fix: add GITHUB_TOKEN to env variables #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Maven Snapshot | ||
| on: | ||
| workflow_call: | ||
| inputs: | ||
| JAVA_VERSION: | ||
| required: false | ||
| type: string | ||
| default: '21' | ||
| description: 'Java version to use for build' | ||
| MAVEN_REPO_SERVER_ID: | ||
| required: true | ||
| type: string | ||
| description: 'Server ID in Maven settings.xml' | ||
| secrets: | ||
| VAULT_ADDR: | ||
| required: true | ||
| CI_SECRET_READER_PERIODIC_TOKEN: | ||
| required: true | ||
| VAULTCA: | ||
| required: true | ||
| SLACK_WEBHOOK_URL: | ||
| required: true | ||
| GITHUB_TOKEN: | ||
| required: true | ||
| jobs: | ||
| deploy: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - name: Install SSH key | ||
| uses: webfactory/[email protected] | ||
| with: | ||
| ssh-private-key: ${{ secrets.GITHUB_TOKEN }} | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
| ssh-key: ${{ secrets.GITHUB_TOKEN }} | ||
| - name: Set up JDK | ||
| uses: actions/setup-java@v4 | ||
| with: | ||
| java-version: ${{ inputs.JAVA_VERSION }} | ||
| distribution: 'temurin' | ||
| cache: maven | ||
| - name: Fetch Vault Secrets | ||
| uses: hashicorp/vault-action@v3 | ||
| with: | ||
| url: ${{ secrets.VAULT_ADDR }} | ||
| token: ${{ secrets.CI_SECRET_READER_PERIODIC_TOKEN }} | ||
| caCertificate: ${{ secrets.VAULTCA }} | ||
| secrets: | | ||
| ci/data/gh-workflows/maven-danubetech-nexus username | MAVEN_USERNAME ; | ||
| ci/data/gh-workflows/maven-danubetech-nexus password | MAVEN_PASSWORD | ||
| - name: Configure Maven Settings | ||
| run: | | ||
| mkdir -p ~/.m2 | ||
| cat > ~/.m2/settings.xml << EOF | ||
| <settings> | ||
| <servers> | ||
| <server> | ||
| <id>${{ inputs.MAVEN_REPO_SERVER_ID }}</id> | ||
| <username>${{ env.MAVEN_USERNAME }}</username> | ||
| <password>${{ env.MAVEN_PASSWORD }}</password> | ||
| </server> | ||
| </servers> | ||
| </settings> | ||
| EOF | ||
| - name: Build and Deploy with Maven | ||
| run: mvn --batch-mode -U deploy | ||
| - name: Slack notification | ||
| if: failure() | ||
| uses: 8398a7/action-slack@v3 | ||
| with: | ||
| status: ${{ job.status }} | ||
| fields: repo,commit,action,eventName,ref,workflow | ||
| env: | ||
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | ||
