Publish to Maven Central using GitHub Actions

[tumbarumba]

As per the title, I'm creating an issue to track the work of automatically publishing Hamcrest through GitHub actions. There was already much discussion on #405, but this deserves its own issue. @olibye is assigned, but if I (@tumbarumba) can work out what to do, I can probably help too.

We may be able to copy parts of the jMock release workflow (see https://github.com/jmock-developers/jmock-library/blob/master/.github/workflows/release.yml), though jMock uses Maven, so is probably not directly transferable to a Gradle project

[tumbarumba]

@olibye, you said in the #405 thread:

I need to be given permissions/credentials to the publishing account. Or have some security token that GitHub actions can use.

I published 3.0-rc1 using my own personal credentials. I'm not keen on adding those directly to GitHub. Perhaps we should look at setting up some sort of service account? How does jMock handle that issue?

[tumbarumba]

After spending weeks tracking down all the bits and pieces I had to do to be able to publish, I wrote down everything I did and put it in the repo, here: https://github.com/hamcrest/JavaHamcrest/blob/master/RELEASING.md

[olibye]

So, you can create a publishing token, which is separate to your username and password.

Then you can add that as a GitHub secret to the hamcrest GitHub repo and I'll copy and tweak the jmock GitHub actions for hamcrest.

[olibye]

https://central.sonatype.org/publish/generate-token/

[olibye]

https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository

[tumbarumba]

I'll try and look at this over the weekend.

I've also created #419 as a way of improving this workflow. Instead of commiting an updated version to the build every time, the version is derived from git tags. I've used this style in some other python projects I've been working on, but I haven't really seen it used in Java projects.

What do folks think of that approach?

[jglick]

add that as a GitHub secret

Unfortunately AFAICT there is no other option for now despite https://github.com/sigstore/sigstore-java/tree/main/sigstore-maven-plugin (discussion).