diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a1f7fe9..653203d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -176,6 +176,18 @@ jobs: echo "Generated POM content:" cat ~/.m2/repository/me/id/auth/android-auth-sample-code/$RELEASE_VERSION/android-auth-sample-code-$RELEASE_VERSION.pom + - name: Publish to Maven Central (Sonatype OSSRH) + env: + SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }} + SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }} + SIGNING_KEY_ID: ${{ secrets.SIGNING_KEY_ID }} + SIGNING_KEY: ${{ secrets.SIGNING_KEY }} + SIGNING_PASSWORD: ${{ secrets.SIGNING_PASSWORD }} + run: | + ./gradlew :sdk:publishReleasePublicationToSonatypeRepository \ + closeAndReleaseSonatypeStagingRepository \ + -PreleaseVersion=$RELEASE_VERSION + - name: Create Git tag run: | git config user.name "github-actions[bot]" @@ -208,6 +220,10 @@ jobs: echo "### Maven Coordinates" >> $GITHUB_STEP_SUMMARY echo "\`me.id.auth:android-auth-sample-code:$RELEASE_VERSION\`" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY + echo "### Published To" >> $GITHUB_STEP_SUMMARY + echo "- GitHub Packages: https://github.com/IDme/android-auth-sample-code/packages" >> $GITHUB_STEP_SUMMARY + echo "- Maven Central: https://central.sonatype.com/artifact/me.id.auth/android-auth-sample-code" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY echo "### Verification" >> $GITHUB_STEP_SUMMARY echo "\`\`\`bash" >> $GITHUB_STEP_SUMMARY echo "gh attestation verify android-auth-sample-code-$RELEASE_VERSION.aar --repo IDme/android-auth-sample-code" >> $GITHUB_STEP_SUMMARY diff --git a/.github/workflows/secure-pipeline-ast.yml b/.github/workflows/secure-pipeline-ast.yml new file mode 100644 index 0000000..a698535 --- /dev/null +++ b/.github/workflows/secure-pipeline-ast.yml @@ -0,0 +1,18 @@ +name: Secure Pipeline | AST + +on: + push: + pull_request: + types: + - opened + - reopened + - synchronize + - ready_for_review + - converted_to_draft + schedule: + - cron: '0 8 * * *' # 3am EST (UTC-5) + +jobs: + execute: + uses: IDme/workflow-library/.github/workflows/secure-pipeline-ast.yml@7a259bb101fd4f20d7cd0137c1f99e8d60af0859 + secrets: inherit diff --git a/build.gradle.kts b/build.gradle.kts index 59573f4..b6fae28 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -1,3 +1,5 @@ +import io.github.gradlenexus.publishplugin.NexusPublishExtension + buildscript { repositories { google() @@ -8,5 +10,20 @@ buildscript { classpath("com.android.tools.build:gradle:8.2.2") classpath("org.jetbrains.kotlin:kotlin-gradle-plugin:1.9.22") classpath("org.jetbrains.kotlin:kotlin-serialization:1.9.22") + classpath("org.jetbrains.dokka:dokka-gradle-plugin:1.9.20") + classpath("io.github.gradle-nexus:publish-plugin:2.0.0") + } +} + +apply(plugin = "io.github.gradle-nexus.publish-plugin") + +configure { + repositories { + sonatype { + nexusUrl.set(uri("https://s01.oss.sonatype.org/service/local/")) + snapshotRepositoryUrl.set(uri("https://s01.oss.sonatype.org/content/repositories/snapshots/")) + username.set(findProperty("sonatypeUsername")?.toString() ?: System.getenv("SONATYPE_USERNAME")) + password.set(findProperty("sonatypePassword")?.toString() ?: System.getenv("SONATYPE_PASSWORD")) + } } } diff --git a/sdk/build.gradle.kts b/sdk/build.gradle.kts index 3c79c8a..4947444 100644 --- a/sdk/build.gradle.kts +++ b/sdk/build.gradle.kts @@ -1,11 +1,14 @@ import com.android.build.gradle.LibraryExtension import org.gradle.api.publish.PublishingExtension import org.gradle.api.publish.maven.MavenPublication +import org.gradle.plugins.signing.SigningExtension apply(plugin = "com.android.library") apply(plugin = "kotlin-android") apply(plugin = "kotlinx-serialization") apply(plugin = "maven-publish") +apply(plugin = "signing") +apply(plugin = "org.jetbrains.dokka") version = findProperty("releaseVersion")?.toString() ?: "1.0.0" @@ -48,6 +51,17 @@ tasks.withType { } } +val sourcesJar by tasks.registering(Jar::class) { + archiveClassifier.set("sources") + from("src/main/java", "src/main/kotlin") +} + +val javadocJar by tasks.registering(Jar::class) { + archiveClassifier.set("javadoc") + dependsOn(tasks.named("dokkaJavadoc")) + from(tasks.named("dokkaJavadoc").map { it.outputs.files }) +} + dependencies { "implementation"("org.jetbrains.kotlinx:kotlinx-coroutines-android:1.7.3") "implementation"("org.jetbrains.kotlinx:kotlinx-serialization-json:1.6.2") @@ -68,11 +82,36 @@ afterEvaluate { version = project.version.toString() from(components["release"]) + artifact(sourcesJar) + artifact(javadocJar) pom { name.set("ID.me Auth Sample Code") description.set("ID.me Android Auth Sample Code SDK") + url.set("https://github.com/IDme/android-auth-sample-code") packaging = "aar" + + licenses { + license { + name.set("MIT License") + url.set("https://opensource.org/licenses/MIT") + distribution.set("repo") + } + } + + developers { + developer { + id.set("idme") + name.set("ID.me") + email.set("engineering@id.me") + } + } + + scm { + connection.set("scm:git:git://github.com/IDme/android-auth-sample-code.git") + developerConnection.set("scm:git:ssh://github.com/IDme/android-auth-sample-code.git") + url.set("https://github.com/IDme/android-auth-sample-code") + } } } } @@ -81,4 +120,15 @@ afterEvaluate { mavenLocal() } } + + configure { + val signingKeyId = findProperty("signingKeyId")?.toString() ?: System.getenv("SIGNING_KEY_ID") + val signingKey = findProperty("signingKey")?.toString() ?: System.getenv("SIGNING_KEY") + val signingPassword = findProperty("signingPassword")?.toString() ?: System.getenv("SIGNING_PASSWORD") + + if (!signingKey.isNullOrBlank() && !signingPassword.isNullOrBlank()) { + useInMemoryPgpKeys(signingKeyId, signingKey, signingPassword) + sign(extensions.getByType().publications["release"]) + } + } }