Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
144 changes: 0 additions & 144 deletions .github/workflows/build-with-release-profile-run.yml

This file was deleted.

61 changes: 25 additions & 36 deletions .github/workflows/build-with-release-profile.yml
Original file line number Diff line number Diff line change
@@ -1,54 +1,43 @@
name: Build with '-Prelease' (Trigger)

# Trigger workflow for release profile build verification.
# This workflow runs on PRs and uploads the PR info for the workflow_run job.
# The actual build with secrets happens in build-with-release-profile-run.yml
# See: https://securitylab.github.com/research/github-actions-preventing-pwn-requests
name: Build with '-Prelease'

on:
pull_request: # Changed from pull_request_target for security
pull_request:
paths-ignore:
- '**/docs/**'
push:
branches:
- main
paths-ignore:
- '**/docs/**'
workflow_dispatch:

# Only run the latest job
concurrency:
group: '${{ github.workflow }} @ ${{ github.head_ref || github.ref }}'
group: ${{ github.workflow }} @ ${{ github.head_ref || github.ref }}
cancel-in-progress: true

permissions:
contents: read

jobs:
trigger:
# Only run this job for the main repository, not for forks
if: github.repository == 'a2aproject/a2a-java'
build:
name: Build with -Prelease
runs-on: ubuntu-latest
permissions:
contents: read

steps:
- name: Prepare PR info
run: |
mkdir -p pr_info

# Store PR number for workflow_run job
if [ "${{ github.event_name }}" = "pull_request" ]; then
echo ${{ github.event.number }} > pr_info/pr_number
echo ${{ github.event.pull_request.head.sha }} > pr_info/pr_sha
echo ${{ github.event.pull_request.head.ref }} > pr_info/pr_ref
else
# For push events, store the commit sha
echo ${{ github.sha }} > pr_info/pr_sha
echo ${{ github.ref }} > pr_info/pr_ref
fi

echo "Event: ${{ github.event_name }}"
cat pr_info/*
- name: Checkout
uses: actions/checkout@v7

- name: Upload PR info
uses: actions/upload-artifact@v7
- name: Set up JDK 17
uses: actions/setup-java@v5
with:
name: pr-info
path: pr_info/
retention-days: 1
java-version: '17'
distribution: 'temurin'
cache: maven

- name: Build with release profile
run: >
mvn -B install
-P release
-DskipTests
-Dgpg.skip=true
-Drelease.auto.publish=false
11 changes: 4 additions & 7 deletions RELEASE.md
Original file line number Diff line number Diff line change
Expand Up @@ -82,11 +82,9 @@ Open PR on GitHub with title: `chore: release 0.4.0.Alpha1`
The `build-with-release-profile.yml` workflow automatically verifies:
- ✅ Build succeeds with `-Prelease` profile
- ✅ All JavaDoc generation succeeds
- ✅ GPG signing works correctly
- ✅ JBang version validation passes
- ✅ No compilation or test failures

**Important**: This workflow tests the actual PR branch (not main) to catch issues before merge.
**Important**: This workflow runs as a normal PR/push check and verifies that the project builds with `-P release` without using release secrets.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

For consistency with other references in this document (such as lines 83, 120, and 252), -P release should be written as -Prelease without the space.

Suggested change
**Important**: This workflow runs as a normal PR/push check and verifies that the project builds with `-P release` without using release secrets.
**Important**: This workflow runs as a normal PR/push check and verifies that the project builds with -Prelease without using release secrets.


Wait for all CI checks to pass before proceeding.

Expand Down Expand Up @@ -250,10 +248,9 @@ Follow semantic versioning with qualifiers:
## Workflows Reference

### build-with-release-profile.yml
- **Triggers**: All PRs, all pushes
- **Purpose**: Verify builds with `-Prelease` profile
- **Special**: Tests actual PR branch (not main) using `pull_request_target` with explicit checkout
- **Requires**: GPG and Maven Central secrets
- **Triggers**: Pull requests, pushes to `main`, manual dispatch
- **Purpose**: Verify the project builds with `-Prelease`
- **Special**: Runs without GPG or Maven Central secrets

### release-to-maven-central.yml
- **Triggers**: Tags matching `v?[0-9]+.[0-9]+.[0-9]+*`
Expand Down
Loading