pass long gpg tty #100
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Cloud | |
| on: | |
| push: | |
| branches: [ master ] | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| type: choice | |
| description: 'Environment' | |
| required: true | |
| default: 'staging' | |
| options: | |
| - production | |
| - staging | |
| lambdaRuntime: | |
| type: choice | |
| description: 'Lambda Runtime' | |
| required: true | |
| default: 'jvm' | |
| options: | |
| - jvm | |
| - native | |
| concurrency: | |
| group: deploy-cloud-${{ github.event.inputs.environment || 'staging' }} | |
| jobs: | |
| build: | |
| # Do not skip if this was dispatched explicitly | |
| # For push to master: | |
| # - Skip deploy if this is a release commit | |
| # - Skip deploy if [skip deploy] is supplied | |
| if: "github.event_name != 'push' || (!contains(github.event.head_commit.message, '[release]') && !contains(github.event.head_commit.message, '[skip deploy]'))" | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Common steps for all GH Actions | |
| - uses: actions/checkout@v3 | |
| - name: Setup Java | |
| uses: graalvm/setup-graalvm@v1 | |
| with: | |
| java-version: '21' | |
| distribution: 'graalvm-community' | |
| cache: 'maven' | |
| - uses: actions/setup-node@v3 | |
| with: | |
| node-version-file: '.nvmrc' | |
| - name: Cache local Maven repository | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/.m2/repository | |
| key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: ${{ runner.os }}-maven- | |
| - name: Install dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y wget scour ghostscript fuse | |
| wget -nv -O /usr/local/bin/convert https://github.com/ImageMagick/ImageMagick/releases/download/7.1.1-26/ImageMagick--clang-x86_64.AppImage | |
| chmod a+x /usr/local/bin/convert | |
| convert -version | |
| scour --version | |
| # Import and configure GPG key | |
| - name: Import GPG private key | |
| run: | | |
| echo "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --batch --yes --import | |
| KEY_ID=$(gpg --list-secret-keys --keyid-format LONG | grep sec | awk '{print $2}' | cut -d'/' -f2) | |
| echo "default-key $KEY_ID" >> ~/.gnupg/gpg.conf | |
| echo "use-agent" >> ~/.gnupg/gpg.conf | |
| export GPG_TTY=$(tty) | |
| # AWS credentials | |
| - name: Add profile credentials to ~/.aws/credentials | |
| run: | | |
| aws configure set aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }} --profile dataspray | |
| aws configure set aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }} --profile dataspray | |
| aws configure set region ${{ secrets.AWS_DEFAULT_REGION }} --profile dataspray | |
| # Deploy Cloud | |
| - name: Maven build | |
| timeout-minutes: 60 | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
| MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} | |
| MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} | |
| run: MAVEN_ARGS="--batch-mode" make action-deploy-cloud-${{ github.event.inputs.lambdaRuntime || 'jvm' }}-${{ github.event.inputs.environment || 'staging' }} |