DEV Community

Cover image for GitHub Actions and Maven releases
Nicolas Frankel
Nicolas Frankel

Posted on • Originally published at

GitHub Actions and Maven releases

I like GitLab a lot. Yet, there's no denying that GitHub has become the de facto standard to host Open Source projects. With GitHub Actions, it's now possible to implement entire Continuous Integration pipelines without leaving GitHub.

In this post, I'd like to highlight how to release Maven artifacts using GitHub Actions.

Maven prerequisites

Before creating the CI pipeline - and running it, it's necessary to configure the underlying Maven project.

A quick Maven primer

Maven is a large subject, that deserves more than this post can cover. But to understand the rest of this post, here are the most important parts.

Maven references projects by a triplet of unique coordinates composed of:

  1. A group ID
  2. An artifact ID
  3. A version

For example, the sample project's coordinates are:

Enter fullscreen mode Exit fullscreen mode

The output of a project is an artifact e.g. a JAR.

You can append the version of a project with -SNAPSHOT. A snapshot version is under development; a non-snapshot one, a regular release.

Some projects provide milestones, and/or release candidates before the final release. In that case, Maven doesn't natively offer a naming scheme for that. For example, the Spring framework append .Mx, .RCx, and .RELEASE to the version: they are not considered snapshots.

Release management

The Maven Release plugin manages the release process. It provides two complementary goals, prepare and perform. They do the following:


  1. Change the version in the POM from x-SNAPSHOT to a new version
  2. Transform the SCM information in the POM to include the final destination of the tag
  3. Commit the modified POM
  4. Tag the code in the SCM with a version name
  5. Bump the version in the POM to a new value y-SNAPSHOT
  6. Commit the modified POM


  1. Checkout from an SCM URL with optional tag
  2. Run the predefined Maven deploy goal

For the required SCM information, the Maven POM offers a dedicated section to configure it. With our sample, it looks like:

Enter fullscreen mode Exit fullscreen mode


The above snippet allows for different protocols: git, http, https, ssh, or even file. Authenticating with the git protocol requires a SSH key. In the context of a CI pipeline, this is not desirable.

Thus, the above configuration snippet needs to use the http protocol. This requires credentials in the form of a user/password pair. Maven decouples project-specific data, from data shared across projects, such as security-related data. The POM is responsible for the former, while the $HOME/.m2/settings.xml file holds the latter. Each credentials pair requires a unique identifier.

      <id>github</id>                     <!-- 1 -->
Enter fullscreen mode Exit fullscreen mode
  1. Unique identifier

To configure a Maven project to use a specific server, add a property with the key and the server's id as the value.

  <>github</>  <!-- 1 -->
Enter fullscreen mode Exit fullscreen mode
  1. The project will use the github server configured un the settings file

Distribution management

Maven authors designed Maven around a plugin architecture. By itself, Maven just provides a build lifecycle, with a set of build phases. The Maven engine calls each phase in order; the cycle cannot advance to a later phase without having run through earlier phases. For example, phases in the build lifecycle include compile, test, integration-test, package and deploy. test cannot run without first running compile.

You can bind plugin goals to a specific phase. By default, Maven binds a couple of goals. For example, the package phase binds the maven-jar-plugin:jar goal. Running mvn package will execute all goals bounds to all phases in order, up until package.

Calling the release:perform goal launches a Maven fork that runs the deploy phase. By default, Maven binds the deploy:deploy goal of the Maven Deploy plugin to deploy. This implies Maven has run goals bound to the package phase before. For this reason, the build artifact is available when deploy starts. Deploying means that Maven will push the artifact to a registry that needs to be explicitly configured.

In the context of this project, the artifact is a JAR, and the registry, GitHub. This translates into the following configuration snippet:

    <url></url>  <!-- 1 -->
Enter fullscreen mode Exit fullscreen mode
  1. The root of GitHub registry is at

The Maven command

The build should execute both the release:prepare and release:perform goals.

By default, release:prepare is interactive: the plugin asks for the release version, as well as for the new snapshot version. For an automated build, this is not possible.

It's possible to run Maven in batch mode by using the command-line -B flag. In that case, the plugin automatically infers both release and snapshot versions.

The command becomes:

mvn -B release:prepare release:perform
Enter fullscreen mode Exit fullscreen mode

The Maven wrapper

The final preparation step is to become fully independent of the Maven version.

In the future, the specific Maven version used to build the project might not be available anymore. Versions that are available at that time might not be compatible with it. For this reason, a Maven plugin provides a wrapper. A wrapper self-executable JAR that can kickstart a specific version of the mvn tool regardless of the environment. To create such a wrapper is straightforward:

mvn -N io.takari:maven:wrapper
Enter fullscreen mode Exit fullscreen mode

This creates a couple of files, including a .mvn folder, inside the project. You need to add all those files in the SCM.

From this point on, instead of using the mvn command, you should use the mvnw script located at the root of the project. The build doesn't require a local Maven installation anymore.

Building on GitHub

Now that we configured the POM, it's time to integrate Maven in the GitHub build.

The idea is to have two branches: master and release. Every time a commit happens on the release branch, GitHub should create a new release and a new deployment. At a later time, a manual step can then rebase/merge the master and release branches.

Remember that the release:prepare goal actually creates a tag. As an alternative, it's possible to configure Maven to reverse the default flow, so that it triggers the build on a tag, and then pushes to a branch.

GitHub Actions introduction

Existing CI tools make use of a configuration file stored at the root of the repository:

Tool File
Jenkins Jenkinsfile
GitLab .gitlab-ci.yml
Travis CI .travis.yml

GitHub Actions follows a similar approach, with two important differences:

  1. The project can make use of more than one build file - known as a workflow
  2. They must be located in a $PROJECT_ROOT/.github/workflows folder

Build steps

The first step is obviously to checkout the repo:

- name: Checkout project
  uses: actions/checkout@v2
Enter fullscreen mode Exit fullscreen mode

The next step is to install a JDK:

- name: Setup Java JDK
  uses: actions/setup-java@v1.4.2
    java-version: 14                    # 1
    server-id: github                   # 2
Enter fullscreen mode Exit fullscreen mode
  1. Install Java 14
  2. Create a Maven settings.xml file, and a server configured with the following value:
    • id: github
    • username: user that launches the build
    • password: $GITHUB_TOKEN

I lost quite some time trying to find an action that creates the settings.xml file. The setup-java action is actually the simplest way to achieve that. Just remember that it does more than configure just Java.

Because release:prepare actually commit, it's necessary to configure the user and email to use:

- name: Configure Git user
  run: |
    git config ""
    git config "GitHub Actions"
Enter fullscreen mode Exit fullscreen mode

The last step is actually the most straightforward.
Just run the Maven command from above.

- name: Publish JAR
  run: ./mvnw -B release:prepare release:perform
    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}     #1
Enter fullscreen mode Exit fullscreen mode
  1. release:prepare uses the credentials found in the settings.xml file, but GitHub Actions makes deploy:deploy use the GITHUB_TOKEN environment variable value.


When the master branch is ready for a release, just push it to the release branch:

git push origin master:release
Enter fullscreen mode Exit fullscreen mode

This triggers the workflow.

Screenshot of the log of a job well-done

The successful run of the workflow has created a release, a tag, and a deployment:

Screenshot proving that the build created the release, the tag, and the deployment

The final Git graph looks like this:

Screenshot of the final Git graph


Managing Maven releases with GitHub Actions is not trivial. Yet, it requires just a bit of experience to make it work. It's my hope that this post can help Maven users leverage the full power of GitHub Actions by providing this experience.

To go further:

Originally published at A Java Geek on August 30th, 2020

Top comments (0)