fix: enable github actions

Signed-off-by: Phil Adams <[email protected]>

Author: padamstx

.github/workflows/build.yaml

@@ -0,0 +1,92 @@
+# This workflow will build and unit test the project.
+# If the workflow is running on the "main" branch, then
+# semantic-release is also run to create a new release (if
+# warranted by the new commits being built).
+
+name: Build/Test
+
+on:
+  push:
+    branches: [ '**' ]
+  pull_request:
+    branches: [ '**' ]
+  workflow_dispatch:
+    # Allow workflow to be triggered manually.
+
+jobs:
+  detect-secrets:
+    if: "!contains(github.event.head_commit.message, '[skip ci]')"
+    name: Detect-Secrets
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: 3.12
+
+      - name: Install detect-secrets
+        run: |
+          pip install --upgrade "git+https://github.com/ibm/detect-secrets.git@master#egg=detect-secrets"
+
+      - name: Run detect-secrets
+        run: |
+          detect-secrets scan --update .secrets.baseline
+          detect-secrets -v audit --report --fail-on-unaudited --fail-on-live --fail-on-audited-real .secrets.baseline
+
+  build:
+    needs: detect-secrets
+    name: Build/Test (Java ${{matrix.java-version}})
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        java-version: ['11', '17']
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Java ${{matrix.java-version}}
+        uses: actions/setup-java@v4 
+        with:
+          java-version: ${{matrix.java-version}}
+          distribution: 'adopt'
+          cache: 'maven'
+
+      - name: Build & Test
+        run: mvn -B clean package
+
+  create-release:
+    needs: build
+    name: Semantic-Release
+    if: "github.ref_name == 'main' && github.event_name != 'pull_request'"
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: 3.12
+
+      - name: Install Publishing Tools
+        run: |
+          pip install bump-my-version
+          npm install
+
+      - name: Run semantic-release
+        env:
+          GH_TOKEN: ${{ secrets.GH_TOKEN }}
+        run: npm run semantic-release

.github/workflows/publish.yaml

@@ -0,0 +1,61 @@
+# This workflow is responsible for:
+# - publishing artifacts to Maven Central
+# - building and publishing javadocs to the git repository.
+# It is triggered when a new release is created.
+
+name: Publish
+
+on:
+  release:
+    types: [created]
+  workflow_dispatch:
+    # Allow this workflow to be triggered manually
+
+jobs:
+  publish:
+    name: Publish Release
+    runs-on: ubuntu-latest
+ 
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - name: Setup Java
+        uses: actions/setup-java@v4
+        with:
+          java-version: 11
+          distribution: 'adopt'
+          cache: 'maven'
+          # Configure ~/.m2/settings.xml
+          server-id: ossrh
+          server-username: OSSRH_USERNAME
+          server-password: OSSRH_PASSWORD
+          # Import GPG key into build agent's local keystore
+          gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
+          gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }}
+
+      - name: Set artifact version to ${{ github.ref_name }}
+        run: mvn versions:set -DnewVersion=${{ github.ref_name}} -DgenerateBackupPoms=false
+
+      - name: Publish Javadocs
+        env:
+          GH_TOKEN: ${{ secrets.GH_TOKEN }}
+          GH_REPO_SLUG: ${{ github.repository }}
+          GH_TAG: ${{ github.ref_name}}
+        run: |
+          mvn clean javadoc:javadoc -B
+          build/publishJavadoc-gha.sh
+
+      - name: Publish to Maven Central
+        env:
+          OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+          OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
+          GPG_KEYNAME: ${{ secrets.GPG_KEYNAME }}
+          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+        run: |
+          echo "Publishing to maven central"
+          # build only the "verify" goal for now until we're brave enough to try to deploy to MC :)
+          mvn verify -B -DskipTests -P central
+          ls -al target

.secrets.baseline

@@ -3,7 +3,7 @@
     "files": "package-lock.json|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2024-10-01T20:10:03Z",
+  "generated_at": "2025-01-08T20:47:36Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -65,6 +65,16 @@
     }
   ],
   "results": {
+    ".github/workflows/publish.yaml": [
+      {
+        "hashed_secret": "87ddb19c18c56534a4011f47f38530f6df9a8a80",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 34,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
     "Authentication.md": [
       {
         "hashed_secret": "91dfd9ddb4198affc5c194cd8ce6d338fde470e2",
@@ -172,7 +182,7 @@
         "hashed_secret": "360c23c1ac7d9d6dad1d0710606b0df9de6e1a18",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 63,
+        "line_number": 61,
         "type": "Secret Keyword",
         "verified_result": null
       }

build/publishJavadoc-gha.sh

@@ -0,0 +1,35 @@
+#!/bin/bash
+
+# Required environment variables:
+# GH_TOKEN
+# GH_REPO_SLUG
+# GH_TAG
+
+printf "\n>>>>> Publishing javadoc for release build: repo=%s tag=%s\n" ${GH_REPO_SLUG} ${GH_TAG}
+
+printf "\n>>>>> Cloning repository's gh-pages branch into directory 'gh-pages'\n"
+rm -fr ./gh-pages
+git clone --branch=gh-pages https://${GH_TOKEN}@github.com/IBM/java-sdk-core.git gh-pages
+
+printf "\n>>>>> Finished cloning...\n"
+
+pushd gh-pages
+
+# Create a new directory for this branch/tag and copy the javadocs there.
+printf "\n>>>>> Copying javadocs to new directory: docs/%s\n" ${GH_TAG}
+rm -rf docs/${GH_TAG}
+mkdir -p docs/${GH_TAG}
+cp -rf ../target/site/apidocs/* docs/${GH_TAG}
+
+printf "\n>>>>> Generating gh-pages index.html...\n"
+../build/generateJavadocIndex.sh > index.html
+
+printf "\n>>>>> Committing new javadoc...\n"
+git add -f .
+git commit -m "docs: latest javadoc for ${GH_TAG}"
+git push -f origin gh-pages
+
+popd
+
+printf "\n>>>>> Published javadoc for release build: repo=%s tag=%s\n"  ${GH_REPO_SLUG} ${GH_TAG}
+