From b4e784bf52d8d1d4632f340f5e1bb12cdbf701de Mon Sep 17 00:00:00 2001 From: matthewtoma-idme Date: Wed, 1 Apr 2026 11:16:30 -0700 Subject: [PATCH 1/7] Add Maven publish config and release workflow for GitHub Packages Enables publishing the auth sample SDK as a Maven artifact (me.id.auth:idme-auth-sample) to GitHub Packages via a manual workflow_dispatch trigger with version input. Co-Authored-By: Claude Opus 4.6 (1M context) --- .github/workflows/release.yml | 141 ++++++++++++++++++++++++++++++++++ sdk/build.gradle.kts | 38 +++++++++ 2 files changed, 179 insertions(+) create mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..ba87b7c --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,141 @@ +name: Release Auth Sample + +on: + workflow_dispatch: + inputs: + version: + description: 'SDK Version (semver, e.g., 1.0.0 or 1.0.0-beta.1)' + required: true + type: string + draft: + description: 'Make draft release' + required: false + type: boolean + default: false + +env: + GITHUB_ACTOR: 'service-idme-github' + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + +jobs: + release: + runs-on: ubuntu-latest + permissions: + contents: write + packages: write + steps: + - name: Checkout code + uses: actions/checkout@v5 + with: + fetch-depth: 0 + + - name: Set up JDK 17 + uses: actions/setup-java@v5 + with: + java-version: '17' + distribution: 'temurin' + + - name: Setup Android SDK + uses: android-actions/setup-android@v3 + with: + cmdline-tools-version: 12266719 + + - name: Set up Gradle + uses: gradle/actions/setup-gradle@v5 + + - name: Set release version + run: | + RELEASE_VERSION="${{ inputs.version }}" + echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_ENV + echo "Release version: $RELEASE_VERSION" + + - name: Validate version format + run: | + if [[ ! "$RELEASE_VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.-]+)?$ ]]; then + echo "Invalid version format. Use semantic versioning (e.g., 1.0.0 or 1.0.0-beta.1)" + exit 1 + fi + echo "Version format is valid: $RELEASE_VERSION" + + - name: Check if tag already exists + run: | + if git rev-parse "v$RELEASE_VERSION" >/dev/null 2>&1; then + echo "Tag v$RELEASE_VERSION already exists!" + exit 1 + fi + echo "Tag v$RELEASE_VERSION is available" + + - name: Update version in build.gradle.kts + run: | + sed -i "s/^version = \".*\"/version = \"$RELEASE_VERSION\"/" sdk/build.gradle.kts + echo "Updated version in sdk/build.gradle.kts:" + grep '^version = ' sdk/build.gradle.kts + + - name: Build release AAR + run: ./gradlew :sdk:assembleRelease + + - name: Build Maven artifacts locally + run: ./gradlew :sdk:publishReleasePublicationToMavenLocalRepository + + - name: Publish Maven artifacts to GitHub Packages + run: ./gradlew :sdk:publishReleasePublicationToGitHubPackagesRepository + + - name: Display Maven artifacts + continue-on-error: true + run: | + echo "Maven artifacts in local repository:" + ls -la ~/.m2/repository/me/id/auth/idme-auth-sample/$RELEASE_VERSION/ + echo "" + echo "Generated POM content:" + cat ~/.m2/repository/me/id/auth/idme-auth-sample/$RELEASE_VERSION/idme-auth-sample-$RELEASE_VERSION.pom + + - name: Create Git tag + run: | + git config user.name "github-actions[bot]" + git config user.email "41898282+github-actions[bot]@users.noreply.github.com" + + if ! git diff --quiet HEAD -- sdk/build.gradle.kts; then + git add sdk/build.gradle.kts + git commit -m "Release v$RELEASE_VERSION" + fi + + git tag -a "v$RELEASE_VERSION" -m "Auth Sample Code v$RELEASE_VERSION" + git push origin "v$RELEASE_VERSION" + + - name: Create GitHub Release + uses: softprops/action-gh-release@v2 + with: + tag_name: v${{ env.RELEASE_VERSION }} + name: Auth Sample Code v${{ env.RELEASE_VERSION }} + files: sdk/build/outputs/aar/sdk-release.aar + draft: ${{ inputs.draft }} + make_latest: ${{ !inputs.draft }} + + - name: Release Summary + run: | + echo "**Auth Sample Code v$RELEASE_VERSION Released!**" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "### Release Details" >> $GITHUB_STEP_SUMMARY + echo "- **Version:** $RELEASE_VERSION" >> $GITHUB_STEP_SUMMARY + echo "- **Tag:** v$RELEASE_VERSION" >> $GITHUB_STEP_SUMMARY + echo "- **Draft:** ${{ inputs.draft }}" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "### Maven Coordinates" >> $GITHUB_STEP_SUMMARY + echo "\`me.id.auth:idme-auth-sample:$RELEASE_VERSION\`" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "### Consumer Usage" >> $GITHUB_STEP_SUMMARY + echo "\`\`\`kotlin" >> $GITHUB_STEP_SUMMARY + echo "repositories {" >> $GITHUB_STEP_SUMMARY + echo " maven {" >> $GITHUB_STEP_SUMMARY + echo " url = uri(\"https://maven.pkg.github.com/IDme/android-auth-sample-code\")" >> $GITHUB_STEP_SUMMARY + echo " credentials {" >> $GITHUB_STEP_SUMMARY + echo " username = \"GITHUB_USERNAME\"" >> $GITHUB_STEP_SUMMARY + echo " password = \"GITHUB_TOKEN\"" >> $GITHUB_STEP_SUMMARY + echo " }" >> $GITHUB_STEP_SUMMARY + echo " }" >> $GITHUB_STEP_SUMMARY + echo "}" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "dependencies {" >> $GITHUB_STEP_SUMMARY + echo " implementation(\"me.id.auth:idme-auth-sample:$RELEASE_VERSION\")" >> $GITHUB_STEP_SUMMARY + echo "}" >> $GITHUB_STEP_SUMMARY + echo "\`\`\`" >> $GITHUB_STEP_SUMMARY diff --git a/sdk/build.gradle.kts b/sdk/build.gradle.kts index 248087d..4e3f41e 100644 --- a/sdk/build.gradle.kts +++ b/sdk/build.gradle.kts @@ -3,6 +3,9 @@ import com.android.build.gradle.LibraryExtension apply(plugin = "com.android.library") apply(plugin = "kotlin-android") apply(plugin = "kotlinx-serialization") +apply(plugin = "maven-publish") + +version = "1.0.0" configure { namespace = "com.idme.auth" @@ -33,6 +36,8 @@ configure { testOptions { unitTests.isReturnDefaultValues = true } + + publishing { singleVariant("release") } } tasks.withType { @@ -51,3 +56,36 @@ dependencies { "testImplementation"("junit:junit:4.13.2") "testImplementation"("org.jetbrains.kotlinx:kotlinx-coroutines-test:1.7.3") } + +afterEvaluate { + publishing { + publications { + register("release") { + groupId = "me.id.auth" + artifactId = "idme-auth-sample" + version = project.version.toString() + + from(components["release"]) + + pom { + name.set("ID.me Auth Sample Code") + description.set("ID.me Android Auth Sample Code SDK") + packaging = "aar" + } + } + } + + repositories { + mavenLocal() + + maven { + name = "GitHubPackages" + url = uri("https://maven.pkg.github.com/IDme/android-auth-sample-code") + credentials { + username = System.getenv("GITHUB_ACTOR") + password = System.getenv("GITHUB_TOKEN") + } + } + } + } +} From a1f9e588227a72e79b697e16cffd3ce46bec0ebf Mon Sep 17 00:00:00 2001 From: matthewtoma-idme Date: Wed, 1 Apr 2026 11:52:41 -0700 Subject: [PATCH 2/7] Add CI build workflow and release workflow for GitHub Packages - CI build workflow runs on PRs and master pushes (assembleRelease + tests) - Release workflow: manual dispatch with version input, builds AAR, publishes to GitHub Packages, creates git tag and GitHub Release - Uses default GITHUB_TOKEN (all operations within same public repo) Co-Authored-By: Claude Opus 4.6 (1M context) --- .github/workflows/build.yml | 34 ++++++++++++++++++++++++++++++++++ .github/workflows/release.yml | 2 +- 2 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/build.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..c505480 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,34 @@ +name: Build + +on: + push: + branches: [master] + pull_request: + branches: [master] + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v5 + + - name: Set up JDK 17 + uses: actions/setup-java@v5 + with: + java-version: '17' + distribution: 'temurin' + + - name: Setup Android SDK + uses: android-actions/setup-android@v3 + with: + cmdline-tools-version: 12266719 + + - name: Set up Gradle + uses: gradle/actions/setup-gradle@v5 + + - name: Build release AAR + run: ./gradlew :sdk:assembleRelease + + - name: Run tests + run: ./gradlew :sdk:test diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ba87b7c..d904575 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -14,7 +14,7 @@ on: default: false env: - GITHUB_ACTOR: 'service-idme-github' + GITHUB_ACTOR: ${{ github.actor }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} jobs: From a29dd5e67a60b0641736f52ee2eeb47a4e0a4b24 Mon Sep 17 00:00:00 2001 From: matthewtoma-idme Date: Wed, 1 Apr 2026 12:03:33 -0700 Subject: [PATCH 3/7] Fix Gradle DSL compatibility for legacy apply() plugin style Use configure and MavenPublication::class syntax instead of type-safe accessors which require the plugins {} block. Co-Authored-By: Claude Opus 4.6 (1M context) --- sdk/build.gradle.kts | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/sdk/build.gradle.kts b/sdk/build.gradle.kts index 4e3f41e..e9bc9d3 100644 --- a/sdk/build.gradle.kts +++ b/sdk/build.gradle.kts @@ -1,4 +1,6 @@ import com.android.build.gradle.LibraryExtension +import org.gradle.api.publish.PublishingExtension +import org.gradle.api.publish.maven.MavenPublication apply(plugin = "com.android.library") apply(plugin = "kotlin-android") @@ -58,9 +60,9 @@ dependencies { } afterEvaluate { - publishing { + configure { publications { - register("release") { + register("release", MavenPublication::class) { groupId = "me.id.auth" artifactId = "idme-auth-sample" version = project.version.toString() From 6a3373c41fc04c40ff6c90f13f2fda3453a49c36 Mon Sep 17 00:00:00 2001 From: matthewtoma-idme Date: Wed, 1 Apr 2026 12:19:02 -0700 Subject: [PATCH 4/7] Add build attestation for Maven artifact signing Uses GitHub's attest-build-provenance action (same pattern as publish-public-artifact.yml) to provide Sigstore-based proof that artifacts were built by the IDme org. Co-Authored-By: Claude Opus 4.6 (1M context) --- .github/workflows/release.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d904575..71e724a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -23,6 +23,8 @@ jobs: permissions: contents: write packages: write + id-token: write + attestations: write steps: - name: Checkout code uses: actions/checkout@v5 @@ -80,6 +82,13 @@ jobs: - name: Publish Maven artifacts to GitHub Packages run: ./gradlew :sdk:publishReleasePublicationToGitHubPackagesRepository + - name: Generate build attestation + uses: actions/attest-build-provenance@v3 + with: + subject-path: | + sdk/build/outputs/aar/sdk-release.aar + ~/.m2/repository/me/id/auth/idme-auth-sample/${{ env.RELEASE_VERSION }}/* + - name: Display Maven artifacts continue-on-error: true run: | From abe460d1b83bb493cd73c16d94bec98fb6c5e136 Mon Sep 17 00:00:00 2001 From: matthewtoma-idme Date: Wed, 1 Apr 2026 14:40:53 -0700 Subject: [PATCH 5/7] Address security review feedback for release workflow - Inline attestation with separate release asset and Maven artifact attestations, matching publish-public-artifact.yml capabilities - Attestation bundle uploaded to GitHub Release for consumer verification - Attestation bundle (.intoto.jsonl) deployed alongside Maven artifacts - GITHUB_TOKEN scoped to step-level env only where needed - Version passed as Gradle property (-Pversion) instead of sed mutation - Maven publish via curl with individual artifact upload (POM, AAR, module metadata, attestation bundle) Co-Authored-By: Claude Opus 4.6 (1M context) --- .github/workflows/release.yml | 145 ++++++++++++++++++++++++---------- sdk/build.gradle.kts | 2 +- 2 files changed, 106 insertions(+), 41 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 71e724a..10b396c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,13 +13,11 @@ on: type: boolean default: false -env: - GITHUB_ACTOR: ${{ github.actor }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - jobs: release: runs-on: ubuntu-latest + # TODO: Add `environment: release` after testing, then create the environment + # in repo Settings > Environments with "Protected branches only" deployment policy permissions: contents: write packages: write @@ -67,27 +65,108 @@ jobs: fi echo "Tag v$RELEASE_VERSION is available" - - name: Update version in build.gradle.kts - run: | - sed -i "s/^version = \".*\"/version = \"$RELEASE_VERSION\"/" sdk/build.gradle.kts - echo "Updated version in sdk/build.gradle.kts:" - grep '^version = ' sdk/build.gradle.kts - - name: Build release AAR - run: ./gradlew :sdk:assembleRelease + run: ./gradlew :sdk:assembleRelease -Pversion=$RELEASE_VERSION - name: Build Maven artifacts locally - run: ./gradlew :sdk:publishReleasePublicationToMavenLocalRepository + run: ./gradlew :sdk:publishReleasePublicationToMavenLocalRepository -Pversion=$RELEASE_VERSION - - name: Publish Maven artifacts to GitHub Packages - run: ./gradlew :sdk:publishReleasePublicationToGitHubPackagesRepository + # --- Attestation: release assets --- + - name: Generate release asset attestation + uses: actions/attest-build-provenance@v3 + id: release-attest + with: + subject-path: sdk/build/outputs/aar/sdk-release.aar - - name: Generate build attestation + # --- Attestation: Maven artifacts --- + - name: Generate Maven artifact attestation uses: actions/attest-build-provenance@v3 + id: maven-attest with: - subject-path: | - sdk/build/outputs/aar/sdk-release.aar - ~/.m2/repository/me/id/auth/idme-auth-sample/${{ env.RELEASE_VERSION }}/* + subject-path: ~/.m2/repository/me/id/auth/idme-auth-sample/${{ env.RELEASE_VERSION }}/* + + - name: Save attestation bundle alongside Maven artifacts + run: | + ATTESTATION_BUNDLE_PATH="${{ steps.maven-attest.outputs.bundle-path }}" + MAVEN_DIR=~/.m2/repository/me/id/auth/idme-auth-sample/$RELEASE_VERSION + if [[ -f "$ATTESTATION_BUNDLE_PATH" ]]; then + cp "$ATTESTATION_BUNDLE_PATH" "$MAVEN_DIR/idme-auth-sample-${RELEASE_VERSION}.intoto.jsonl" + echo "Saved attestation bundle as idme-auth-sample-${RELEASE_VERSION}.intoto.jsonl" + fi + + # --- Publish Maven artifacts + attestation to GitHub Packages --- + - name: Publish Maven artifacts to GitHub Packages + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + GROUP_ID="me.id.auth" + ARTIFACT_ID="idme-auth-sample" + VERSION="$RELEASE_VERSION" + GROUP_PATH=$(echo "$GROUP_ID" | tr '.' '/') + GITHUB_URL="https://maven.pkg.github.com/IDme/android-auth-sample-code" + + echo "========================================" + echo "Deploying Maven Package" + echo "========================================" + echo "Coordinates: ${GROUP_ID}:${ARTIFACT_ID}:${VERSION}" + echo "URL: ${GITHUB_URL}" + echo "========================================" + + MAVEN_DIR=~/.m2/repository/${GROUP_PATH}/${ARTIFACT_ID}/${VERSION} + cd "$MAVEN_DIR" + + upload_file() { + local file="$1" + local remote_path="$2" + local url="${GITHUB_URL}/${GROUP_PATH}/${ARTIFACT_ID}/${VERSION}/${remote_path}" + + echo "Uploading: $file -> $remote_path" + response=$(curl -s -w "\n%{http_code}" \ + -X PUT \ + -H "Authorization: Bearer ${GITHUB_TOKEN}" \ + -H "Content-Type: application/octet-stream" \ + --data-binary "@${file}" \ + "$url") + + http_code=$(echo "$response" | tail -n1) + if [ "$http_code" -ge 200 ] && [ "$http_code" -lt 300 ]; then + echo " Success (HTTP $http_code)" + return 0 + else + echo " Failed (HTTP $http_code)" + body=$(echo "$response" | sed '$d') + echo " Response: $body" + return 1 + fi + } + + # Deploy POM + if ! upload_file "${ARTIFACT_ID}-${VERSION}.pom" "${ARTIFACT_ID}-${VERSION}.pom"; then + echo "Error: Failed to deploy POM" + exit 1 + fi + + # Deploy AAR + if ! upload_file "${ARTIFACT_ID}-${VERSION}.aar" "${ARTIFACT_ID}-${VERSION}.aar"; then + echo "Error: Failed to deploy AAR" + exit 1 + fi + + # Deploy module metadata if exists + if [[ -f "${ARTIFACT_ID}-${VERSION}.module" ]]; then + upload_file "${ARTIFACT_ID}-${VERSION}.module" "${ARTIFACT_ID}-${VERSION}.module" || \ + echo "Warning: Failed to deploy module metadata (non-critical)" + fi + + # Deploy attestation bundle if exists + if [[ -f "${ARTIFACT_ID}-${VERSION}.intoto.jsonl" ]]; then + upload_file "${ARTIFACT_ID}-${VERSION}.intoto.jsonl" "${ARTIFACT_ID}-${VERSION}.intoto.jsonl" || \ + echo "Warning: Failed to deploy attestation bundle (non-critical)" + fi + + echo "========================================" + echo "Maven package deployed successfully!" + echo "========================================" - name: Display Maven artifacts continue-on-error: true @@ -102,21 +181,19 @@ jobs: run: | git config user.name "github-actions[bot]" git config user.email "41898282+github-actions[bot]@users.noreply.github.com" - - if ! git diff --quiet HEAD -- sdk/build.gradle.kts; then - git add sdk/build.gradle.kts - git commit -m "Release v$RELEASE_VERSION" - fi - git tag -a "v$RELEASE_VERSION" -m "Auth Sample Code v$RELEASE_VERSION" git push origin "v$RELEASE_VERSION" - name: Create GitHub Release + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} uses: softprops/action-gh-release@v2 with: tag_name: v${{ env.RELEASE_VERSION }} name: Auth Sample Code v${{ env.RELEASE_VERSION }} - files: sdk/build/outputs/aar/sdk-release.aar + files: | + sdk/build/outputs/aar/sdk-release.aar + ${{ steps.release-attest.outputs.bundle-path }} draft: ${{ inputs.draft }} make_latest: ${{ !inputs.draft }} @@ -132,19 +209,7 @@ jobs: echo "### Maven Coordinates" >> $GITHUB_STEP_SUMMARY echo "\`me.id.auth:idme-auth-sample:$RELEASE_VERSION\`" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY - echo "### Consumer Usage" >> $GITHUB_STEP_SUMMARY - echo "\`\`\`kotlin" >> $GITHUB_STEP_SUMMARY - echo "repositories {" >> $GITHUB_STEP_SUMMARY - echo " maven {" >> $GITHUB_STEP_SUMMARY - echo " url = uri(\"https://maven.pkg.github.com/IDme/android-auth-sample-code\")" >> $GITHUB_STEP_SUMMARY - echo " credentials {" >> $GITHUB_STEP_SUMMARY - echo " username = \"GITHUB_USERNAME\"" >> $GITHUB_STEP_SUMMARY - echo " password = \"GITHUB_TOKEN\"" >> $GITHUB_STEP_SUMMARY - echo " }" >> $GITHUB_STEP_SUMMARY - echo " }" >> $GITHUB_STEP_SUMMARY - echo "}" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "dependencies {" >> $GITHUB_STEP_SUMMARY - echo " implementation(\"me.id.auth:idme-auth-sample:$RELEASE_VERSION\")" >> $GITHUB_STEP_SUMMARY - echo "}" >> $GITHUB_STEP_SUMMARY + echo "### Verification" >> $GITHUB_STEP_SUMMARY + echo "\`\`\`bash" >> $GITHUB_STEP_SUMMARY + echo "gh attestation verify idme-auth-sample-$RELEASE_VERSION.aar --repo IDme/android-auth-sample-code" >> $GITHUB_STEP_SUMMARY echo "\`\`\`" >> $GITHUB_STEP_SUMMARY diff --git a/sdk/build.gradle.kts b/sdk/build.gradle.kts index e9bc9d3..43c8938 100644 --- a/sdk/build.gradle.kts +++ b/sdk/build.gradle.kts @@ -7,7 +7,7 @@ apply(plugin = "kotlin-android") apply(plugin = "kotlinx-serialization") apply(plugin = "maven-publish") -version = "1.0.0" +version = findProperty("version")?.toString() ?: "1.0.0" configure { namespace = "com.idme.auth" From a428fabd34bd9377f7faaa0ef43cd234cad687b1 Mon Sep 17 00:00:00 2001 From: matthewtoma-idme Date: Wed, 1 Apr 2026 15:44:22 -0700 Subject: [PATCH 6/7] Remove unused GitHubPackages repository from build.gradle.kts Maven publish to GitHub Packages is now handled via curl in the release workflow. Only mavenLocal() is needed for staging artifacts. Co-Authored-By: Claude Opus 4.6 (1M context) --- sdk/build.gradle.kts | 9 --------- 1 file changed, 9 deletions(-) diff --git a/sdk/build.gradle.kts b/sdk/build.gradle.kts index 43c8938..0f3dff5 100644 --- a/sdk/build.gradle.kts +++ b/sdk/build.gradle.kts @@ -79,15 +79,6 @@ afterEvaluate { repositories { mavenLocal() - - maven { - name = "GitHubPackages" - url = uri("https://maven.pkg.github.com/IDme/android-auth-sample-code") - credentials { - username = System.getenv("GITHUB_ACTOR") - password = System.getenv("GITHUB_TOKEN") - } - } } } } From 6a3dfa2ad000239936f96ea15ddff24700ee359b Mon Sep 17 00:00:00 2001 From: matthewtoma-idme Date: Wed, 1 Apr 2026 15:47:11 -0700 Subject: [PATCH 7/7] Use custom releaseVersion property to avoid Gradle built-in collision findProperty('version') returns 'unspecified' by default in Gradle. Using 'releaseVersion' as a custom property name avoids this issue. Workflow passes -PreleaseVersion, build.gradle.kts falls back to 1.0.0 for local dev and CI builds. Co-Authored-By: Claude Opus 4.6 (1M context) --- .github/workflows/release.yml | 4 ++-- sdk/build.gradle.kts | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 10b396c..57e2a34 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -66,10 +66,10 @@ jobs: echo "Tag v$RELEASE_VERSION is available" - name: Build release AAR - run: ./gradlew :sdk:assembleRelease -Pversion=$RELEASE_VERSION + run: ./gradlew :sdk:assembleRelease -PreleaseVersion=$RELEASE_VERSION - name: Build Maven artifacts locally - run: ./gradlew :sdk:publishReleasePublicationToMavenLocalRepository -Pversion=$RELEASE_VERSION + run: ./gradlew :sdk:publishReleasePublicationToMavenLocalRepository -PreleaseVersion=$RELEASE_VERSION # --- Attestation: release assets --- - name: Generate release asset attestation diff --git a/sdk/build.gradle.kts b/sdk/build.gradle.kts index 0f3dff5..482136a 100644 --- a/sdk/build.gradle.kts +++ b/sdk/build.gradle.kts @@ -7,7 +7,7 @@ apply(plugin = "kotlin-android") apply(plugin = "kotlinx-serialization") apply(plugin = "maven-publish") -version = findProperty("version")?.toString() ?: "1.0.0" +version = findProperty("releaseVersion")?.toString() ?: "1.0.0" configure { namespace = "com.idme.auth"