name: Publish snapshots to maven

on:
  push:
    branches:
      - main
      - '2.x'

jobs:
  build-and-publish-snapshots:
    runs-on: ubuntu-latest
    permissions:
      id-token: write
      contents: write
    steps:
      - uses: actions/checkout@v4
      - name: Set up JDK 21
        uses: actions/setup-java@v4
        with:
          java-version: '21'
          distribution: 'temurin'
          cache: 'gradle'
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          role-to-assume: ${{ secrets.PUBLISH_SNAPSHOTS_ROLE }}
          aws-region: us-east-1
      - name: publish snapshots to maven
        run: |
          export SONATYPE_USERNAME=$(aws secretsmanager get-secret-value --secret-id maven-snapshots-username --query SecretString --output text)
          export SONATYPE_PASSWORD=$(aws secretsmanager get-secret-value --secret-id maven-snapshots-password --query SecretString --output text)
          echo "::add-mask::$SONATYPE_USERNAME"
          echo "::add-mask::$SONATYPE_PASSWORD"
          ./gradlew --no-daemon publishPublishMavenPublicationToSnapshotsRepository