fixup! try use Encrypted secrets (#3)

* fixup! try use Encrypted secrets do things in another way
WHY-lWoHvYe · Dec 22, 2022 · 13a0955 · 13a0955
1 parent ed6b31b
commit 13a0955
Show file tree

Hide file tree

Showing 4 changed files with 68 additions and 67 deletions.
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -37,73 +37,71 @@ jobs:
         # Learn more about CodeQL language support at https://git.io/codeql-language-support
 
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v3
-      # see: https://github.com/marketplace/actions/setup-java-jdk
-    - name: Setup Java JDK
-      uses: actions/setup-java@v3.9.0
-      with:
-        # The Java version to set up. Takes a whole or semver Java version. See examples of supported syntax in README file
-        java-version: '19'
-        # Java distribution. See the list of supported distributions in README file
-        distribution: 'corretto'
-        # The package type (jdk, jre, jdk+fx, jre+fx)
-        #java-package: # optional, default is jdk
-        # The architecture of the package
-        #architecture: # optional, default is x64
-        # Path to where the compressed JDK is located
-        #jdkFile: # optional
-        # Set this option if you want the action to check for the latest available version that satisfies the version spec
-        check-latest: true # optional
-        # ID of the distributionManagement repository in the pom.xml file. Default is `github`
-        #server-id: # optional, default is github
-        # Environment variable name for the username for authentication to the Apache Maven repository. Default is $GITHUB_ACTOR
-        #server-username: # optional, default is GITHUB_ACTOR
-        # Environment variable name for password or token for authentication to the Apache Maven repository. Default is $GITHUB_TOKEN
-        #server-password: # optional, default is GITHUB_TOKEN
-        # Path to where the settings.xml file will be written. Default is ~/.m2.
-        #settings-path: # optional
-        # Overwrite the settings.xml file if it exists. Default is "true".
-        #overwrite-settings: # optional, default is true
-        # GPG private key to import. Default is empty string.
-        #gpg-private-key: # optional
-        # Environment variable name for the GPG private key passphrase. Default is $GPG_PASSPHRASE.
-        #gpg-passphrase: # optional
-        # Name of the build platform to cache dependencies. It can be "maven" or "gradle".
-        #cache: 'maven' # optional
-        # Workaround to pass job status to post job step. This variable is not intended for manual setting
-        #job-status: # optional, default is ${{ job.status }}
+      - name: Checkout repository
+        uses: actions/checkout@v3
+        # see: https://github.com/marketplace/actions/setup-java-jdk
+      - name: Setup Java JDK
+        uses: actions/setup-java@v3.9.0
+        with:
+          # The Java version to set up. Takes a whole or semver Java version. See examples of supported syntax in README file
+          java-version: '19'
+          # Java distribution. See the list of supported distributions in README file
+          distribution: 'corretto'
+          # The package type (jdk, jre, jdk+fx, jre+fx)
+          #java-package: # optional, default is jdk
+          # The architecture of the package
+          #architecture: # optional, default is x64
+          # Path to where the compressed JDK is located
+          #jdkFile: # optional
+          # Set this option if you want the action to check for the latest available version that satisfies the version spec
+          check-latest: true # optional
+          # ID of the distributionManagement repository in the pom.xml file. Default is `github`
+          #server-id: # optional, default is github
+          # Environment variable name for the username for authentication to the Apache Maven repository. Default is $GITHUB_ACTOR
+          #server-username: # optional, default is GITHUB_ACTOR
+          # Environment variable name for password or token for authentication to the Apache Maven repository. Default is $GITHUB_TOKEN
+          #server-password: # optional, default is GITHUB_TOKEN
+          # Path to where the settings.xml file will be written. Default is ~/.m2.
+          #settings-path: # optional
+          # Overwrite the settings.xml file if it exists. Default is "true".
+          #overwrite-settings: # optional, default is true
+          # GPG private key to import. Default is empty string.
+          #gpg-private-key: # optional
+          # Environment variable name for the GPG private key passphrase. Default is $GPG_PASSPHRASE.
+          #gpg-passphrase: # optional
+          # Name of the build platform to cache dependencies. It can be "maven" or "gradle".
+          #cache: 'maven' # optional
+          # Workaround to pass job status to post job step. This variable is not intended for manual setting
+          #job-status: # optional, default is ${{ job.status }}
 
-    - name: Set Env
-      env:
-        ossrhUsername: ${{ secrets.OssrhUsername }}
-        ossrhPassword: ${{ secrets.OssrhPassword }}
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
+          # queries: ./path/to/local/query, your-org/your-repo/queries@main
 
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
-      with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+      # If this step fails, then you should remove it and run the build manually (see below)
+      - name: Autobuild
+        env:
+          OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+          OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
+        uses: github/codeql-action/autobuild@v2
 
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      # ℹ️ Command-line programs to run using the OS shell.
+      # 📚 https://git.io/JvXDl
 
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://git.io/JvXDl
+      # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+      #    and modify them (or add more) to build your code if your project
+      #    uses a compiled language
 
-    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-    #    and modify them (or add more) to build your code if your project
-    #    uses a compiled language
+      #- run: |
+      #   make bootstrap
+      #   make release
 
-    #- run: |
-    #   make bootstrap
-    #   make release
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
@@ -30,6 +30,9 @@ jobs:
           settings-path: ${{ github.workspace }} # location for the settings.xml file
 
       - name: Build with Gradle
+        env:
+          OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+          OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
         uses: gradle/gradle-build-action@67421db6bd0bf253fb4bd25b31ebb98943c375e1
         with:
           arguments: bootBuildImage

diff --git a/build.gradle b/build.gradle
@@ -129,8 +129,8 @@ publishing {
             def snapshotsRepoUrl = "https://s01.oss.sonatype.org/content/repositories/snapshots/"
             url = version.endsWith('SNAPSHOT') ? snapshotsRepoUrl : releasesRepoUrl
             credentials {
-                username = ossrhUsername
-                password = ossrhPassword
+                username = System.getenv('OSSRH_USERNAME') ?: ossrhUsername
+                password = System.getenv('OSSRH_PASSWORD') ?: ossrhPassword
             }
         }
     }

diff --git a/gradle.properties b/gradle.properties
@@ -29,7 +29,7 @@ logbackVersion=1.4.5
 logstashVersion=7.2
 mapstructVersion=1.5.3.Final
 mapstructSpringVersion=0.1.2
-oshiCoreVersion=6.3.2
+oshiCoreVersion=6.4.0
 poiVersion=5.2.2
 quartzVersion=2.3.2
 redissonVersion=3.19.0