Add GitHub CI/CD workflows and enable signing

nickmcdowall · nickmcdowall · commit 0dabc0ddac8d · 2025-07-26T20:03:50.000+01:00
- Add CI workflow using shared-workflows for build and release
- Add dependabot workflow for automated dependency updates
- Add nightly build workflow for regular health checks
- Configure dependabot for Gradle dependencies with grouping
- Enable signing configuration matching other LSD projects
- Ready for automated Maven Central publishing via CI
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,18 @@
+version: 2
+updates:
+  - package-ecosystem: "gradle"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    commit-message:
+      prefix: "fix"
+    groups:
+      runtime-dependencies:
+        patterns:
+          - "org.jetbrains.kotlin:kotlin-gradle-plugin:*"
+          - "org.jetbrains.dokka:dokka-gradle-plugin:*"
+          - "io.github.gradle-nexus:publish-plugin:*"
+          - "com.palantir.gradle.gitversion:gradle-git-version:*"
+          - "org.springframework.boot:spring-boot-gradle-plugin:*"
+          - "io.spring.gradle:dependency-management-plugin:*"
+          - "org.jetbrains.kotlin:kotlin-allopen:*"
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,26 @@
+# This workflow will build a Gradle project then perform an automated release
+# For more information see:
+#  https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-gradle
+#  https://github.com/marketplace/actions/action-for-semantic-release
+
+name: CI
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+jobs:
+  build:
+    uses: lsd-consulting/shared-workflows/.github/workflows/build.yml@main
+    with:
+      java-version: '17'
+      codecov: true
+    secrets: inherit
+  release:
+    needs: build
+    uses: lsd-consulting/shared-workflows/.github/workflows/release.yml@main
+    with:
+      java-version: '17'
+    secrets: inherit
diff --git a/.github/workflows/dependabot_merge.yml b/.github/workflows/dependabot_merge.yml
@@ -0,0 +1,9 @@
+name: Merge dependabot PR
+on:
+  pull_request_target:
+    branches:
+      - main
+jobs:
+  pr-merge:
+    uses: lsd-consulting/shared-workflows/.github/workflows/dependabot-merge.yml@main
+    secrets: inherit
diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
@@ -0,0 +1,10 @@
+name: Nightly Build
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 2 * * *' # run at 2 AM UTC
+jobs:
+  build:
+    uses: lsd-consulting/shared-workflows/.github/workflows/build.yml@main
+    with:
+      java-version: '17'
diff --git a/build.gradle.kts b/build.gradle.kts
@@ -1,7 +1,7 @@
 plugins {
     `kotlin-dsl`
     `maven-publish`
-    // signing // Temporarily disabled for local testing
+    signing
     id("io.github.gradle-nexus.publish-plugin") version "2.0.0"
     id("com.palantir.git-version") version "4.0.0"
 }
@@ -95,21 +95,18 @@ publishing {
     }
 }
 
-// Signing temporarily disabled for local testing
-/*
 signing {
     if (project.findProperty("signingKey") != null) {
         // Use in-memory ascii-armored keys
-        val signingKey: String? by project
-        val signingPassword: String? by project
+        val signingKey: String? = findProperty("signingKey") as String?
+        val signingPassword: String? = findProperty("signingPassword") as String?
         useInMemoryPgpKeys(signingKey, signingPassword)
         sign(publishing.publications)
     } else {
         // Use signing properties in ~/.gradle/gradle.properties
         sign(publishing.publications)
     }
 }
-*/
 
 nexusPublishing {
     repositories {
