publish.yml

name: Publish to MavenCentral

on:
  release:
    # We'll run this workflow when a new GitHub release is created
    types: [released]

jobs:
  publish:
    name: Release build and publish
    runs-on: ubuntu-latest
    steps:
      - name: Check out code
        uses: actions/checkout@v3

      # Setups JDK
      - name: set up JDK 17
        uses: actions/setup-java@v4
        with:
          java-version: '17'
          distribution: 'temurin'
          cache: gradle

      - name: Setup Android SDK
        uses: android-actions/setup-android@v3

      # Decrypt Secret files needed to deploy
      - name: Decrypt Secrets
        run: signing/signing_setup.sh $ENCRYPTION_KEY
        env:
          ENCRYPTION_KEY: ${{ secrets.KEY_RING_ENCRYPTION_KEY }}

      # Builds the library's release artifacts
      - name: Assemble Release build
        run: ./gradlew :library:assembleRelease

      # Uploads artifacts, then closes & releases the repository
      - name: Deploy to Sonatype
        run: ./gradlew publishAllPublicationsToMavenCentral --no-daemon --no-parallel
        env:
          ORG_GRADLE_PROJECT_mavenCentralUsername: ${{ secrets.OSSRH_USERNAME }}
          ORG_GRADLE_PROJECT_mavenCentralPassword: ${{ secrets.OSSRH_PASSWORD }}
          SIGNING_KEY_ID: ${{ secrets.SIGNING_KEY_ID }}
          SIGNING_PASSWORD: ${{ secrets.SIGNING_PASSWORD }}
          SIGNING_SECRET_KEY_RING_FILE: ${{ secrets.SIGNING_SECRET_KEY_RING_FILE }}

      # Cleans up Secret files used in deployment process
      - name: Clean Secrets
        if: always()
        run: signing/signing_cleanup.sh