Skip to content

ci: add GPG setup for signing #3

ci: add GPG setup for signing

ci: add GPG setup for signing #3

name: "Deploy Release Artifact"
on:
workflow_dispatch:
push:
tags:
- "v[0-9]+.[0-9]+.[0-9]+-?*"
defaults:
run:
shell: bash
env:
LC_ALL: C.UTF-8
GRADLE_CACHE_USERNAME: ${{ secrets.GRADLE_PUBLISH_KEY }}
GRADLE_CACHE_PASSWORD: ${{ secrets.GRADLE_PUBLISH_SECRET }}
jobs:
plugin-portal-release:
name: Release Gradle Plugin Portal
# runs-on: network-node-linux-medium
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
- name: Setup Java
uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0
with:
distribution: temurin
java-version: 17.0.12
- name: Setup Gradle
uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808 # v4.1.0
- name: Install GnuPG Tools
run: |
if ! command -v gpg2 >/dev/null 2>&1; then
echo "::group::Updating APT Repository Indices"
sudo apt update
echo "::endgroup::"
echo "::group::Installing GnuPG Tools"
sudo apt install -y gnupg2
echo "::endgroup::"
fi
- name: Import GPG key
id: gpg_key
uses: step-security/ghaction-import-gpg@6c8fe4d0126a59d57c21f87c9ae5dd3451fa3cca # v6.1.0
with:
gpg_private_key: ${{ secrets.GPG_KEY_CONTENTS }}
passphrase: ${{ secrets.GPG_KEY_PASSPHRASE }}
git_config_global: true
git_user_signingkey: true
git_commit_gpgsign: true
git_tag_gpgsign: true
- name: Gradle Plugin Portal Release
env:
GRADLE_PUBLISH_KEY: ${{ secrets.GRADLE_PUBLISH_KEY }}
GRADLE_PUBLISH_SECRET: ${{ secrets.GRADLE_PUBLISH_SECRET }}
run: ./gradlew publishPlugins -PpublishSigningEnabled=true --no-configuration-cache --scan