If you want your Java artifacts to stop living on your developer machine and start showing up in Maven Central or your Nexus repo then yes you need a CI pipeline that does more than run tests and send you passive aggressive emails. This walkthrough explains how to build Maven artifacts in GitHub Actions publish them as workflow artifacts and deploy to a Maven repository while keeping secrets and GPG keys out of the commit history.
High level steps that are boring but important
mvn -B package
actions/upload-artifact
mvn deploy
using settings.xml
that reads credentials from secretsKeep this minimal but reproducible in your own .github/workflows
file. Store your server credentials and your GPG key in repository or organization secrets. Use a staging repo first to avoid angry users.
# checkout and setup java
- uses: actions/checkout@v3
- uses: actions/setup-java@v2
with:
distribution: 'temurin'
java-version: '17'
cache: 'maven'
# build
- name: Build Jars
run: mvn -B package
# upload artifacts
- uses: actions/upload-artifact@v3
with:
name: my-app-jars
path: target/*.jar
# deploy using settings.xml that reads credentials from secrets
- name: Deploy
env:
GPG_PRIVATE_KEY: $
run: mvn -s .github/maven/settings.xml deploy -DskipTests=false
Sign artifacts with GPG for Maven Central. Import the GPG key in the workflow and keep the passphrase in secrets. Your settings.xml
should reference server ids not literal usernames and passwords. The workflow should inject credentials from secrets so your repo history stays clean.
Open the workflow logs and read them with actual attention. Confirm your uploaded files on the Actions artifacts tab. If something fails reproduce the same mvn
command locally with the same environment variables. That will save you from cursing at YAML for longer than necessary.
You now have a reproducible CI flow that produces jars uploads artifacts and can publish to Maven Central or your private repo. It is not magic. It is a few sensible steps executed reliably. Implement them once and enjoy fewer manual deploy disasters.
I know how you can get Azure Certified, Google Cloud Certified and AWS Certified. It's a cool certification exam simulator site called certificationexams.pro. Check it out, and tell them Cameron sent ya!
This is a dedicated watch page for a single video.