Merge pull request #66 from OneSignal/user-api-updates

ci: decode gpg sign file

Author: sherwinski

.github/workflows/publish-maven-central.yml

@@ -14,6 +14,9 @@ jobs:
   publish:
     runs-on: ubuntu-latest
 
+    env:
+      GPG_FILE_NAME: onesignal_sdk_gpg_subkeys.gpg
+
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -49,14 +52,24 @@ jobs:
       - name: Run tests
         run: ./gradlew test
 
+      - name: Decode GPG file from secret
+        run: |
+          echo "${{ secrets.SIGNING_SECRET_KEY_RING_FILE }}" | base64 -d > "$GPG_FILE_NAME"
+          echo "GPG_FILE_PATH=$(pwd)/$GPG_FILE_NAME" >> $GITHUB_ENV
+
+      - name: Verify GPG file
+        run: |
+          ls -lh "$GPG_FILE_PATH"
+          gpg --list-packets "$GPG_FILE_PATH" || echo "Invalid key file!"
+
       - name: Publish to Maven Central
         run: |
           ./gradlew publishToMavenCentral --no-configuration-cache \
             -PmavenCentralUsername="${{ secrets.MAVEN_CENTRAL_USERNAME }}" \
             -PmavenCentralPassword="${{ secrets.MAVEN_CENTRAL_PASSWORD }}" \
             -Psigning.keyId="${{ secrets.SIGNING_KEY_ID }}" \
             -Psigning.password="${{ secrets.SIGNING_PASSWORD }}" \
-            -Psigning.secretKeyRingFile="${{ secrets.SIGNING_SECRET_KEY_RING_FILE }}"
+            -Psigning.secretKeyRingFile="$GPG_FILE_PATH"
 
       - name: Upload build artifacts
         uses: actions/upload-artifact@v4