From 366ae2229d9415edc4900409010e5035f9fd29d8 Mon Sep 17 00:00:00 2001 From: Simon Templer Date: Fri, 20 Oct 2023 15:05:23 +0200 Subject: [PATCH] ci: attempt to use in-memory key for signing --- .github/workflows/check.yml | 3 +++ .github/workflows/publish.yml | 29 +++++++++++++++++++---------- build.gradle | 6 ++++++ 3 files changed, 28 insertions(+), 10 deletions(-) diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 75c9538..8bc6741 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -21,6 +21,9 @@ jobs: uses: gradle/gradle-build-action@v2 - name: Build and test with Gradle + env: + # CI marker + CI: 'true' run: ./gradlew clean check # https://github.com/marketplace/actions/junit-report-action diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 7d4e636..77b9ff0 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -21,21 +21,30 @@ jobs: - name: Setup Gradle uses: gradle/gradle-build-action@v2 - - id: install-secret-key - name: Install gpg secret key - run: | - # Install gpg secret key - cat <(echo -e "${{ secrets.SONATYE_PGP_PRIVATE_KEY }}") | gpg --batch --import - # Verify gpg secret key - gpg --list-secret-keys --keyid-format LONG + # - id: install-secret-key + # name: Install gpg secret key + # run: | + # # Install gpg secret key + # cat <(echo -e "${{ secrets.SONATYE_PGP_PRIVATE_KEY }}") | gpg --batch --import + # # Verify gpg secret key + # gpg --list-secret-keys --keyid-format LONG - name: Build and publish with Gradle env: + # CI marker + CI: 'true' + ORG_GRADLE_PROJECT_sonatypeUsername: ${{ secrets.SONATYPE_USERNAME }} ORG_GRADLE_PROJECT_sonatypePassword: ${{ secrets.SONATYPE_PASSWORD }} - ORG_GRADLE_PROJECT_signing.password: ${{ secrets.SONATYE_PGP_PASSWORD }} - ORG_GRADLE_PROJECT_signing.keyId: ${{ secrets.SONATYE_PGP_KEY_ID }} - ORG_GRADLE_PROJECT_signing.secretKeyRingFile: /home/runner/.gnupg/secring.gpg + + # keyring file (did not get this to work) + # ORG_GRADLE_PROJECT_signing.password: ${{ secrets.SONATYE_PGP_PASSWORD }} + # ORG_GRADLE_PROJECT_signing.keyId: ${{ secrets.SONATYE_PGP_KEY_ID }} + # ORG_GRADLE_PROJECT_signing.secretKeyRingFile: /home/runner/.gnupg/secring.gpg + + # in-memory key + ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.SONATYE_PGP_PASSWORD }} + ORG_GRADLE_PROJECT_signingKey: ${{ secrets.SONATYE_PGP_PRIVATE_KEY }} run: ./gradlew clean check publishToSonatype # TODO what about publishing releases? # see https://github.com/gradle-nexus/publish-plugin#publishing-and-closing-in-different-gradle-invocations diff --git a/build.gradle b/build.gradle index 89a4895..1211f30 100644 --- a/build.gradle +++ b/build.gradle @@ -112,5 +112,11 @@ publishing { // sign all artifacts signing { + if ("true".equals(System.getenv("CI"))) { + def signingKey = findProperty("signingKey") + def signingPassword = findProperty("signingPassword") + useInMemoryPgpKeys(signingKey, signingPassword) + } + sign publishing.publications.mavenJava }