Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
90 changes: 90 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
name: Continuous Integration

on:
pull_request:
branches: ['**']
push:
branches: ['**']
tags: [v*]

env:
PGP_PASSPHRASE: ${{ secrets.PGP_PASSPHRASE }}
SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
PGP_SECRET: ${{ secrets.PGP_SECRET }}

Copilot AI Jan 12, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PUBLISHING.md documentation references the old secret name PGP_SECRET_BASE64 and the old environment variable format (MILL_PGP_SECRET_BASE64), but the new workflow uses PGP_SECRET. While the new approach using crazy-max/ghaction-import-gpg@v6 is valid and expects a non-base64-encoded key, the documentation should be updated to reflect this change to avoid confusion for users following the manual publishing instructions or setting up secrets.

Copilot uses AI. Check for mistakes.
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

jobs:
build:
name: Build and Test
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0

- name: Setup Java
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: 17

- name: Cache Mill
uses: actions/cache@v4
with:
path: |
~/.mill
~/.cache/coursier/v1
key: ${{ runner.os }}-mill-${{ hashFiles('build.mill') }}
restore-keys: |
${{ runner.os }}-mill-

- name: Compile
run: ./mill mill-docker.compile

- name: Test
run: ./mill mill-docker.test

publish:
name: Publish Artifacts
needs: [build]
if: github.event_name != 'pull_request' && (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main')

Copilot AI Jan 12, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The publish job condition checks for 'refs/heads/main' but also publishes on tag pushes. Publishing snapshots on every main branch push and releases on tags is a valid pattern, but consider whether publishing to Sonatype Central on every main branch commit is intended. Typically, only tagged releases are published to Maven Central, with snapshots going to a separate snapshot repository. If this is intentional, consider adding a comment to clarify the publishing strategy.

Suggested change
if: github.event_name != 'pull_request' && (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main')
if: github.event_name != 'pull_request' && startsWith(github.ref, 'refs/tags/v')

Copilot uses AI. Check for mistakes.
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0

- name: Setup Java
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: 17

- name: Cache Mill
uses: actions/cache@v4
with:
path: |
~/.mill
~/.cache/coursier/v1
key: ${{ runner.os }}-mill-${{ hashFiles('build.mill') }}
restore-keys: |
${{ runner.os }}-mill-

- name: Import GPG Key
uses: crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: ${{ secrets.PGP_SECRET }}
passphrase: ${{ secrets.PGP_PASSPHRASE }}
trust_level: 5

- name: Publish to Sonatype Central
run: |
export GPG_TTY=$(tty)

Copilot AI Jan 12, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The GPG TTY export on line 85 sets GPG_TTY=$(tty) which may fail in GitHub Actions as it's a non-interactive environment. While the subsequent gpgArgs include --no-tty and --batch flags which should handle this, the export command itself could fail silently. Consider wrapping this in a conditional or using 'export GPG_TTY=/dev/null' for GitHub Actions environments.

Suggested change
export GPG_TTY=$(tty)
if tty >/dev/null 2>&1; then
export GPG_TTY="$(tty)"
else
export GPG_TTY=/dev/null
fi

Copilot uses AI. Check for mistakes.
./mill -i mill.scalalib.SonatypeCentralPublishModule/ \
--username $SONATYPE_USERNAME \
--password $SONATYPE_PASSWORD \
--gpgArgs "--passphrase=$PGP_PASSPHRASE,--no-tty,--pinentry-mode,loopback,--batch,--yes,-a,-b" \
--bundleName com.ofenbeck-mill-docker-$(date +%Y-%m-%d-%H-%M)
Comment on lines +86 to +90

Copilot AI Jan 12, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Mill command syntax appears incorrect. The standard way to publish with Mill's SonatypeCentralPublishModule is to use the publishSonatypeCentral task on the module (e.g., ./mill mill-docker.publishSonatypeCentral). The current syntax mill.scalalib.SonatypeCentralPublishModule/ with manual arguments doesn't follow standard Mill conventions and may not work correctly with the module's configuration in build.mill.

Suggested change
./mill -i mill.scalalib.SonatypeCentralPublishModule/ \
--username $SONATYPE_USERNAME \
--password $SONATYPE_PASSWORD \
--gpgArgs "--passphrase=$PGP_PASSPHRASE,--no-tty,--pinentry-mode,loopback,--batch,--yes,-a,-b" \
--bundleName com.ofenbeck-mill-docker-$(date +%Y-%m-%d-%H-%M)
./mill -i mill-docker.publishSonatypeCentral

Copilot uses AI. Check for mistakes.

Copilot AI Jan 12, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The bundle name format appears inconsistent with Maven naming conventions. The current format uses hyphens: com.ofenbeck-mill-docker- but Maven group IDs typically use dots as separators. Based on build.mill where the organization is "com.ofenbeck", this should likely be com.ofenbeck.mill-docker to match standard Maven coordinate patterns.

Suggested change
--bundleName com.ofenbeck-mill-docker-$(date +%Y-%m-%d-%H-%M)
--bundleName com.ofenbeck.mill-docker-$(date +%Y-%m-%d-%H-%M)

Copilot uses AI. Check for mistakes.
26 changes: 0 additions & 26 deletions .github/workflows/publish.yml

This file was deleted.

Loading