refactor: reuse publish workflow #365
Conversation
|
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
There was a problem hiding this comment.
Pull Request Overview
This PR refactors the GitHub Packages publishing workflow to be reusable and integrates it into the release pipeline. It eliminates duplicate deployment logic by making the publish workflow callable from other workflows.
- Makes the GitHub Packages workflow reusable by adding
workflow_calltrigger - Updates release workflow to call the reusable publish workflow instead of duplicating deployment logic
- Adds documentation showing how to invoke the reusable workflow
Reviewed Changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
.github/workflows/publish-github-packages.yml |
Adds workflow_call trigger and GPG support for reusable publishing |
.github/workflows/release.yml |
Removes duplicate deployment logic and calls reusable publish workflow |
README.md |
Documents how to invoke the reusable publish workflow |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| -DaltDeploymentRepository=github::default::https://maven.pkg.github.com/${{ github.repository }} | ||
| run: | | ||
| if [ -n "$GPG_PRIVATE_KEY" ]; then | ||
| ./mvnw -q -P release deploy -Dgpg.passphrase="$GPG_PASSPHRASE" \ |
There was a problem hiding this comment.
The GPG passphrase is passed as a command-line argument, which may be visible in process lists and logs. Consider using a more secure method like passing it through environment variables or using gpg-agent.
| ./mvnw -q -P release deploy -Dgpg.passphrase="$GPG_PASSPHRASE" \ | |
| # Use gpg-agent for signing, do not pass passphrase on command line | |
| ./mvnw -q -P release deploy \ |
Copilot uses AI. Check for mistakes.
| @@ -26,6 +37,17 @@ jobs: | |||
| server-id: github | |||
| server-username: ${{ github.actor }} | |||
| server-password: ${{ secrets.GITHUB_TOKEN }} | |||
| - name: Import GPG key | |||
| if: env.GPG_PRIVATE_KEY != '' | |||
There was a problem hiding this comment.
Using string comparison with an empty string is less robust than checking if the variable is defined. Consider using if: secrets.GPG_PRIVATE_KEY instead, which properly checks if the secret exists and has a value.
| if: env.GPG_PRIVATE_KEY != '' | |
| if: secrets.GPG_PRIVATE_KEY |
Copilot uses AI. Check for mistakes.
Summary
Testing
mvn -q verify(fails: Could not find a valid Docker environment)https://chatgpt.com/codex/tasks/task_b_689bb75116e4833198cbb6bf37ab33e9