GitHub - jreleaser/release-action at java (original) (raw)

The default GITHUB_TOKEN from secrets is limitedto the repository that contains your workflow.

Pushing to other repositories such as Homebrew tap requires additional permissions, you must create a customPersonal Access Token withrepo permissions and add it as a secret in the repository. If you create a secret named GH_PAT, the step will look like this

  - name: Run JReleaser
    uses: jreleaser/release-action@v2
    env:
      JRELEASER_GITHUB_TOKEN: ${{ secrets.GH_PAT }}

If you’d rather have separate tokens for each additional repository and keep the original GITHUB_TOKEN intact then you may apply the GH_PAT token as follows

  - name: Run JReleaser
    uses: jreleaser/release-action@v2
    env:
      JRELEASER_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      JRELEASER_HOMEBREW_GITHUB_TOKEN: ${{ secrets.GH_PAT }}

Additional environment variables may be needed depending on your specific setup, such as those needed for signing files with GPG or announcing a release via Twitter. Review the docs at https://jreleaser.org to find more about these variables and how to set them up.

SLSA Builder

A custom SLSA builder is available for Java projects built with either Maven or Gradle. The following snippet shows the minimum configuration to run the builder on GitHub Actions.

release: permissions: contents: write id-token: write actions: read packages: write uses: jreleaser/release-action/.github/workflows/builder_slsa3.yml@v1.3.0-java with: project-version: ${{ needs.precheck.outputs.VERSION }} rekor-log-public: true secrets: github-token: ${{ secrets.GITHUB_TOKEN }}

It’s expected that the JReleaser configuration defines build instructions using the hooks feature, such as

jreleaser.yaml

hooks: script: before: - run: './mvnw -ntp verify' condition: '"{{ Env.CI }}" == true' verbose: true filter: includes: ['assemble']