.github/workflows/build.yml

# This workflow will build the project and upload the jar files to
# GitHub as build artifacts. It is triggered by push or pull requests.
# It may also be run manually.
#
# For deploying a package to the maven central repository
# and also as a GitHub Package, use its sibling, deploy.yml.
name: Build
on:
  push:
    branches:
      - main
  pull_request:
    types: [opened, synchronize, reopened]
  workflow_dispatch:
    inputs:
      tags:
        description: 'Manual build'
jobs:
  build:
    name: Build
    runs-on: ubuntu-latest
    # Permissions are needed to read the artifacts and write the package
    permissions: 
      contents: read
      packages: write 
    steps:
      # Checkout (using V2)
      - uses: actions/checkout@v2
        with:
          fetch-depth: 0  
      # Setup Java 11 with a settings.xml file setup for signatures
      # Note: maven caching is done here
      - name: Set up JDK 11
        uses: actions/setup-java@v2
        with:
          distribution: 'zulu'
          java-version: 11
          cache: 'maven'
          server-id: github
          gpg-private-key: ${{ secrets.GPG_JAR_KEY }} 
          gpg-passphrase: MAVEN_GPG_PASSPHRASE
      # Cache Sonar packages
      - name: Cache SonarCloud packages
        uses: actions/cache@v2
        with:
          path: ~/.sonar/cache
          key: ${{ runner.os }}-sonar
          restore-keys: ${{ runner.os }}-sonar
      # Run the Verify Phase using the github profile
      - name: Verify
        run: mvn -B -Dgpg.passphrase=${{ secrets.GPG_JAR_PASSPHRASE }} -P github verify
        env: 
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_JAR_PASSWORD }}
      # Copy the jars and signature files 
      - name: Package Jars and Signatures
        run: |
          mkdir jars && cp target/archive-extract*.jar jars 
          cp target/*.asc jars 
      # Upload the jars and signature files 
      - uses: actions/upload-artifact@v2
        with:
          name: Jar and Signature Package
          path: jars
      # Run the sonar plugin to update Sonar content
      - name: Update Sonar Cloud
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
        run: |
          mvn -B org.sonarsource.scanner.maven:sonar-maven-plugin:sonar