + echo "${{ secrets.GPG_PRIVATE_KEY }}" > ~/private.key + + # Import the key + gpg --batch --import ~/private.key + + # Clean up + rm ~/private.key + + # List imported keys gpg --list-secret-keys --keyid-format LONG - name: Build and Publish with Maven From 133abda11ef22ed1b1e554f8481c818d8f7c4ec1 Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sun, 13 Apr 2025 23:49:48 -0400 Subject: [PATCH 45/53] remove signing --- pom.xml | 24 ------------------------ 1 file changed, 24 deletions(-) diff --git a/pom.xml b/pom.xml index 4050c8a..a0cccd8 100644 --- a/pom.xml +++ b/pom.xml @@ -96,30 +96,6 @@ - - - org.apache.maven.plugins - maven-gpg-plugin - 3.1.0 - - - sign-artifacts - verify - - sign - - - gpg.passphrase - - --pinentry-mode - loopback - --digest-algo - SHA512 - - - - - From 3760d54c9a6c7627973ba0ae13d6aaf999698aa8 Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sun, 13 Apr 2025 23:52:53 -0400 Subject: [PATCH 46/53] Add GPG signing configuration to pom.xml and update GitHub Actions workflow to create settings.xml for Maven deployment. This enhances security by managing GPG credentials and ensuring proper signing of artifacts during the build process. --- .github/workflows/pull-request.yml | 41 +++++++++++++++++++++++++++++- pom.xml | 24 +++++++++++++++++ 2 files changed, 64 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 13abc39..f5247c9 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -43,4 +43,43 @@ jobs: GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} GPG_KEY_NAME: ${{secrets.GPG_KEY_NAME}} run: | - export MAVEN_USERNAME=${{ secrets.MAVEN_USERNAME}} && export MAVEN_PASSWORD="${{ secrets.MAVEN_PASSWORD}}" && export GPG_PASSPHRASE=${{ secrets.GPG_PASSPHRASE }} && export GPG_KEY_NAME=${{ secrets.GPG_KEY_NAME }} && mvn clean deploy -Dgpg.passphrase=${{secrets.GPG_PASSPHRASE}} + # Create settings.xml file + mkdir -p ~/.m2 + cat > ~/.m2/settings.xml << EOF + + + + + central + \${env.MAVEN_USERNAME} + \${env.MAVEN_PASSWORD} + + + gpg.passphrase + \${env.GPG_PASSPHRASE} + + + + + gpg + + \${env.GPG_KEY_NAME} + \${env.GPG_PASSPHRASE} + + + + + gpg + + + EOF + + # Set environment variables and run Maven + export MAVEN_USERNAME=${{ secrets.MAVEN_USERNAME }} + export MAVEN_PASSWORD="${{ secrets.MAVEN_PASSWORD }}" + export GPG_PASSPHRASE=${{ secrets.GPG_PASSPHRASE }} + export GPG_KEY_NAME=${{ secrets.GPG_KEY_NAME }} + + mvn clean deploy --settings ~/.m2/settings.xml diff --git a/pom.xml b/pom.xml index a0cccd8..4050c8a 100644 --- a/pom.xml +++ b/pom.xml @@ -96,6 +96,30 @@ + + + org.apache.maven.plugins + maven-gpg-plugin + 3.1.0 + + + sign-artifacts + verify + + sign + + + gpg.passphrase + + --pinentry-mode + loopback + --digest-algo + SHA512 + + + + + From d5888f7e4f3a5eff398eac959b4a71b70b97e5e0 Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sun, 13 Apr 2025 23:56:51 -0400 Subject: [PATCH 47/53] Adding verification that the key is properly imported before trying to use it --- .github/workflows/pull-request.yml | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index f5247c9..609fb84 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -33,8 +33,11 @@ jobs: # Clean up rm ~/private.key - # List imported keys + # List imported keys and save the key ID gpg --list-secret-keys --keyid-format LONG + # Verify the key is available with the correct ID + echo "Verifying key availability with ID: ${{ secrets.GPG_KEY_NAME }}" + gpg --list-secret-keys ${{ secrets.GPG_KEY_NAME }} - name: Build and Publish with Maven env: @@ -67,6 +70,7 @@ jobs: \${env.GPG_KEY_NAME} \${env.GPG_PASSPHRASE} + gpg @@ -76,10 +80,14 @@ jobs: EOF - # Set environment variables and run Maven + # Debug GPG configuration + echo "Configured GPG key: $GPG_KEY_NAME" + gpg --list-keys $GPG_KEY_NAME + + # Set environment variables and run Maven with debug for GPG export MAVEN_USERNAME=${{ secrets.MAVEN_USERNAME }} export MAVEN_PASSWORD="${{ secrets.MAVEN_PASSWORD }}" export GPG_PASSPHRASE=${{ secrets.GPG_PASSPHRASE }} export GPG_KEY_NAME=${{ secrets.GPG_KEY_NAME }} - mvn clean deploy --settings ~/.m2/settings.xml + mvn clean deploy -Dgpg.keyname=$GPG_KEY_NAME -Dgpg.passphrase=$GPG_PASSPHRASE --settings ~/.m2/settings.xml From 2dbc422d0404dc40be42c0d1423b7d53c0c601c0 Mon Sep 17 00:00:00 2001 From: mbasadi Date: Sun, 13 Apr 2025 23:59:45 -0400 Subject: [PATCH 48/53] Refactor GPG key handling in GitHub Actions workflow to extract and use the key ID instead of the key name. This improves clarity and ensures the correct key is utilized during the Maven deployment process. --- .github/workflows/pull-request.yml | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 609fb84..9f93f26 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -33,18 +33,16 @@ jobs: # Clean up rm ~/private.key - # List imported keys and save the key ID - gpg --list-secret-keys --keyid-format LONG - # Verify the key is available with the correct ID - echo "Verifying key availability with ID: ${{ secrets.GPG_KEY_NAME }}" - gpg --list-secret-keys ${{ secrets.GPG_KEY_NAME }} + # Extract key ID from the imported key + GPG_KEY_ID=$(gpg --list-secret-keys --keyid-format LONG | grep sec | awk '{print $2}' | cut -d'/' -f2) + echo "Imported GPG key ID: $GPG_KEY_ID" + echo "GPG_KEY_ID=$GPG_KEY_ID" >> $GITHUB_ENV - name: Build and Publish with Maven env: MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} - GPG_KEY_NAME: ${{secrets.GPG_KEY_NAME}} run: | # Create settings.xml file mkdir -p ~/.m2 @@ -68,7 +66,7 @@ jobs: gpg - \${env.GPG_KEY_NAME} + \${env.GPG_KEY_ID} \${env.GPG_PASSPHRASE} gpg @@ -81,13 +79,12 @@ jobs: EOF # Debug GPG configuration - echo "Configured GPG key: $GPG_KEY_NAME" - gpg --list-keys $GPG_KEY_NAME + echo "Using GPG key ID: $GPG_KEY_ID" + gpg --list-keys $GPG_KEY_ID # Set environment variables and run Maven with debug for GPG export MAVEN_USERNAME=${{ secrets.MAVEN_USERNAME }} export MAVEN_PASSWORD="${{ secrets.MAVEN_PASSWORD }}" export GPG_PASSPHRASE=${{ secrets.GPG_PASSPHRASE }} - export GPG_KEY_NAME=${{ secrets.GPG_KEY_NAME }} - mvn clean deploy -Dgpg.keyname=$GPG_KEY_NAME -Dgpg.passphrase=$GPG_PASSPHRASE --settings ~/.m2/settings.xml + mvn clean deploy -Dgpg.keyname=$GPG_KEY_ID -Dgpg.passphrase=$GPG_PASSPHRASE --settings ~/.m2/settings.xml From 02b9b04f0b258d6c6ffb32d6446f679c12c529fe Mon Sep 17 00:00:00 2001 From: mbasadi Date: Mon, 14 Apr 2025 00:07:45 -0400 Subject: [PATCH 49/53] Add central profile to Maven settings in GitHub Actions workflow for improved credential management during deployment. This change activates the central profile by default and includes username and password properties for enhanced security. --- .github/workflows/pull-request.yml | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 9f93f26..75f9ae5 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -71,9 +71,20 @@ jobs: gpg + + central + + true + + + \${env.MAVEN_USERNAME} + \${env.MAVEN_PASSWORD} + + gpg + central EOF @@ -87,4 +98,4 @@ jobs: export MAVEN_PASSWORD="${{ secrets.MAVEN_PASSWORD }}" export GPG_PASSPHRASE=${{ secrets.GPG_PASSPHRASE }} - mvn clean deploy -Dgpg.keyname=$GPG_KEY_ID -Dgpg.passphrase=$GPG_PASSPHRASE --settings ~/.m2/settings.xml + mvn clean deploy -Dgpg.keyname=$GPG_KEY_ID -Dgpg.passphrase=$GPG_PASSPHRASE -Dcentral.username=$MAVEN_USERNAME -Dcentral.password=$MAVEN_PASSWORD --settings ~/.m2/settings.xml From d752dd0ee4c36452b8dad9a1f2b25fa8f097be46 Mon Sep 17 00:00:00 2001 From: mbasadi Date: Mon, 14 Apr 2025 00:21:20 -0400 Subject: [PATCH 50/53] Update version to 0.1.10 in pom.xml and modify GitHub Actions workflow to use OSSRH credentials for Maven deployment, enhancing security and aligning with updated credential management practices. --- .github/workflows/pull-request.yml | 18 +++++++++--------- pom.xml | 2 +- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 75f9ae5..1524ed2 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -40,8 +40,8 @@ jobs: - name: Build and Publish with Maven env: - MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} - MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} + OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }} + OSSRH_TOKEN: ${{ secrets.OSSRH_TOKEN }} GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} run: | # Create settings.xml file @@ -54,8 +54,8 @@ jobs: central - \${env.MAVEN_USERNAME} - \${env.MAVEN_PASSWORD} + \${env.OSSRH_USERNAME} + \${env.OSSRH_TOKEN} gpg.passphrase @@ -77,8 +77,8 @@ jobs: true - \${env.MAVEN_USERNAME} - \${env.MAVEN_PASSWORD} + \${env.OSSRH_USERNAME} + \${env.OSSRH_TOKEN} @@ -94,8 +94,8 @@ jobs: gpg --list-keys $GPG_KEY_ID # Set environment variables and run Maven with debug for GPG - export MAVEN_USERNAME=${{ secrets.MAVEN_USERNAME }} - export MAVEN_PASSWORD="${{ secrets.MAVEN_PASSWORD }}" + export OSSRH_USERNAME=${{ secrets.OSSRH_USERNAME }} + export OSSRH_TOKEN="${{ secrets.OSSRH_TOKEN }}" export GPG_PASSPHRASE=${{ secrets.GPG_PASSPHRASE }} - mvn clean deploy -Dgpg.keyname=$GPG_KEY_ID -Dgpg.passphrase=$GPG_PASSPHRASE -Dcentral.username=$MAVEN_USERNAME -Dcentral.password=$MAVEN_PASSWORD --settings ~/.m2/settings.xml + mvn clean deploy -Dgpg.keyname=$GPG_KEY_ID -Dgpg.passphrase=$GPG_PASSPHRASE -Dcentral.username=$OSSRH_USERNAME -Dcentral.password=$OSSRH_TOKEN --settings ~/.m2/settings.xml diff --git a/pom.xml b/pom.xml index 4050c8a..0b71877 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.notificationapi notificationapi-java-server-sdk - 0.1.9 + 0.1.10 jar From bd0ff09d4cf796ccc50d738a238ca674e7c0d6b5 Mon Sep 17 00:00:00 2001 From: mbasadi Date: Mon, 14 Apr 2025 00:27:00 -0400 Subject: [PATCH 51/53] Update version to 0.1.11 in pom.xml to reflect the latest release. --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 0b71877..0efd762 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.notificationapi notificationapi-java-server-sdk - 0.1.10 + 0.1.11 jar From 5a3910bb9f84ba0794f5d2a85d369e64691de450 Mon Sep 17 00:00:00 2001 From: mbasadi Date: Mon, 14 Apr 2025 00:29:59 -0400 Subject: [PATCH 52/53] Update version to 0.1.12 in pom.xml and modify GitHub Actions workflows to use JDK 17. Refactor build steps to include testing, code style checks, and Javadoc generation, enhancing the CI process. --- .github/workflows/publish.yml | 161 +++++++++++++++-------------- .github/workflows/pull-request.yml | 112 +++++--------------- pom.xml | 2 +- 3 files changed, 108 insertions(+), 167 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 608dc14..caa974b 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -7,96 +7,97 @@ on: types: [created] jobs: - publish: + build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - - name: Set up JDK 11 + + - name: Set up JDK 17 uses: actions/setup-java@v3 with: - java-version: '11' + java-version: '17' distribution: 'temurin' - cache: 'maven' - server-id: ossrh - server-username: ${{ secrets.OSSRH_USERNAME }} - server-password: ${{ secrets.OSSRH_TOKEN }} - gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} - gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }} - settings-path: ${{ github.workspace }} - - - name: Set Version - id: set_version - uses: actions/github-script@v4 - if: github.event_name == 'release' - with: - script: | - const noRef = context.ref.replace('refs/tags/', '') - const noPrefix = noRef.replace('v', '') - core.setOutput('version', noPrefix) - - - name: Build with Maven - run: mvn -B package --file pom.xml - - - name: Run tests - run: mvn -B test --file pom.xml - - - name: Check code style - run: mvn -B checkstyle:check --file pom.xml - - - name: Generate Javadoc - run: mvn -B javadoc:javadoc --file pom.xml - - - name: Publish to Maven Central - run: | - if [ "${{ github.event_name }}" == "release" ]; then - mvn --batch-mode versions:set -DnewVersion=${{ steps.set_version.outputs.version }} - fi - mvn --batch-mode deploy -P release - env: - MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} - MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} - MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} + cache: maven - - name: Wait for Maven Central Sync - if: github.event_name == 'release' + - name: Import GPG key run: | - echo "Waiting for artifacts to sync to Maven Central..." - # Wait for up to 30 minutes (180 * 10 seconds) - for i in {1..180}; do - STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://repo1.maven.org/maven2/com/notificationapi/notificationapi-java-server-sdk/${{ steps.set_version.outputs.version }}/) - if [ $STATUS -eq 200 ]; then - echo "✅ Artifacts found in Maven Central!" - break - fi - echo "Attempt $i: Artifacts not yet available (status: $STATUS). Waiting 10 seconds..." - sleep 10 - done - if [ $STATUS -ne 200 ]; then - echo "❌ Timeout waiting for artifacts to appear in Maven Central" - exit 1 - fi + # Setup GPG directory + mkdir -p ~/.gnupg + chmod 700 ~/.gnupg + + # Write key to file + echo "${{ secrets.GPG_PRIVATE_KEY }}" > ~/private.key + + # Import the key + gpg --batch --import ~/private.key + + # Clean up + rm ~/private.key + + # Extract key ID from the imported key + GPG_KEY_ID=$(gpg --list-secret-keys --keyid-format LONG | grep sec | awk '{print $2}' | cut -d'/' -f2) + echo "Imported GPG key ID: $GPG_KEY_ID" + echo "GPG_KEY_ID=$GPG_KEY_ID" >> $GITHUB_ENV - - name: Verify Maven Central Artifacts - if: github.event_name == 'release' + - name: Build and Publish with Maven + env: + OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }} + OSSRH_TOKEN: ${{ secrets.OSSRH_TOKEN }} + GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} run: | - VERSION=${{ steps.set_version.outputs.version }} - BASE_URL="https://repo1.maven.org/maven2/com/notificationapi/notificationapi-java-server-sdk/$VERSION/notificationapi-java-server-sdk-$VERSION" + # Create settings.xml file + mkdir -p ~/.m2 + cat > ~/.m2/settings.xml << EOF + + + + + central + \${env.OSSRH_USERNAME} + \${env.OSSRH_TOKEN} + + + gpg.passphrase + \${env.GPG_PASSPHRASE} + + + + + gpg + + \${env.GPG_KEY_ID} + \${env.GPG_PASSPHRASE} + gpg + + + + central + + true + + + \${env.OSSRH_USERNAME} + \${env.OSSRH_TOKEN} + + + + + gpg + central + + + EOF - # List of expected files - FILES=(".jar" ".jar.asc" ".pom" ".pom.asc" "-javadoc.jar" "-javadoc.jar.asc" "-sources.jar" "-sources.jar.asc") + # Debug GPG configuration + echo "Using GPG key ID: $GPG_KEY_ID" + gpg --list-keys $GPG_KEY_ID - echo "Verifying all artifacts for version $VERSION..." - for FILE in "${FILES[@]}"; do - URL="$BASE_URL$FILE" - HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" $URL) - if [ $HTTP_CODE -eq 200 ]; then - echo "✅ Found $FILE" - else - echo "❌ Missing $FILE (HTTP $HTTP_CODE)" - exit 1 - fi - done - echo "✅ All required artifacts verified in Maven Central!" - + # Set environment variables and run Maven with debug for GPG + export OSSRH_USERNAME=${{ secrets.OSSRH_USERNAME }} + export OSSRH_TOKEN="${{ secrets.OSSRH_TOKEN }}" + export GPG_PASSPHRASE=${{ secrets.GPG_PASSPHRASE }} + + mvn clean deploy -Dgpg.keyname=$GPG_KEY_ID -Dgpg.passphrase=$GPG_PASSPHRASE -Dcentral.username=$OSSRH_USERNAME -Dcentral.password=$OSSRH_TOKEN --settings ~/.m2/settings.xml diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 1524ed2..46ae5a6 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -1,4 +1,4 @@ -name: Pull Request CI +name: Pull Request Pipeline on: pull_request: @@ -7,95 +7,35 @@ on: jobs: build: runs-on: ubuntu-latest + strategy: + matrix: + java: [ '11', '17' ] steps: - uses: actions/checkout@v3 - - - name: Set up JDK 17 + + - name: Set up JDK ${{ matrix.java }} uses: actions/setup-java@v3 with: - java-version: '17' + java-version: ${{ matrix.java }} distribution: 'temurin' - cache: maven - - - name: Import GPG key - run: | - # Setup GPG directory - mkdir -p ~/.gnupg - chmod 700 ~/.gnupg - - # Write key to file - echo "${{ secrets.GPG_PRIVATE_KEY }}" > ~/private.key - - # Import the key - gpg --batch --import ~/private.key - - # Clean up - rm ~/private.key - - # Extract key ID from the imported key - GPG_KEY_ID=$(gpg --list-secret-keys --keyid-format LONG | grep sec | awk '{print $2}' | cut -d'/' -f2) - echo "Imported GPG key ID: $GPG_KEY_ID" - echo "GPG_KEY_ID=$GPG_KEY_ID" >> $GITHUB_ENV - - - name: Build and Publish with Maven - env: - OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }} - OSSRH_TOKEN: ${{ secrets.OSSRH_TOKEN }} - GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} - run: | - # Create settings.xml file - mkdir -p ~/.m2 - cat > ~/.m2/settings.xml << EOF - - - - - central - \${env.OSSRH_USERNAME} - \${env.OSSRH_TOKEN} - - - gpg.passphrase - \${env.GPG_PASSPHRASE} - - - - - gpg - - \${env.GPG_KEY_ID} - \${env.GPG_PASSPHRASE} - gpg - - - - central - - true - - - \${env.OSSRH_USERNAME} - \${env.OSSRH_TOKEN} - - - - - gpg - central - - - EOF - - # Debug GPG configuration - echo "Using GPG key ID: $GPG_KEY_ID" - gpg --list-keys $GPG_KEY_ID - - # Set environment variables and run Maven with debug for GPG - export OSSRH_USERNAME=${{ secrets.OSSRH_USERNAME }} - export OSSRH_TOKEN="${{ secrets.OSSRH_TOKEN }}" - export GPG_PASSPHRASE=${{ secrets.GPG_PASSPHRASE }} + cache: 'maven' + server-id: central + server-username: ${{ secrets.OSSRH_USERNAME }} + server-password: ${{ secrets.OSSRH_TOKEN }} + gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} + gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }} + settings-path: ${{ github.workspace }} - mvn clean deploy -Dgpg.keyname=$GPG_KEY_ID -Dgpg.passphrase=$GPG_PASSPHRASE -Dcentral.username=$OSSRH_USERNAME -Dcentral.password=$OSSRH_TOKEN --settings ~/.m2/settings.xml + - name: Build with Maven + run: mvn -B package --file pom.xml + + - name: Run tests + run: mvn -B test --file pom.xml + + - name: Check code style + run: mvn -B checkstyle:check --file pom.xml + + - name: Generate Javadoc + run: mvn -B javadoc:javadoc --file pom.xml + \ No newline at end of file diff --git a/pom.xml b/pom.xml index 0efd762..bcdf63c 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.notificationapi notificationapi-java-server-sdk - 0.1.11 + 0.1.12 jar From bda2043a4ccae168f93dff5f15397b1259f5d1f3 Mon Sep 17 00:00:00 2001 From: mbasadi Date: Mon, 14 Apr 2025 00:42:47 -0400 Subject: [PATCH 53/53] Update Maven compiler source and target versions to 11 in pom.xml, aligning with project requirements. --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index bcdf63c..b96f11d 100644 --- a/pom.xml +++ b/pom.xml @@ -15,8 +15,8 @@ https://github.com/notificationapi-com/notificationapi-java-server-sdk - 17 - 17 + 11 + 11 UTF-8