# maven-build Action for building and validating Maven projects. ## Inputs | Input | Required | Default | Description | |-------|----------|---------|-------------| | `java-version` | No | `25` | Java version to set up for the build | | `maven-version` | No | `3.9.15` | Maven version to set up for the build | | `distribution` | No | `temurin` | JDK distribution to use | | `phase` | No | `verify` | Build phase to execute: `verify` runs code-quality checks; `deploy` builds and pushes a Docker image | | `verify-goals` | No | `spotless:check checkstyle:check test` | Space-separated Maven goals to run during the verify phase | | `maven-profile` | No | `test` | Maven profile to activate during deploy | | `service-dir` | No | `.` | Working directory for the Maven build | | `maven-settings` | **Yes** | — | Secret containing the `settings.xml` content used for repository authentication | | `extra-args` | No | `""` | Additional Maven arguments appended to the build command | ## Outputs | Output | Description | |--------|-------------| | `image-tag` | The Docker image tag used during the deploy phase | ## Usage ### Verify (code quality + tests) ```yaml - uses: https://schmalz-git.git.onstackit.cloud/schmalz/shared-actions/maven-build@maven-build-v1 with: maven-settings: ${{ secrets.MAVEN_SETTINGS }} ``` ### Deploy (build and push Docker image) ```yaml - uses: https://schmalz-git.git.onstackit.cloud/schmalz/shared-actions/maven-build@maven-build-v1 with: phase: deploy maven-profile: prod maven-settings: ${{ secrets.MAVEN_SETTINGS }} ``` ### Multi-module project ```yaml - uses: https://schmalz-git.git.onstackit.cloud/schmalz/shared-actions/maven-build@maven-build-v1 with: service-dir: my-service maven-settings: ${{ secrets.MAVEN_SETTINGS }} ``` ## Notes - The `maven-settings` input is written to a temporary file (`/tmp/maven-settings.xml`) and removed after the build, even on failure. - During the `deploy` phase, the image tag is generated as `-` and exposed via the `image-tag` output. - Third-party actions used internally are pinned to exact commit SHAs to prevent supply chain attacks.