diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 66f921b..6e8fa72 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -14,8 +14,6 @@ jobs: permissions: contents: read packages: write - id-token: write - attestations: write env: GRADLE_OPTS: -Dorg.gradle.caching=true @@ -30,7 +28,9 @@ jobs: java-version: 21 - uses: gradle/actions/setup-gradle@v4 - name: Release maven artifacts - run: ./gradlew -Pversion=$version publish uploadSignaturesToGitHub + run: ./gradlew -Pversion=$version publish env: ORG_GRADLE_PROJECT_GitHubPackagesUsername: ${{ github.actor }} ORG_GRADLE_PROJECT_GitHubPackagesPassword: ${{ github.token }} + ORG_GRADLE_PROJECT_signingKey: ${{ secrets.SIGNING_PRIVATE_KEY }} + ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.SIGNING_PASSWORD }} diff --git a/gradle.properties b/gradle.properties index 07f3142..513e23f 100644 --- a/gradle.properties +++ b/gradle.properties @@ -4,5 +4,5 @@ org.gradle.parallel=true org.gradle.jvmargs=-Xmx2048m org.gradle.configuration-cache=true org.gradle.configureondemand=true -org.gradle.unsafe.isolated-projects=false +org.gradle.unsafe.isolated-projects=true group=io.github.hfhbd.adventofcode diff --git a/gradle/build-logic/build.gradle.kts b/gradle/build-logic/build.gradle.kts index ad19c6d..375fed2 100644 --- a/gradle/build-logic/build.gradle.kts +++ b/gradle/build-logic/build.gradle.kts @@ -4,9 +4,6 @@ plugins { dependencies { implementation(libs.plugins.kotlin.jvm.dep) - implementation(libs.plugins.sigstore.dep) - implementation(libs.ktor.client.cio) - implementation(libs.ktor.client.logging) } val Provider.dep: Provider get() = map { "${it.pluginId}:${it.pluginId}.gradle.plugin:${it.version}" } diff --git a/gradle/build-logic/settings.gradle.kts b/gradle/build-logic/settings.gradle.kts index fe24033..99a9a62 100644 --- a/gradle/build-logic/settings.gradle.kts +++ b/gradle/build-logic/settings.gradle.kts @@ -2,7 +2,6 @@ dependencyResolutionManagement { repositoriesMode.set(RepositoriesMode.FAIL_ON_PROJECT_REPOS) repositories { mavenCentral() - gradlePluginPortal() } versionCatalogs.register("libs") { from(files("../libs.versions.toml")) diff --git a/gradle/build-logic/src/main/kotlin/UploadSignatures.kt b/gradle/build-logic/src/main/kotlin/UploadSignatures.kt deleted file mode 100644 index 4944553..0000000 --- a/gradle/build-logic/src/main/kotlin/UploadSignatures.kt +++ /dev/null @@ -1,62 +0,0 @@ -import io.ktor.client.* -import io.ktor.client.engine.cio.* -import io.ktor.client.plugins.* -import io.ktor.client.plugins.logging.LogLevel -import io.ktor.client.plugins.logging.Logger -import io.ktor.client.plugins.logging.Logging -import io.ktor.client.request.* -import io.ktor.http.* -import kotlinx.coroutines.runBlocking -import org.gradle.api.DefaultTask -import org.gradle.api.credentials.PasswordCredentials -import org.gradle.api.file.ConfigurableFileCollection -import org.gradle.api.provider.Property -import org.gradle.api.tasks.* -import org.gradle.kotlin.dsl.credentials -import org.gradle.work.DisableCachingByDefault - -@DisableCachingByDefault(because = "Remote operation") -abstract class UploadSignatures : DefaultTask() { - @get:InputFiles - @get:PathSensitive(PathSensitivity.NONE) - abstract val signatures: ConfigurableFileCollection - - @get:Input - abstract val githubApiUrl: Property - - @get:Input - val githubCredentials = project.providers.credentials(PasswordCredentials::class, "GitHubPackages") - - @get:Input - abstract val githubRepository: Property - - - @TaskAction - internal fun uploadSignatures(): Unit = runBlocking { - HttpClient(CIO) { - defaultRequest { - url.takeFrom(githubApiUrl.get()) - accept(ContentType.parse("application/vnd.github+json")) - bearerAuth(githubCredentials.get().password!!) - } - expectSuccess = true - install(Logging) { - logger = object : Logger { - override fun log(message: String) { - this@UploadSignatures.logger.info(message) - } - } - level = LogLevel.ALL - } - }.use { client -> - for (file in signatures) { - client.post( - "/repos/${githubRepository.get()}/attestations" - ) { - //language=json - setBody("""{ "bundle": ${file.readText()} }""") - } - } - } - } -} diff --git a/gradle/build-logic/src/main/kotlin/setup.gradle.kts b/gradle/build-logic/src/main/kotlin/setup.gradle.kts index 76d7537..5a48ca7 100644 --- a/gradle/build-logic/src/main/kotlin/setup.gradle.kts +++ b/gradle/build-logic/src/main/kotlin/setup.gradle.kts @@ -1,10 +1,7 @@ -import dev.sigstore.sign.tasks.SigstoreSignFilesTask - plugins { kotlin("jvm") id("maven-publish") id("signing") - id("dev.sigstore.sign") } kotlin.jvmToolchain(8) @@ -42,21 +39,17 @@ java { withSourcesJar() } +signing { + val signingKey = providers.gradleProperty("signingKey") + if (signingKey.isPresent) { + useInMemoryPgpKeys(signingKey.get(), providers.gradleProperty("signingPassword").get()) + sign(publishing.publications) + } +} + tasks.withType().configureEach { isPreserveFileTimestamps = false isReproducibleFileOrder = true filePermissions {} dirPermissions {} } - -tasks.withType(SigstoreSignFilesTask::class).configureEach { - launcher.set(javaToolchains.launcherFor { - languageVersion.set(JavaLanguageVersion.of(21)) - }) -} - -tasks.register("uploadSignaturesToGitHub", UploadSignatures::class) { - signatures.from(tasks.withType(SigstoreSignFilesTask::class)) - githubApiUrl = providers.environmentVariable("GITHUB_API_URL") - githubRepository = providers.environmentVariable("GITHUB_REPOSITORY") -} diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index f781a70..21cc662 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -1,11 +1,5 @@ [versions] kotlin = "2.1.0-Beta1" -ktor = "2.3.12" - -[libraries] -ktor-client-cio = { module = "io.ktor:ktor-client-cio", version.ref = "ktor" } -ktor-client-logging = { module = "io.ktor:ktor-client-logging", version.ref = "ktor" } [plugins] kotlin-jvm = { id = "org.jetbrains.kotlin.jvm", version.ref = "kotlin" } -sigstore = { id = "dev.sigstore.sign", version = "1.0.0" }