Skip to content

Commit

Permalink
ci: attempt to use in-memory key for signing
Browse files Browse the repository at this point in the history
  • Loading branch information
stempler committed Oct 20, 2023
1 parent b8dd1db commit 366ae22
Show file tree
Hide file tree
Showing 3 changed files with 28 additions and 10 deletions.
3 changes: 3 additions & 0 deletions .github/workflows/check.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,9 @@ jobs:
uses: gradle/gradle-build-action@v2

- name: Build and test with Gradle
env:
# CI marker
CI: 'true'
run: ./gradlew clean check

# https://github.com/marketplace/actions/junit-report-action
Expand Down
29 changes: 19 additions & 10 deletions .github/workflows/publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,21 +21,30 @@ jobs:
- name: Setup Gradle
uses: gradle/gradle-build-action@v2

- id: install-secret-key
name: Install gpg secret key
run: |
# Install gpg secret key
cat <(echo -e "${{ secrets.SONATYE_PGP_PRIVATE_KEY }}") | gpg --batch --import
# Verify gpg secret key
gpg --list-secret-keys --keyid-format LONG
# - id: install-secret-key
# name: Install gpg secret key
# run: |
# # Install gpg secret key
# cat <(echo -e "${{ secrets.SONATYE_PGP_PRIVATE_KEY }}") | gpg --batch --import
# # Verify gpg secret key
# gpg --list-secret-keys --keyid-format LONG

- name: Build and publish with Gradle
env:
# CI marker
CI: 'true'

ORG_GRADLE_PROJECT_sonatypeUsername: ${{ secrets.SONATYPE_USERNAME }}
ORG_GRADLE_PROJECT_sonatypePassword: ${{ secrets.SONATYPE_PASSWORD }}
ORG_GRADLE_PROJECT_signing.password: ${{ secrets.SONATYE_PGP_PASSWORD }}
ORG_GRADLE_PROJECT_signing.keyId: ${{ secrets.SONATYE_PGP_KEY_ID }}
ORG_GRADLE_PROJECT_signing.secretKeyRingFile: /home/runner/.gnupg/secring.gpg

# keyring file (did not get this to work)
# ORG_GRADLE_PROJECT_signing.password: ${{ secrets.SONATYE_PGP_PASSWORD }}
# ORG_GRADLE_PROJECT_signing.keyId: ${{ secrets.SONATYE_PGP_KEY_ID }}
# ORG_GRADLE_PROJECT_signing.secretKeyRingFile: /home/runner/.gnupg/secring.gpg

# in-memory key
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.SONATYE_PGP_PASSWORD }}
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.SONATYE_PGP_PRIVATE_KEY }}
run: ./gradlew clean check publishToSonatype
# TODO what about publishing releases?
# see https://github.com/gradle-nexus/publish-plugin#publishing-and-closing-in-different-gradle-invocations
Expand Down
6 changes: 6 additions & 0 deletions build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -112,5 +112,11 @@ publishing {

// sign all artifacts
signing {
if ("true".equals(System.getenv("CI"))) {
def signingKey = findProperty("signingKey")
def signingPassword = findProperty("signingPassword")
useInMemoryPgpKeys(signingKey, signingPassword)
}

sign publishing.publications.mavenJava
}

0 comments on commit 366ae22

Please sign in to comment.