fixing keys for publishing on OSSRH

Author: Dpbm

.github/workflows/publish-test-action.yml

@@ -0,0 +1,12 @@
+name: (Test) Publish packages Setup
+on:
+    push:
+        branches:
+            - 'test-actions'
+jobs:
+    publish:
+        uses: ./.github/workflows/publish.yml
+        secrets:
+            GPG_KEY: ${{ secrets.GPG_KEY }}
+            GPG_PASSWORD: ${{ secrets.GPG_PASSWORD }}
+            GPG_KEYID: ${{ secrets.GPG_KEYID }}

.github/workflows/publish.yml

@@ -0,0 +1,60 @@
+name: (Reusable Workflow) Publish packages
+on:
+    workflow_call:
+        inputs:
+            env:
+                type: string
+                description: 'Set as production to publish your artifacts'
+                default: 'test'
+        secrets:
+            GPG_KEY:
+                description: 'Your private GPG KEY'
+                required: true
+            GPG_PASSWORD:
+                description: 'Your GPG KEY passphrase'
+                required: true
+            GPG_KEYID:
+                description: 'Your GPG KEY last 8 digits'
+                required: true
+            OSSRH_USERNAME:
+                description: 'Your Maven Central Key Username'
+                required: true
+            OSSRH_PASSWORD:
+                description: 'Your Maven Central Key password'
+                required: true
+env:
+    GPG_DIR: ~/.gnupg
+    GPG_SECRING_FILE_PATH: $GPG_DIR/secring.gpg
+
+jobs:
+    publish:
+        runs-on: ubuntu-24.04
+
+        steps:
+            - uses: actions/checkout@v4
+
+            - uses: actions/setup-java@v4
+              with:
+                  java-version: '21'
+                  distribution: 'temurin'
+
+            - name: setup key
+              run: |
+                  chmod +x ./ci-utils/setup-gpg.sh
+                  ./ci-utils/setup-gpg.sh
+              env:
+                  GPG_KEY: ${{ secrets.GPG_KEY }}
+                  GPG_PASSWORD: ${{ secrets.GPG_PASSWORD }}
+
+            - uses: gradle/actions/setup-gradle@v3
+
+            - name: Publish
+              if: ${{ inputs.env == 'production' }}
+              run: |
+                  export GPG_KEY=$(cat $GPG_SECRING_FILE_PATH)
+                  ./gradlew publish --info --stacktrace
+              env:
+                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+                  GITHUB_ACTOR: ${{ github.actor }}
+                  OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+                  GPG_KEY_PASSWORD: ${{ secrets.GPG_PASSWORD }}

.github/workflows/release-publish.yml

@@ -16,25 +16,17 @@ jobs:
               uses: ncipollo/release-action@v1
 
     publish:
-        runs-on: ubuntu-24.04
         needs: release
-
         permissions:
             contents: read
             packages: write
 
-        steps:
-            - uses: actions/checkout@v4
-
-            - uses: actions/setup-java@v4
-              with:
-                  java-version: '21'
-                  distribution: 'temurin'
-
-            - uses: gradle/actions/setup-gradle@v3
-
-            - name: Publish
-              run: ./gradlew publish --info --stacktrace
-              env:
-                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-                  GITHUB_ACTOR: ${{ github.actor }}
+        uses: ./.github/workflows/publish.yml
+        secrets:
+            GPG_KEY: ${{ secrets.GPG_KEY }}
+            GPG_PASSWORD: ${{ secrets.GPG_PASSWORD }}
+            GPG_KEYID: ${{ secrets.GPG_KEYID }}
+            OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+            OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
+        with:
+            env: 'production'

build.gradle.kts

@@ -2,13 +2,14 @@ plugins {
     kotlin("jvm") version "2.0.21"
     `java-library`
     `maven-publish`
+    `signing`
 }
 
-group = "org.quantum"
+group = "io.github.dpbm"
 version = "1.0"
 
 repositories {
-    mavenCentral()
+    mavenCentral()  
 }
 
 java {
@@ -84,17 +85,22 @@ publishing {
             }
         }
 
-        /*maven{
+        maven{
             name = "OSSRH"
             url = uri("https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/")
             credentials {
                 username = System.getenv("OSSRH_USERNAME")
                 password = System.getenv("OSSRH_PASSWORD")
             }
-        }*/
+        }
     }
 }
 
+signing{
+    useInMemoryPgpKeys(System.getenv("GPG_KEY"), System.getenv("GPG_KEY_PASSWORD"))
+    sign(publishing.publications["mavenJava"])
+}
+
 
 tasks.javadoc {
     if (JavaVersion.current().isJava9Compatible) {

build_key.py

@@ -0,0 +1,25 @@
+import sys
+
+def get_key_string(key:str) -> str:
+    key_str = ''
+    with open(key, 'r') as file:
+        lines = file.readlines()
+        total_lines = len(lines)
+
+        for i,line in enumerate(lines):
+            replace_char = '' if i == total_lines - 1 else '\\n'
+            key_str += line.replace('\n', replace_char)
+
+    return key_str
+
+
+if __name__ == '__main__':
+    if(len(sys.argv) != 2):
+        print("Invalid Usage!")
+        print("Usage: python3 build_key.py PATH_TO_YOUR_GPG_KEY")
+        sys.exit(1)
+
+    key = sys.argv[-1]
+
+    print("Your Parsed Key")
+    print(get_key_string(key))

ci-utils/setup-gpg.sh

@@ -11,10 +11,11 @@ RESET_COLOR='\033[0m'
 GREEN='\033[0;32m'
 
 
-GPG_DIR="$HOME/.gnupg"
+# GPG_DIR="$HOME/.gnupg" is set on the workflow
+# GPG_SECRING_FILE_PATH="$GPG_DIR/secring.gpg" is set on the workflow
+
 GPG_CONF_PATH="$GPG_DIR/gpg.conf"
 GPG_CONF_AGENT_PATH="$GPG_DIR/gpg-agent.conf"
-GPG_SECRING_FILE_PATH="$GPG_DIR/secring.gpg"
 
 echo -e "$GREEN installing dependencies...$RESET_COLOR"
 sudo apt-get update && sudo apt-get install -y gnupg
@@ -45,4 +46,4 @@ echo -e "$GREEN import private key...$RESET_COLOR"
 cat <(echo -e "$GPG_KEY") | gpg --batch --import
 
 echo -e "$GREEN export private key to path...$RESET_COLOR"
-gpg --batch --pinentry-mode=loopback --yes --passphrase "$GPG_PASSWORD" --export-secret-keys --output $GPG_SECRING_FILE_PATH
+gpg --batch --pinentry-mode=loopback --yes --passphrase "$GPG_PASSWORD" --export-secret-keys --armor --output $GPG_SECRING_FILE_PATH