ci: publish Java artifacts to GitHub Packages + Releases (jenkins offboarding A) by mo-auto · Pull Request #14199 · JanssenProject/jans (original) (raw)
Replace the build-test.yml stub with a build+publish workflow that deploys every io.jans Maven project to GitHub Packages Maven and uploads the service WARs + plugin/client jars as GitHub Release assets. This moves the Java artifact build and publish role off jenkins.jans.io.
Nightly publishes 0.0.0-nightly; the cleanup job deletes the prior version first because GitHub Packages Maven is immutable per-version. Version tags bump the poms via versions-maven-plugin before deploy. Release binaries are cosign-signed and attached to the matching release for anonymous consumption by the Dockerfiles and jans-linux-setup.
Signed-off-by: moauto 54212639+mo-auto@users.noreply.github.com
Issue or changes required in automatic builds or CI infrastructure
label
- Build/deploy order now mirrors the jenkins.jans.io Full rebuild job: bom, orm, core, agama, auth-server, cedarling-java, lock-server, fido2, scim, link, config-api, casa.
- Add jans-cedarling/bindings/cedarling-java (was missing); it pulls its native lib from the GitHub release named by the build tag.
- Exclude jans-shibboleth-idp until it is ready to publish.
- Add SLSA level 3 provenance for the released binaries via slsa-github-generator (generator_generic_slsa3), matching build-packages.yml: digest -> collect -> provenance job chain.
- Trigger on tag push (nightly / v**) instead of schedule so provenance is generated from a push event; the nightly tag is recreated by build-nightly-build.yml.
Signed-off-by: moauto 54212639+mo-auto@users.noreply.github.com
cedarling-java's pom has no , so mvn deploy failed with 'repository element was not specified'. Pass -DaltDeploymentRepository=github::https://maven.pkg.github.com/JanssenProject/jans on every module deploy. It matches the id+url the other modules already declare (no-op for them) and supplies the missing target for cedarling-java.
Signed-off-by: moauto 54212639+mo-auto@users.noreply.github.com
cedarling-java was the only module without , so mvn deploy required a workflow-level -DaltDeploymentRepository override. Declare the github repository in the pom like every other module so the module is self-describing and deployable in any context; drop the workflow arg.
Signed-off-by: moauto 54212639+mo-auto@users.noreply.github.com
Mirror build-docker-image.yml's dispatch UX: a build_all toggle plus one boolean per project, instead of a free-form space-separated string. The selection step assembles the module list in dependency order regardless of which toggles are set, so the Maven reactor and cross-module resolution stay correct.
Signed-off-by: moauto 54212639+mo-auto@users.noreply.github.com
The cleanup job's version lookup read only the first page (30 versions), so a 0.0.0-nightly buried under newer release versions (e.g. 1.16.0) was never deleted and the redeploy failed with 409 Conflict (seen on shibboleth-plugin and other long-lived packages). Use gh api --paginate and delete every matching version id.
Signed-off-by: moauto 54212639+mo-auto@users.noreply.github.com
GitHub forbids deleting the last remaining version of a package, so a brand-new package whose only version is 0.0.0-nightly (e.g. cedarling-java) could not be cleaned and the redeploy failed with 409 Conflict. Detect that case and delete the whole package; otherwise delete just the (possibly buried) 0.0.0-nightly version so coexisting release versions like 1.16.0 are preserved.
Signed-off-by: moauto 54212639+mo-auto@users.noreply.github.com
[![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4)
[
This was referenced
Jun 4, 2026
This was referenced
Jun 5, 2026
This was referenced
Jun 15, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
[ Show hidden characters]({{ revealButtonHref }})