Use non-interactive GPG trust mode #4
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish to Maven Central | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| branches: | |
| - 'feature/release-1' | |
| jobs: | |
| publish: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK 8 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '8' | |
| distribution: 'temurin' | |
| cache: 'maven' | |
| - name: Setup GPG | |
| run: | | |
| echo "Setting up GPG..." | |
| mkdir -p ~/.gnupg | |
| chmod 700 ~/.gnupg | |
| # Import private key | |
| echo "${{ secrets.GPG_PRIVATE_KEY }}" > private.key | |
| gpg --batch --import private.key | |
| rm private.key | |
| # Configure GPG | |
| cat > ~/.gnupg/gpg.conf << EOF | |
| default-key ${{ secrets.GPG_KEYNAME }} | |
| use-agent | |
| pinentry-mode loopback | |
| EOF | |
| cat > ~/.gnupg/gpg-agent.conf << EOF | |
| allow-loopback-pinentry | |
| default-cache-ttl 600 | |
| max-cache-ttl 7200 | |
| EOF | |
| # Trust the key (non-interactive) | |
| gpg --batch --yes --trust-model always --edit-key ${{ secrets.GPG_KEYNAME }} trust quit | |
| # Restart GPG agent | |
| gpgconf --kill gpg-agent | |
| gpg-agent --daemon | |
| # Debug information | |
| echo "=== GPG Configuration ===" | |
| cat ~/.gnupg/gpg.conf | |
| echo "=== GPG Agent Configuration ===" | |
| cat ~/.gnupg/gpg-agent.conf | |
| echo "=== GPG Keys ===" | |
| gpg --list-secret-keys --keyid-format LONG | |
| gpg --list-keys --keyid-format LONG | |
| echo "=== GPG Version ===" | |
| gpg --version | |
| echo "=== GPG Directories ===" | |
| gpgconf --list-dirs | |
| - name: Build and Publish | |
| env: | |
| OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME_TOKEN }} | |
| OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD_TOKEN }} | |
| GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
| run: | | |
| echo "Starting Maven build and deploy..." | |
| mvn clean deploy -P release \ | |
| -Dmaven.javadoc.skip=false \ | |
| -Dmaven.deploy.skip=false \ | |
| -Dgpg.passphrase=${{ secrets.GPG_PASSPHRASE }} \ | |
| -Dgpg.executable=gpg \ | |
| -Dgpg.keyname=${{ secrets.GPG_KEYNAME }} \ | |
| -Dgpg.useagent=true \ | |
| -Dmaven.test.failure.ignore=false \ | |
| -X \ | |
| -e \ | |
| --debug \ | |
| -Dgpg.verbose=true \ | |
| -Dgpg.debug=true | |
| echo "Checking deployment status..." | |
| mvn nexus-staging:rc-list | |
| echo "Closing staging repository..." | |
| mvn nexus-staging:rc-close | |
| echo "Releasing to Maven Central..." | |
| mvn nexus-staging:rc-release |