From 4946df8ba20dfe8f79bb0dab618cdf15b4e1f4ad Mon Sep 17 00:00:00 2001
From: Zdenek Jonas <z.jonas@microstream.one>
Date: Tue, 11 Mar 2025 13:33:18 +0100
Subject: [PATCH 1/6] Refactor GPG key import command in
 maven_deploy_snapshot_dev.yml

---
 .github/workflows/maven_deploy_snapshot_dev.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/maven_deploy_snapshot_dev.yml b/.github/workflows/maven_deploy_snapshot_dev.yml
index 20e35d48..a133b307 100644
--- a/.github/workflows/maven_deploy_snapshot_dev.yml
+++ b/.github/workflows/maven_deploy_snapshot_dev.yml
@@ -17,7 +17,7 @@ jobs:
       - id: install-secret-key
         name: Install gpg secret key
         run: |
-          cat <(echo -e "${{ secrets.ORG_GPG_PRIVATE_KEY }}") | gpg --batch --import
+          echo "${{ secrets.ORG_GPG_PRIVATE_KEY }}" | gpg --batch --import
           gpg --list-secret-keys --keyid-format LONG
       - uses: actions/checkout@v3
       - name: Set up Java for publishing to Maven Central Snapshot Repository

From 8e5fb43c38dbf4b5d27d48e0e7ed2d53f6b3e075 Mon Sep 17 00:00:00 2001
From: Zdenek Jonas <z.jonas@microstream.one>
Date: Tue, 11 Mar 2025 13:35:39 +0100
Subject: [PATCH 2/6] Update GPG passphrase handling in
 maven_deploy_snapshot_dev.yml

---
 .github/workflows/maven_deploy_snapshot_dev.yml | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/maven_deploy_snapshot_dev.yml b/.github/workflows/maven_deploy_snapshot_dev.yml
index a133b307..1c892f0f 100644
--- a/.github/workflows/maven_deploy_snapshot_dev.yml
+++ b/.github/workflows/maven_deploy_snapshot_dev.yml
@@ -29,7 +29,7 @@ jobs:
           server-id: ossrh
           server-username: MAVEN_USERNAME
           server-password: MAVEN_PASSWORD
-          gpg-passphrase: PASSPHRASE
+          gpg-passphrase: ${{ secrets.ORG_GPG_PASSPHRASE }}
       - name: Prepare suffix
         run: |
           function prepareSuffix() {
@@ -57,7 +57,6 @@ jobs:
         env:
           MAVEN_USERNAME: ${{ secrets.ORG_OSSRH_USERNAME }}
           MAVEN_PASSWORD: ${{ secrets.ORG_OSSRH_PASSWORD }}
-          PASSPHRASE: ${{ secrets.ORG_GPG_PASSPHRASE }}
 
         #java 17 build
       - uses: actions/checkout@v3
@@ -70,7 +69,7 @@ jobs:
           server-id: ossrh
           server-username: MAVEN_USERNAME
           server-password: MAVEN_PASSWORD
-          gpg-passphrase: PASSPHRASE
+          gpg-passphrase: ${{ secrets.ORG_GPG_PASSPHRASE }}
       - name: Prepare suffix
         run: |
           function prepareSuffix() {
@@ -102,4 +101,3 @@ jobs:
         env:
           MAVEN_USERNAME: ${{ secrets.ORG_OSSRH_USERNAME }}
           MAVEN_PASSWORD: ${{ secrets.ORG_OSSRH_PASSWORD }}
-          PASSPHRASE: ${{ secrets.ORG_GPG_PASSPHRASE }}

From f7d1efb779f19e52ed7fff4c0a5f26ad3a344358 Mon Sep 17 00:00:00 2001
From: Zdenek Jonas <z.jonas@microstream.one>
Date: Tue, 11 Mar 2025 13:37:18 +0100
Subject: [PATCH 3/6] Revert "Update GPG passphrase handling in
 maven_deploy_snapshot_dev.yml"

This reverts commit 8e5fb43c38dbf4b5d27d48e0e7ed2d53f6b3e075.
---
 .github/workflows/maven_deploy_snapshot_dev.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/maven_deploy_snapshot_dev.yml b/.github/workflows/maven_deploy_snapshot_dev.yml
index 1c892f0f..a133b307 100644
--- a/.github/workflows/maven_deploy_snapshot_dev.yml
+++ b/.github/workflows/maven_deploy_snapshot_dev.yml
@@ -29,7 +29,7 @@ jobs:
           server-id: ossrh
           server-username: MAVEN_USERNAME
           server-password: MAVEN_PASSWORD
-          gpg-passphrase: ${{ secrets.ORG_GPG_PASSPHRASE }}
+          gpg-passphrase: PASSPHRASE
       - name: Prepare suffix
         run: |
           function prepareSuffix() {
@@ -57,6 +57,7 @@ jobs:
         env:
           MAVEN_USERNAME: ${{ secrets.ORG_OSSRH_USERNAME }}
           MAVEN_PASSWORD: ${{ secrets.ORG_OSSRH_PASSWORD }}
+          PASSPHRASE: ${{ secrets.ORG_GPG_PASSPHRASE }}
 
         #java 17 build
       - uses: actions/checkout@v3
@@ -69,7 +70,7 @@ jobs:
           server-id: ossrh
           server-username: MAVEN_USERNAME
           server-password: MAVEN_PASSWORD
-          gpg-passphrase: ${{ secrets.ORG_GPG_PASSPHRASE }}
+          gpg-passphrase: PASSPHRASE
       - name: Prepare suffix
         run: |
           function prepareSuffix() {
@@ -101,3 +102,4 @@ jobs:
         env:
           MAVEN_USERNAME: ${{ secrets.ORG_OSSRH_USERNAME }}
           MAVEN_PASSWORD: ${{ secrets.ORG_OSSRH_PASSWORD }}
+          PASSPHRASE: ${{ secrets.ORG_GPG_PASSPHRASE }}

From f68636bde8c75f75ddbac86ff314ebc3d0c6f168 Mon Sep 17 00:00:00 2001
From: Zdenek Jonas <z.jonas@microstream.one>
Date: Tue, 11 Mar 2025 13:42:15 +0100
Subject: [PATCH 4/6] try to use variable only

---
 .github/workflows/maven_deploy_snapshot_dev.yml | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/maven_deploy_snapshot_dev.yml b/.github/workflows/maven_deploy_snapshot_dev.yml
index a133b307..7de6ec0f 100644
--- a/.github/workflows/maven_deploy_snapshot_dev.yml
+++ b/.github/workflows/maven_deploy_snapshot_dev.yml
@@ -14,11 +14,6 @@ jobs:
     if: github.repository == 'eclipse-serializer/serializer'
     runs-on: ubuntu-latest
     steps:
-      - id: install-secret-key
-        name: Install gpg secret key
-        run: |
-          echo "${{ secrets.ORG_GPG_PRIVATE_KEY }}" | gpg --batch --import
-          gpg --list-secret-keys --keyid-format LONG
       - uses: actions/checkout@v3
       - name: Set up Java for publishing to Maven Central Snapshot Repository
         uses: actions/setup-java@v3
@@ -29,7 +24,6 @@ jobs:
           server-id: ossrh
           server-username: MAVEN_USERNAME
           server-password: MAVEN_PASSWORD
-          gpg-passphrase: PASSPHRASE
       - name: Prepare suffix
         run: |
           function prepareSuffix() {
@@ -57,7 +51,8 @@ jobs:
         env:
           MAVEN_USERNAME: ${{ secrets.ORG_OSSRH_USERNAME }}
           MAVEN_PASSWORD: ${{ secrets.ORG_OSSRH_PASSWORD }}
-          PASSPHRASE: ${{ secrets.ORG_GPG_PASSPHRASE }}
+          MAVEN_GPG_PASSPHRASE: ${{ secrets.ORG_GPG_PASSPHRASE }}
+          MAVEN_GPG_KEY: ${{ secrets.ORG_GPG_PRIVATE_KEY }}
 
         #java 17 build
       - uses: actions/checkout@v3
@@ -70,7 +65,6 @@ jobs:
           server-id: ossrh
           server-username: MAVEN_USERNAME
           server-password: MAVEN_PASSWORD
-          gpg-passphrase: PASSPHRASE
       - name: Prepare suffix
         run: |
           function prepareSuffix() {
@@ -102,4 +96,5 @@ jobs:
         env:
           MAVEN_USERNAME: ${{ secrets.ORG_OSSRH_USERNAME }}
           MAVEN_PASSWORD: ${{ secrets.ORG_OSSRH_PASSWORD }}
-          PASSPHRASE: ${{ secrets.ORG_GPG_PASSPHRASE }}
+          MAVEN_GPG_PASSPHRASE: ${{ secrets.ORG_GPG_PASSPHRASE }}
+          MAVEN_GPG_KEY: ${{ secrets.ORG_GPG_PRIVATE_KEY }}

From 1fe5459bf35f6a149b15d4c2c1c65e24716b4786 Mon Sep 17 00:00:00 2001
From: Zdenek Jonas <z.jonas@microstream.one>
Date: Tue, 11 Mar 2025 13:44:55 +0100
Subject: [PATCH 5/6] Add signer configuration for GPG in pom.xml

---
 pom.xml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pom.xml b/pom.xml
index 9fff0674..04ea73cf 100644
--- a/pom.xml
+++ b/pom.xml
@@ -252,6 +252,7 @@
 							<arg>--pinentry-mode</arg>
 							<arg>loopback</arg>
 						</gpgArguments>
+						<signer>bc</signer>
 					</configuration>
 				</plugin>
 				<plugin>

From 8392eaf0923d3fd3626a6f9521f0743a1e562c08 Mon Sep 17 00:00:00 2001
From: Zdenek Jonas <z.jonas@microstream.one>
Date: Tue, 11 Mar 2025 13:59:24 +0100
Subject: [PATCH 6/6] Refactor GPG key handling in maven_deploy_snapshot.yml

---
 .github/workflows/maven_deploy_snapshot.yml | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/maven_deploy_snapshot.yml b/.github/workflows/maven_deploy_snapshot.yml
index fc61bfeb..c434d404 100644
--- a/.github/workflows/maven_deploy_snapshot.yml
+++ b/.github/workflows/maven_deploy_snapshot.yml
@@ -14,11 +14,6 @@ jobs:
     if: github.repository == 'eclipse-serializer/serializer'
     runs-on: ubuntu-latest
     steps:
-      - id: install-secret-key
-        name: Install gpg secret key
-        run: |
-          cat <(echo -e "${{ secrets.ORG_GPG_PRIVATE_KEY }}") | gpg --batch --import
-          gpg --list-secret-keys --keyid-format LONG
       - uses: actions/checkout@v3
       - name: Set up Java for publishing to Maven Central Snapshot Repository
         uses: actions/setup-java@v3
@@ -29,13 +24,13 @@ jobs:
           server-id: ossrh
           server-username: MAVEN_USERNAME
           server-password: MAVEN_PASSWORD
-          gpg-passphrase: PASSPHRASE
       - name: Make a snapshot
         run: mvn -Pdeploy --no-transfer-progress --batch-mode clean deploy
         env:
           MAVEN_USERNAME: ${{ secrets.ORG_OSSRH_USERNAME }}
           MAVEN_PASSWORD: ${{ secrets.ORG_OSSRH_PASSWORD }}
-          PASSPHRASE: ${{ secrets.ORG_GPG_PASSPHRASE }}
+          MAVEN_GPG_PASSPHRASE: ${{ secrets.ORG_GPG_PASSPHRASE }}
+          MAVEN_GPG_KEY: ${{ secrets.ORG_GPG_PRIVATE_KEY }}
 
       #java 17 build
       - uses: actions/checkout@v3
@@ -48,7 +43,6 @@ jobs:
           server-id: ossrh
           server-username: MAVEN_USERNAME
           server-password: MAVEN_PASSWORD
-          gpg-passphrase: PASSPHRASE
       - name: Build with java 17
         run: |
           mvn -pl persistence/binary-jdk17 clean install -am -B
@@ -58,4 +52,6 @@ jobs:
         env:
           MAVEN_USERNAME: ${{ secrets.ORG_OSSRH_USERNAME }}
           MAVEN_PASSWORD: ${{ secrets.ORG_OSSRH_PASSWORD }}
-          PASSPHRASE: ${{ secrets.ORG_GPG_PASSPHRASE }}
+          MAVEN_GPG_PASSPHRASE: ${{ secrets.ORG_GPG_PASSPHRASE }}
+          MAVEN_GPG_KEY: ${{ secrets.ORG_GPG_PRIVATE_KEY }}
+