octoleo/plantuml
1
0
Fork 0
mirror of https://github.com/octoleo/plantuml.git synced 2024-12-22 10:59:01 +00:00
Code Issues Releases Wiki Activity

use gradle in-memory asci-armored keys to sign artifacts

Browse Source 
on the commadn line this allows as before:
  gradle -q signMavenPublication signPdfJar -Psigning.gnupg.keyName=... - -Psigning.gnupg.passphrase=...

on github this allows to put the key and password into environment variables:
  ORG_GRADLE_PROJECT_signingKey: ${{ secrets.ARTIFACT_SIGNING_KEY }}
  ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.ARTIFACT_SIGNING_PASSPHRASE }}
  gradle -q signMavenPublication signPdfJar
This commit is contained in:
soloturn 2022-02-14 12:04:03 +01:00
parent 92e955ef03
commit 18e6c41bfb
2 changed files with 11 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.github/workflows/ci-gradle.yml vendored
View File

@ -119,28 +119,13 @@ jobs:
generateMetadataFileForMavenPublication generatePomFileForMavenPublication \ generateMetadataFileForMavenPublication generatePomFileForMavenPublication \
-x test -x test
- name: Setup gpg
if: env.ARTIFACT_SIGNING_KEY
id: gpg
env:
ARTIFACT_SIGNING_KEY: ${{ secrets.ARTIFACT_SIGNING_KEY }}
run: |
echo "Importing key ..."
echo "${ARTIFACT_SIGNING_KEY}" | gpg --batch --import --import-options import-show
echo "Getting key id ..."
key_id="$(echo "${ARTIFACT_SIGNING_KEY}" | gpg --batch --show-keys --with-colons | awk -F: '$1 == "sec" { print $5 }')"
echo "::set-output name=key_id::${key_id}"
- name: Sign artifacts - name: Sign artifacts
if: env.GPG_KEYNAME if: env.ORG_GRADLE_PROJECT_signingKey
env: env:
GPG_KEYNAME: ${{ steps.gpg.outputs.key_id }} ORG_GRADLE_PROJECT_signingKey: ${{ secrets.ARTIFACT_SIGNING_KEY }}
GPG_PASSPHRASE: ${{ secrets.ARTIFACT_SIGNING_PASSPHRASE }} ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.ARTIFACT_SIGNING_PASSPHRASE }}
run: | run: |
gradle -q signMavenPublication signPdfJar \ gradle -q signMavenPublication signPdfJar
"-Psigning.gnupg.keyName=${GPG_KEYNAME}" \
"-Psigning.gnupg.passphrase=${GPG_PASSPHRASE}"
- name: Upload artifacts - name: Upload artifacts
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v2

8
build.gradle.kts
View File

@ -122,8 +122,14 @@ val pdfJar by tasks.registering(Jar::class) {
} }
signing { signing {
if (hasProperty("signing.gnupg.passphrase")) { if (hasProperty("signing.gnupg.keyName") && hasProperty("signing.gnupg.passphrase")) {
useGpgCmd() useGpgCmd()
} else if (hasProperty("signingKey") && hasProperty("signingPassword")) {
val signingKey: String? by project
val signingPassword: String? by project
useInMemoryPgpKeys(signingKey, signingPassword)
}
if (hasProperty("signing.gnupg.passphrase") || hasProperty("signingPassword")) {
sign(publishing.publications["maven"]) sign(publishing.publications["maven"])
sign(closureOf<SignOperation> { sign(pdfJar.get()) }) sign(closureOf<SignOperation> { sign(pdfJar.get()) })
} }