release.yml

name: Release

on:
  push:
    branches:
      - master
  workflow_dispatch:
    inputs:
      gradle_args:
        description: "Extra Gradle args for the release run, for example: --stacktrace --debug"
        required: false
        default: ""
        type: string

permissions:
  contents: write
  packages: write

concurrency:
  group: release-master
  cancel-in-progress: false

jobs:
  release:
    runs-on: ubuntu-latest
    if: >
      github.event_name != 'push' ||
      (
        github.actor != 'github-actions[bot]' &&
        !contains(github.event.head_commit.message, '[Gradle Release Plugin]')
      )

    env:
      GRADLE_OPTS: -Dorg.gradle.daemon=false
      EXTRA_GRADLE_ARGS: ${{ github.event.inputs.gradle_args || '' }}

    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          token: ${{ secrets.RELEASE_GITHUB_TOKEN }}

      - name: Set up JDK 17
        uses: actions/setup-java@v4
        with:
          distribution: temurin
          java-version: "17"

      - name: Set up Gradle
        uses: gradle/actions/setup-gradle@v4
        with:
          cache-read-only: false

      - name: Configure git
        run: |
          git config user.name "github-actions[bot]"
          git config user.email "github-actions[bot]@users.noreply.github.com"

      - name: Write signing key
        env:
          SIGNING_KEY_ASC: ${{ secrets.SIGNING_KEY_ASC }}
        run: |
          printf '%s' "$SIGNING_KEY_ASC" > "$RUNNER_TEMP/signing-key.asc"

      - name: Run release
        env:
          OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }}
          OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
          SIGNING_KEY_FILE: ${{ runner.temp }}/signing-key.asc
          SIGNING_KEY_PASSWORD: ${{ secrets.SIGNING_KEY_PASSWORD }}
        run: |
          ./gradlew --no-configuration-cache release $EXTRA_GRADLE_ARGS