Skip to content

Commit 493b299

Browse files
nicklaslnicklasl
committed
build: experimenting -- do not merge
1 parent 1ea86ea commit 493b299

File tree

2 files changed

+76
-4
lines changed

2 files changed

+76
-4
lines changed

.github/workflows/secrets-testing.yml

Lines changed: 51 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,51 @@
1+
name: Secrets Testing
2+
3+
on:
4+
push:
5+
branches: [main,build-secrets-testing]
6+
pull_request:
7+
workflow_dispatch:
8+
9+
permissions:
10+
contents: read
11+
packages: write
12+
13+
jobs:
14+
secrets-testing:
15+
name: Secrets Testing
16+
runs-on: ubuntu-latest
17+
steps:
18+
- name: Checkout
19+
uses: actions/checkout@v4
20+
21+
- name: Set up Docker Buildx
22+
uses: docker/setup-buildx-action@v3
23+
24+
- name: Construct Maven settings file
25+
run: |
26+
cat > /tmp/maven_settings.xml <<'EOF'
27+
<?xml version="1.0" encoding="UTF-8"?>
28+
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
29+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
30+
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
31+
http://maven.apache.org/xsd/settings-1.0.0.xsd">
32+
<servers>
33+
<server>
34+
<id>central</id>
35+
<username>${{ secrets.MAVEN_USERNAME }}</username>
36+
<password>${{ secrets.MAVEN_PASSWORD }}</password>
37+
</server>
38+
</servers>
39+
</settings>
40+
EOF
41+
42+
- name: Publish Java package with Docker
43+
uses: docker/build-push-action@v6
44+
with:
45+
context: .
46+
target: openfeature-provider-java.install
47+
cache-from: type=registry,ref=ghcr.io/${{ github.repository }}/cache:main
48+
secrets: |
49+
maven_settings=/tmp/maven_settings.xml
50+
gpg_private_key=${{ secrets.GPG_PRIVATE_KEY }}
51+
gpg_pass=${{ secrets.SIGN_KEY_PASS }}

Dockerfile

Lines changed: 25 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -416,6 +416,15 @@ FROM openfeature-provider-js.test AS openfeature-provider-js.test_e2e
416416
RUN --mount=type=secret,id=js_e2e_test_env,target=.env.test \
417417
make test-e2e
418418

419+
# ==============================================================================
420+
# Test Secrets
421+
# ==============================================================================
422+
FROM alpine AS secrets-testing.print
423+
424+
# Never do this at home kids!
425+
RUN --mount=type=secret,id=test_secret,target=/run/secrets/secret.txt \
426+
cp /run/secrets/secret.txt /secret.txt
427+
419428
# ==============================================================================
420429
# Build OpenFeature Provider
421430
# ==============================================================================
@@ -485,19 +494,31 @@ FROM openfeature-provider-java-base AS openfeature-provider-java.build
485494

486495
RUN make build
487496

497+
# ==============================================================================
498+
# Publish OpenFeature Provider (Java) to Maven Central
499+
# ==============================================================================
500+
FROM openfeature-provider-java.build AS openfeature-provider-java.install
501+
502+
# Import GPG private key and deploy to Maven Central
503+
RUN --mount=type=secret,id=maven_settings \
504+
--mount=type=secret,id=gpg_private_key \
505+
--mount=type=secret,id=gpg_pass,env=MAVEN_GPG_PASSPHRASE \
506+
gpg --batch --quiet --import /run/secrets/gpg_private_key && \
507+
mvn -s /run/secrets/maven_settings --batch-mode install
508+
488509
# ==============================================================================
489510
# Publish OpenFeature Provider (Java) to Maven Central
490511
# ==============================================================================
491512
FROM openfeature-provider-java.build AS openfeature-provider-java.publish
492513

493514
# Import GPG private key and deploy to Maven Central
494-
RUN --mount=type=secret,id=maven_settings,target=/root/.m2/settings.xml \
515+
RUN --mount=type=secret,id=maven_settings \
495516
--mount=type=secret,id=gpg_private_key \
496517
--mount=type=secret,id=gpg_pass \
497-
# Import GPG key
498-
cat /run/secrets/gpg_private_key | gpg --batch --import && \
518+
cat /run/secrets/gpg_private_key | gpg --batch --quiet --import && \
519+
export MAVEN_GPG_PASSPHRASE=$(cat /run/secrets/gpg_pass) && \
499520
# Deploy to Maven Central
500-
mvn -Dgpg.passphrase="$(cat /run/secrets/gpg_pass)" --batch-mode deploy
521+
mvn -s /run/secrets/maven_settings -Dgpg.passphrase="$(cat /run/secrets/gpg_pass)" --batch-mode deploy
501522

502523
# ==============================================================================
503524
# All - Build and validate everything (default target)

0 commit comments

Comments
 (0)