OSSRH Publish and signing task (#2)

.github/workflows/publish.yml

@@ -0,0 +1,53 @@
+name: Publish Artifacts
+
+on:
+ release:
+ types: [created]
+
+permissions:
+ actions: write
+
+jobs:
+ build:
+ name: Build
+ strategy:
+ matrix:
+ os: [ubuntu-latest, windows-latest]
+ jdk: [17]
+ fail-fast: false
+ runs-on: ${{ matrix.os }}
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v3
+ - name: Set up JDK ${{ matrix.jdk }}
+ uses: spring-io/spring-gradle-build-action@v2
+ with:
+ java-version: ${{ matrix.jdk }}
+ distribution: temurin
+ - name: Build with Gradle
+ run: ./gradlew check
+ - name: Test Reports
+ uses: mikepenz/action-junit-report@v3
+ if: success() || failure()
+ with:
+ report_paths: '**/build/test-results/test/TEST-*.xml'
+
+ publish:
+ name: Sign and Publish Artifact
+ runs-on: ubuntu-latest
+ needs: [build]
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v3
+ - name: Set up JDK
+ uses: spring-io/spring-gradle-build-action@v2
+ with:
+ java-version: 17
+ distribution: temurin
+ - name: Gradle Publish
+ env:
+ GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }}
+ GPG_SIGNING_SECRET: ${{ secrets.GPG_SIGNING_SECRET }}
+ OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+ OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
+ run: ./gradlew publish --stacktrace

build.gradle

@@ -3,6 +3,7 @@ plugins {
  id 'io.freefair.lombok' version '6.5.0.3' apply(false)
  id 'io.spring.javaformat' version '0.0.39' apply(false)
  id 'io.spring.dependency-management' version '1.1.0' apply(false)
+ id 'com.konfigyr.crypto.deploy' apply(false)
 }
 
 subprojects {
@@ -12,13 +13,14 @@ subprojects {
  apply plugin: 'io.freefair.lombok'
  apply plugin: 'io.spring.javaformat'
  apply plugin: 'io.spring.dependency-management'
+ apply plugin: 'com.konfigyr.crypto.deploy'
 
  ext {
  set('springVersion', '3.1.2')
  }
 
  group = 'com.konfigyr'
- version = '0.0.1'
+ version = '1.0.0-RC1'
 
  sourceCompatibility = JavaVersion.VERSION_17
  targetCompatibility = JavaVersion.VERSION_17
@@ -36,6 +38,8 @@ subprojects {
  }
 
  dependencies {
+ implementation 'com.google.code.findbugs:jsr305:3.0.2'
+
  checkstyle 'io.spring.javaformat:spring-javaformat-checkstyle:0.0.39'
 
  annotationProcessor 'org.springframework.boot:spring-boot-autoconfigure-processor'
@@ -51,6 +55,11 @@ subprojects {
  }
  }
 
+ java {
+ withJavadocJar()
+ withSourcesJar()
+ }
+
  test {
  useJUnitPlatform()
  }

buildSrc/build.gradle

@@ -0,0 +1,23 @@
+apply plugin: 'java'
+apply plugin: 'java-gradle-plugin'
+
+repositories {
+ mavenCentral()
+
+ maven {
+ url 'https://plugins.gradle.org/m2/'
+ }
+}
+
+dependencies {
+ implementation gradleApi()
+}
+
+gradlePlugin {
+ plugins {
+ deploy {
+ id = 'com.konfigyr.crypto.deploy'
+ implementationClass = 'com.konfigyr.crypto.publish.DeployPlugin'
+ }
+ }
+}

buildSrc/src/main/java/com/konfigyr/crypto/publish/DeployExtension.java

@@ -0,0 +1,54 @@
+package com.konfigyr.crypto.publish;
+
+import org.gradle.api.model.ObjectFactory;
+import org.gradle.api.provider.Property;
+import org.gradle.api.provider.ProviderFactory;
+
+/**
+ * @author : [email protected]
+ * @since : 04.09.23, Mon
+ **/
+public abstract class DeployExtension {
+
+ static final String NAME = "deploy";
+
+ private final Property<String> signingKey;
+
+ private final Property<String> signingSecret;
+
+ private final Property<String> repositoryUsername;
+
+ private final Property<String> repositoryPassword;
+
+ public DeployExtension(ObjectFactory factory, ProviderFactory providers) {
+ signingKey = factory.property(String.class).value(providers.environmentVariable("GPG_SIGNING_KEY"));
+ signingSecret = factory.property(String.class).value(providers.environmentVariable("GPG_SIGNING_SECRET"));
+ repositoryUsername = factory.property(String.class).value(providers.environmentVariable("OSSRH_USERNAME"));
+ repositoryPassword = factory.property(String.class).value(providers.environmentVariable("OSSRH_PASSWORD"));
+ }
+
+ public Property<String> signingKey() {
+ return signingKey;
+ }
+
+ public Property<String> signingSecret() {
+ return signingSecret;
+ }
+
+ public Property<String> repositoryUsername() {
+ return repositoryUsername;
+ }
+
+ public Property<String> repositoryPassword() {
+ return repositoryPassword;
+ }
+
+ public boolean hasRepositoryCredentials() {
+ return repositoryUsername.isPresent() && repositoryPassword.isPresent();
+ }
+
+ public boolean hasSigningCredentials() {
+ return signingKey.isPresent() && signingSecret.isPresent();
+ }
+
+}

buildSrc/src/main/java/com/konfigyr/crypto/publish/DeployPlugin.java

@@ -0,0 +1,129 @@
+package com.konfigyr.crypto.publish;
+
+import org.gradle.api.Plugin;
+import org.gradle.api.Project;
+import org.gradle.api.artifacts.dsl.RepositoryHandler;
+import org.gradle.api.artifacts.repositories.MavenArtifactRepository;
+import org.gradle.api.plugins.JavaPlugin;
+import org.gradle.api.plugins.JavaPluginExtension;
+import org.gradle.api.publish.Publication;
+import org.gradle.api.publish.PublishingExtension;
+import org.gradle.api.publish.VariantVersionMappingStrategy;
+import org.gradle.api.publish.VersionMappingStrategy;
+import org.gradle.api.publish.maven.MavenPom;
+import org.gradle.api.publish.maven.MavenPublication;
+import org.gradle.api.publish.maven.plugins.MavenPublishPlugin;
+import org.gradle.plugins.signing.SigningExtension;
+import org.gradle.plugins.signing.SigningPlugin;
+
+import javax.annotation.Nonnull;
+import java.net.URI;
+
+/**
+ * @author : [email protected]
+ * @since : 04.09.23, Mon
+ **/
+public class DeployPlugin implements Plugin<Project> {
+
+ @Override
+ public void apply(@Nonnull Project project) {
+ project.getPlugins().apply(MavenPublishPlugin.class);
+ project.getPlugins().apply(SigningPlugin.class);
+
+ project.getExtensions().create(DeployExtension.NAME, DeployExtension.class,
+ project.getObjects(), project.getProviders());
+
+ customizeJavaPlugin(project);
+ customizePublishExtension(project);
+ }
+
+ private void customizeJavaPlugin(Project project) {
+ project.getPlugins().withType(JavaPlugin.class, it -> {
+ final JavaPluginExtension extension = project.getExtensions().getByType(JavaPluginExtension.class);
+ extension.withJavadocJar();
+ extension.withSourcesJar();
+ });
+ }
+
+ private void customizePublishExtension(Project project) {
+ final PublishingExtension publishing = project.getExtensions().getByType(PublishingExtension.class);
+ publishing.repositories(repositories -> customizeRepositories(repositories, project));
+
+ final MavenPublication publication = publishing.getPublications().create("maven", MavenPublication.class);
+ publication.from(project.getComponents().findByName("java"));
+ publication.versionMapping(this::customizeVersionMappings);
+
+ customizePom(publication.getPom(), project);
+ customizeSigningExtension(publication, project);
+ }
+
+ private void customizeSigningExtension(Publication publication, Project project) {
+ final DeployExtension extension = project.getExtensions().getByType(DeployExtension.class);
+
+ if (extension.hasSigningCredentials()) {
+ final SigningExtension signing = project.getExtensions().getByType(SigningExtension.class);
+ signing.sign(publication);
+ signing.useInMemoryPgpKeys(extension.signingKey().get(), extension.signingSecret().get());
+ }
+ }
+
+ private void customizeRepositories(RepositoryHandler repositories, Project project) {
+ final DeployExtension extension = project.getExtensions().getByType(DeployExtension.class);
+
+ repositories.maven(repository -> {
+ repository.setName("oss-sonatype-snapshot");
+ repository.setUrl(URI.create("https://s01.oss.sonatype.org/content/repositories/snapshots/"));
+ customizeRepositoryCredentials(repository, extension);
+ });
+
+ repositories.maven(repository -> {
+ repository.setName("oss-sonatype-release");
+ repository.setUrl(URI.create("https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/"));
+ customizeRepositoryCredentials(repository, extension);
+ });
+ }
+
+ private void customizeRepositoryCredentials(MavenArtifactRepository repository, DeployExtension extension) {
+ if (extension.hasRepositoryCredentials()) {
+ repository.credentials(credentials -> {
+ credentials.setUsername(extension.repositoryUsername().get());
+ credentials.setPassword(extension.repositoryPassword().get());
+ });
+ }
+ }
+
+ private void customizeVersionMappings(VersionMappingStrategy mappings) {
+ mappings.usage("java-api", strategy -> strategy.fromResolutionOf("runtimeClasspath"));
+ mappings.usage("java-runtime", VariantVersionMappingStrategy::fromResolutionResult);
+ }
+
+ private void customizePom(MavenPom pom, Project project) {
+ pom.getUrl().set("https://github.com/konfigyr/konfigyr-crypto");
+ pom.getName().set(project.provider(project::getName));
+ pom.getDescription().set(project.provider(project::getDescription));
+ pom.organization(org -> {
+ org.getName().set("Konfigyr");
+ org.getUrl().set("https://konfigyr.com");
+ });
+ pom.developers(developers -> developers.developer(developer -> {
+ developer.getId().set("vspasic");
+ developer.getName().set("Vladimir Spasic");
+ developer.getEmail().set("[email protected]");
+ developer.getRoles().add("Project lead");
+ }));
+ pom.issueManagement(issue -> {
+ issue.getSystem().set("Github");
+ issue.getUrl().set("https://github.com/konfigyr/konfigyr-crypto/issues");
+ });
+ pom.scm(scm -> {
+ scm.getDeveloperConnection().set("scm:git:ssh://[email protected]/konfigyr/konfigyr-crypto.git");
+ scm.getConnection().set("scm:git:git://github.com/konfigyr/konfigyr-crypto.git");
+ scm.getUrl().set("https://github.com/konfigyr/konfigyr-crypto");
+ scm.getTag().set("Github");
+ });
+ pom.licenses(licences -> licences.license(licence -> {
+ licence.getName().set("The Apache License, Version 2.0");
+ licence.getUrl().set("https://www.apache.org/licenses/LICENSE-2.0.txt");
+ }));
+ }
+}

konfigyr-crypto-api/build.gradle

@@ -1,5 +1,9 @@
+description = 'Core library of the Konfigyr Crypto library that defines an extensible API for working with crypto keys'
+
 dependencies {
- api 'org.springframework.boot:spring-boot-starter'
+ compileOnly 'org.springframework.boot:spring-boot-starter'
 
  api 'jakarta.validation:jakarta.validation-api'
-}
+
+ testImplementation 'org.springframework.boot:spring-boot-starter'
+}

konfigyr-crypto-api/src/main/java/com/konfigyr/crypto/AbstractKeyEncryptionKey.java

@@ -20,10 +20,22 @@
  **/
 public abstract class AbstractKeyEncryptionKey implements KeyEncryptionKey {
 
+ /**
+ * Unique {@link KeyEncryptionKey} identifier.
+ */
  protected final String id;
 
+ /**
+ * Name of the {@link KeyEncryptionKeyProvider} that owns the
+ * {@link KeyEncryptionKey}.
+ */
  protected final String provider;
 
+ /**
+ * Constructor used to set up the required {@link KeyEncryptionKey} identifiers.
+ * @param id unique key identifier, can't be {@literal null}
+ * @param provider key provider name, can't be {@literal null}
+ */
  protected AbstractKeyEncryptionKey(String id, String provider) {
  this.id = id;
  this.provider = provider;

konfigyr-crypto-api/src/main/java/com/konfigyr/crypto/Algorithm.java

@@ -23,21 +23,21 @@
 public interface Algorithm extends Serializable {
 
  /**
- * @return algorithm name, never {@link null}.
+ * @return algorithm name, never {@literal null}.
  */
  @NonNull
  String name();
 
  /**
- * @return key type used by the algorithm, never {@link null}.
+ * @return key type used by the algorithm, never {@literal null}.
  */
  @NonNull
  KeyType type();
 
  /**
  * Collection of {@link KeysetOperation operations} this {@link Algorithm} can
  * perform.
- * @return supported operations, never {@link null}.
+ * @return supported operations, never {@literal null}.
  */
  @NonNull
  Set<KeysetOperation> operations();

konfigyr-crypto-api/src/main/java/com/konfigyr/crypto/EncryptedKeyset.java

@@ -121,6 +121,9 @@ public InputStream getInputStream() {
  return builder(keyset).keyEncryptionKey(keyset.getKeyEncryptionKey()).build(data);
  }
 
+ /**
+ * Builder class used to create new instances of the {@link EncryptedKeyset}.
+ */
  @RequiredArgsConstructor(access = AccessLevel.PRIVATE)
  public static final class Builder {