diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7e006df865..7d716f4f22 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -188,6 +188,54 @@ jobs: const globber = await glob.create(['out/*.aar', 'out/*.apk', 'out/*.tgz'].join('\n')); await upload({ github, context }, await globber.glob(), TAG); + sonatype-publish: + name: sonatype-publish + runs-on: 'ubuntu-24.04-16core' + # Depends on the the Android build for the Android binaries. + # Depends on the Mac, Linux, and Windows builds for host tools. + needs: [build-mac, build-linux, build-windows, build-android] + if: github.event_name == 'release' || github.event.inputs.platform == 'android' + + steps: + - name: Decide Git ref + id: git_ref + run: | + REF=${RELEASE_TAG:-${GITHUB_REF}} + TAG=${REF##*/} + echo "ref=${REF}" >> $GITHUB_OUTPUT + echo "tag=${TAG}" >> $GITHUB_OUTPUT + - uses: actions/checkout@v4.1.6 + with: + ref: ${{ steps.git_ref.outputs.ref }} + - uses: actions/setup-java@v3 + with: + distribution: 'temurin' + java-version: '17' + - uses: ./.github/actions/linux-prereq + - name: Download Android Release + run: | + gh release download ${TAG} \ + --repo ${{ github.repository }} \ + --pattern 'filament-*-android-native.tgz' + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + TAG: ${{ steps.git_ref.outputs.tag }} + - name: Unzip Android Release + run: | + mkdir -p out/android-release + tar -xzvf filament-${TAG}-android-native.tgz -C out/android-release/ + env: + TAG: ${{ steps.git_ref.outputs.tag }} + - name: Publish To Sonatype + run: | + cd android + ./gradlew publishToSonatype closeSonatypeStagingRepository + env: + ORG_GRADLE_PROJECT_sonatypeUsername: ${{ secrets.SONATYPE_USERNAME }} + ORG_GRADLE_PROJECT_sonatypePassword: ${{ secrets.SONATYPE_PASSWORD }} + ORG_GRADLE_PROJECT_signingKey: ${{ secrets.MAVEN_SIGNING_KEY }} + ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.MAVEN_SIGNING_PASSWORD }} + build-ios: name: build-ios runs-on: macos-14-xlarge diff --git a/android/build.gradle b/android/build.gradle index 705017a581..034860104f 100644 --- a/android/build.gradle +++ b/android/build.gradle @@ -40,15 +40,21 @@ // - Build and upload artifacts with ./gradlew publish // - Close and release staging repo on Nexus with ./gradlew closeAndReleaseStagingRepository // -// The following is needed in ~/gradle/gradle.properties: +// The following properties need to be set (either in ~/gradle/gradle.properties, on the command +// line, or as environment variables, e.g.: ORG_GRADLE_PROJECT_property=value): // // sonatypeUsername=nexus_user // sonatypePassword=nexus_password // +// To sign with a key ring file: // signing.keyId=pgp_key_id // signing.password=pgp_key_password // signing.secretKeyRingFile=/Users/user/.gnupg/maven_signing.key // +// To sign with in-memory keys (useful for CI):, +// signingKey=ASCII armored key (begins with -----BEGIN PGP PRIVATE KEY BLOCK-----) +// signingPassword=key password +// buildscript { def path = providers diff --git a/android/gradle/gradle-mvn-push.gradle b/android/gradle/gradle-mvn-push.gradle index c6bf2751f6..1e534008f0 100644 --- a/android/gradle/gradle-mvn-push.gradle +++ b/android/gradle/gradle-mvn-push.gradle @@ -94,6 +94,13 @@ afterEvaluate { project -> } signing { + def signingKey = findProperty("signingKey") + def signingPassword = findProperty("signingPassword") + if (signingKey && signingPassword) { + println("Signing with in-memory keys") + useInMemoryPgpKeys(signingKey, signingPassword) + } + publishing.publications.all { publication -> sign publication }