Skip to content

Commit 7fe16b7

Browse files
committed
chore: Fix GPG setup
1 parent 84b8fe7 commit 7fe16b7

File tree

2 files changed

+124
-115
lines changed

2 files changed

+124
-115
lines changed

.github/workflows/release.yml

Lines changed: 120 additions & 114 deletions
Original file line numberDiff line numberDiff line change
@@ -1,131 +1,137 @@
11
name: Create release # You may choose a different name
22
run-name: ${{ inputs.releaseversion }} # Enumerates entries in the "workflow runs" view
33
on:
4-
workflow_dispatch:
5-
inputs:
6-
releaseversion:
7-
description: "Release version"
8-
required: true
9-
type: string
10-
default: "X.Y.Z"
4+
workflow_dispatch:
5+
inputs:
6+
releaseversion:
7+
description: "Release version"
8+
required: true
9+
type: string
10+
default: "X.Y.Z"
1111

1212
jobs:
13-
release: # Arbitrarily chosen
14-
name: Release
15-
runs-on: ubuntu-latest
16-
permissions:
17-
contents: write
18-
packages: write
19-
attestations: write
20-
id-token: write
21-
steps:
13+
release: # Arbitrarily chosen
14+
name: Release
15+
runs-on: ubuntu-latest
16+
permissions:
17+
contents: write
18+
packages: write
19+
attestations: write
20+
id-token: write
21+
steps:
2222

23-
- uses: actions/create-github-app-token@v1
24-
id: app-token
25-
with:
26-
app-id: ${{ vars.CI_APP_ID }}
27-
private-key: ${{ secrets.CI_PRIVATE_KEY }}
23+
- uses: actions/create-github-app-token@v1
24+
id: app-token
25+
with:
26+
app-id: ${{ vars.CI_APP_ID }}
27+
private-key: ${{ secrets.CI_PRIVATE_KEY }}
2828

29-
- name: Checkout
30-
uses: actions/checkout@v4
31-
with:
32-
fetch-depth: 0
33-
token: ${{ steps.app-token.outputs.token }}
34-
ref: ${{ github.head_ref }}
29+
- name: Checkout
30+
uses: actions/checkout@v4
31+
with:
32+
fetch-depth: 0
33+
token: ${{ steps.app-token.outputs.token }}
34+
ref: ${{ github.head_ref }}
3535

36-
- name: Get GitHub App User ID
37-
id: get-user-id
38-
run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT"
39-
env:
40-
GH_TOKEN: ${{ steps.app-token.outputs.token }}
36+
- name: Get GitHub App User ID
37+
id: get-user-id
38+
run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT"
39+
env:
40+
GH_TOKEN: ${{ steps.app-token.outputs.token }}
4141

42-
- name: Configure Git author
43-
run: |
44-
git config --global user.name '${{ steps.app-token.outputs.app-slug }}[bot]'
45-
git config --global user.email '${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>'
42+
- name: Configure Git author
43+
run: |
44+
git config --global user.name '${{ steps.app-token.outputs.app-slug }}[bot]'
45+
git config --global user.email '${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>'
4646
47-
- name: Setup NodeJS
48-
uses: actions/setup-node@v4
49-
with:
50-
node-version: "20"
51-
registry-url: "https://registry.npmjs.org"
47+
- name: Setup NodeJS
48+
uses: actions/setup-node@v4
49+
with:
50+
node-version: "20"
51+
registry-url: "https://registry.npmjs.org"
5252

53-
- name: Setup Java
54-
uses: actions/setup-java@v4 # Does also set up Maven and GPG
55-
with:
56-
distribution: "temurin" # As good as any other, see: https://github.com/actions/setup-java#supported-distributions
57-
java-package: "jdk"
58-
java-version: "21"
59-
gpg-private-key: ${{ secrets.OSS_SONATYPE_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
60-
gpg-passphrase: ${{ secrets.OSS_SONATYPE_GPG_PASSPHRASE }} # env variable for GPG private key passphrase
61-
check-latest: true
62-
cache: "maven"
53+
- name: Setup Java
54+
uses: actions/setup-java@v4
55+
with:
56+
distribution: "temurin" # As good as any other, see: https://github.com/actions/setup-java#supported-distributions
57+
java-package: "jdk"
58+
java-version: "21"
59+
check-latest: true
60+
cache: "maven"
6361

64-
- name: Setup settings.xml
65-
uses: s4u/maven-settings-action@v3.0.0
66-
with:
67-
override: true
68-
servers: |
69-
[{
70-
"id": "central",
71-
"username": "${{ secrets.OSS_SONATYPE_USER }}",
72-
"password": "${{ secrets.OSS_SONATYPE_PASS }}"
73-
},{
74-
"id":"github",
75-
"username": "ci-bot",
76-
"password": "${{ secrets.GITHUB_TOKEN }}"
77-
}]
62+
- name: Setup settings.xml
63+
uses: s4u/maven-settings-action@v3.0.0
64+
with:
65+
override: true
66+
servers: |
67+
[{
68+
"id": "central",
69+
"username": "${{ secrets.OSS_SONATYPE_USER }}",
70+
"password": "${{ secrets.OSS_SONATYPE_PASS }}"
71+
},{
72+
"id":"github",
73+
"username": "ci-bot",
74+
"password": "${{ secrets.GITHUB_TOKEN }}"
75+
}]
7876
79-
- name: Create release
80-
env:
81-
GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
82-
run: |
83-
export TZ="Europe/Berlin"
84-
mvn release:prepare release:perform -B -Pcentral-publish -DreleaseVersion=${{ inputs.releaseversion }} -DskipITs=true -Darguments="-DskipTests=true -DskipITs=true"
85-
# write version info
86-
cat <<EOF >target/config.json
87-
{
88-
"version": "${{ inputs.releaseversion }}"
89-
}
90-
EOF
77+
- id: install-secret-key
78+
name: Install gpg secret key
79+
run: |
80+
# Install gpg secret key
81+
cat <(echo -e "${{ secrets.OSS_SONATYPE_GPG_PRIVATE_KEY }}") | gpg --batch --import
82+
# Verify gpg secret key
83+
gpg --list-secret-keys --keyid-format LONG
9184
92-
- name: Conventional Changelog Action
93-
uses: TriPSs/conventional-changelog-action@v5
94-
with:
95-
input-file: CHANGELOG.md
96-
github-token: ${{ secrets.GITHUB_TOKEN }}
97-
version-file: target/config.json
98-
pre-release: true
99-
skip-bump: true
100-
skip-tag: true
101-
skip-on-empty: true
102-
tag-prefix: "v"
85+
- name: Create release
86+
env:
87+
GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
88+
run: |
89+
export TZ="Europe/Berlin"
90+
./mvnw release:prepare release:perform -B -Pcentral-publish -DreleaseVersion=${{ inputs.releaseversion }} -Dgpg.passphrase=${{ secrets.OSS_SONATYPE_GPG_PASSPHRASE }} -DskipITs=true -Darguments="-DskipTests=true -DskipITs=true -Dgpg.passphrase=${{ secrets.OSS_SONATYPE_GPG_PASSPHRASE }}"
91+
# write version info
92+
cat <<EOF >target/config.json
93+
{
94+
"version": "${{ inputs.releaseversion }}"
95+
}
96+
EOF
10397
104-
- name: Create Release on GH
105-
id: tag-and-release
106-
uses: avakar/tag-and-release@v1
107-
with:
108-
draft: true
109-
release_name: ${{ github.event.inputs.releaseversion }}
110-
tag_name: v${{ github.event.inputs.releaseversion }}
111-
env:
112-
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
98+
- name: Conventional Changelog Action
99+
uses: TriPSs/conventional-changelog-action@v5
100+
with:
101+
input-file: CHANGELOG.md
102+
github-token: ${{ steps.app-token.outputs.token }}
103+
version-file: target/config.json
104+
pre-release: true
105+
skip-bump: true
106+
skip-tag: true
107+
skip-on-empty: true
108+
tag-prefix: "v"
113109

114-
- name: Add SPI to github release
115-
uses: actions/upload-release-asset@v1
116-
with:
117-
upload_url: ${{ steps.tag-and-release.outputs.upload_url }}
118-
asset_path: spi/target/keycloak-auditor-spi.jar
119-
asset_name: keycloak-auditor-spi.jar
120-
asset_content_type: application/zip
121-
env:
122-
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
110+
- name: Create Release on GH
111+
id: tag-and-release
112+
uses: avakar/tag-and-release@v1
113+
with:
114+
draft: true
115+
release_name: ${{ github.event.inputs.releaseversion }}
116+
tag_name: v${{ github.event.inputs.releaseversion }}
117+
env:
118+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
123119

124-
- run: cd sdk && npm run clean && npm run build
125-
- name: Publish npm package
126-
run: |
127-
cd sdk
128-
npm version --no-git-tag-version ${{ github.event.inputs.releaseversion }}
129-
npm publish
130-
env:
131-
NODE_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }}
120+
- name: Add SPI to github release
121+
uses: actions/upload-release-asset@v1
122+
with:
123+
upload_url: ${{ steps.tag-and-release.outputs.upload_url }}
124+
asset_path: spi/target/keycloak-auditor-spi.jar
125+
asset_name: keycloak-auditor-spi.jar
126+
asset_content_type: application/zip
127+
env:
128+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
129+
130+
- run: cd sdk && npm run clean && npm run build
131+
- name: Publish npm package
132+
run: |
133+
cd sdk
134+
npm version --no-git-tag-version ${{ github.event.inputs.releaseversion }}
135+
npm publish
136+
env:
137+
NODE_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }}

pom.xml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -380,7 +380,10 @@
380380
<goal>sign</goal>
381381
</goals>
382382
<configuration>
383-
<signer>bc</signer>
383+
<gpgArguments>
384+
<arg>--pinentry-mode</arg>
385+
<arg>loopback</arg>
386+
</gpgArguments>
384387
</configuration>
385388
</execution>
386389
</executions>

0 commit comments

Comments
 (0)