.github/workflows/publish.yaml

name: Publish to Nexus
on:
  workflow_call:
    inputs:
      version:
        description: Version number
        type: string
        required: true
    secrets:
      SLACK_WEBHOOK:
        description: Slack Notifier Incoming Webhook
        required: true
      PUBLISHING_SIGNING_KEY_ID:
        description: Signing key id
        required: true
      PUBLISHING_SIGNING_KEY_PASSWORD:
        description: Signing key password
        required: true
      PUBLISHING_SIGNING_KEY_RING_FILE_BASE64:
        description: Signing key ring file
        required: true
      PUBLISHING_USERNAME:
        description: Publishing username
        required: true
      PUBLISHING_PASSWORD:
        description: Publishing password
        required: true

jobs:
  publish-to-nexus:
    runs-on: macos-latest

    steps:
      # Clone the repo
      - name: Clone the repository
        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      # Setup JDK and cache and restore dependencies.
      - name: Set up JDK 17
        uses: actions/setup-java@v3
        with:
          distribution: 'temurin'
          java-version: '17'
          cache: 'gradle'

      # Build the SDK
      - name: Build the SDK
        run: ./gradlew build -x test --stacktrace --no-daemon

      # Prepare secring.gpg file
      - name: Prepare secring.gpg file
        run: echo -n ${{ secrets.PUBLISHING_SIGNING_KEY_RING_FILE_BASE64 }} | base64 --decode --output $RUNNER_TEMP/secring.gpg

      # Prepare credentials for publishing (local.properties)
      - name: Prepare local.properties file with publishing credentials
        run: |
            cat <<EOF > local.properties
            signing.keyId=${{ secrets.PUBLISHING_SIGNING_KEY_ID }}
            signing.password=${{ secrets.PUBLISHING_SIGNING_KEY_PASSWORD }}
            signing.secretKeyRingFile=$RUNNER_TEMP/secring.gpg
            ossrhUsername=${{ secrets.PUBLISHING_USERNAME }}
            ossrhPassword=${{ secrets.PUBLISHING_PASSWORD }}
            EOF

      - name: Update the version number in the gradle.properties files
        run: sed -i -e s/^VERSION=.*$/VERSION=${{ inputs.version }}/g gradle.properties

      # Publish to Nexus
      - name: Publish the SDK to Nexus repository
        timeout-minutes: 5
        run: ./gradlew publishReleasePublicationToSonatypeRepository closeAndReleaseStagingRepository --no-daemon

      # Send slack notification with result status
      - name: Send slack notification
        uses: 8398a7/action-slack@v3
        with:
          status: custom
          fields: all
          custom_payload: |
            {
              attachments: [{
                title: 'ForgeRock Android SDK Release ${{ inputs.version }}',
                color: '${{ job.status }}' === 'success' ? 'good' : '${{ job.status }}' === 'failure' ? 'danger' : 'warning',
                text: `\nStatus: ${{ job.status }}\nWorkflow: ${process.env.AS_WORKFLOW} -> ${process.env.AS_JOB}`, 
              }]
            }
        env:
          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
        if: always()