Enhance GPG configuration with more debugging and direct trust setting #6
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish to Maven Central | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| branches: | |
| - 'feature/release-1' | |
| jobs: | |
| publish: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK 8 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '8' | |
| distribution: 'temurin' | |
| cache: 'maven' | |
| - name: Setup GPG | |
| run: | | |
| echo "Setting up GPG..." | |
| mkdir -p ~/.gnupg | |
| chmod 700 ~/.gnupg | |
| # Import private key | |
| echo "${{ secrets.GPG_PRIVATE_KEY }}" > private.key | |
| echo "Importing GPG key..." | |
| gpg --batch --import private.key | |
| rm private.key | |
| # Configure GPG | |
| echo "Configuring GPG..." | |
| cat > ~/.gnupg/gpg.conf << EOF | |
| default-key ${{ secrets.GPG_KEYNAME }} | |
| use-agent | |
| pinentry-mode loopback | |
| trust-model always | |
| debug-level guru | |
| verbose | |
| EOF | |
| cat > ~/.gnupg/gpg-agent.conf << EOF | |
| allow-loopback-pinentry | |
| default-cache-ttl 600 | |
| max-cache-ttl 7200 | |
| debug-level guru | |
| verbose | |
| EOF | |
| # Set trust level directly | |
| echo "Setting trust level..." | |
| gpg --batch --yes --trust-model always --import-ownertrust < <(echo "${{ secrets.GPG_KEYNAME }}:6:") | |
| # Restart GPG agent | |
| echo "Restarting GPG agent..." | |
| gpgconf --kill gpg-agent | |
| gpg-agent --daemon | |
| # Debug information | |
| echo "=== GPG Configuration ===" | |
| cat ~/.gnupg/gpg.conf | |
| echo "=== GPG Agent Configuration ===" | |
| cat ~/.gnupg/gpg-agent.conf | |
| echo "=== GPG Keys ===" | |
| gpg --list-secret-keys --keyid-format LONG | |
| gpg --list-keys --keyid-format LONG | |
| echo "=== GPG Version ===" | |
| gpg --version | |
| echo "=== GPG Directories ===" | |
| gpgconf --list-dirs | |
| echo "=== GPG Trust ===" | |
| gpg --list-ownertrust | |
| echo "=== GPG Agent Status ===" | |
| gpgconf --list-dirs agent-socket | |
| gpg-agent --version | |
| - name: Build and Publish | |
| env: | |
| OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME_TOKEN }} | |
| OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD_TOKEN }} | |
| GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
| run: | | |
| echo "Starting Maven build and deploy..." | |
| mvn clean deploy -P release \ | |
| -Dmaven.javadoc.skip=false \ | |
| -Dmaven.deploy.skip=false \ | |
| -Dgpg.passphrase=${{ secrets.GPG_PASSPHRASE }} \ | |
| -Dgpg.executable=gpg \ | |
| -Dgpg.keyname=${{ secrets.GPG_KEYNAME }} \ | |
| -Dgpg.useagent=true \ | |
| -Dmaven.test.failure.ignore=false \ | |
| -X \ | |
| -e \ | |
| --debug \ | |
| -Dgpg.verbose=true \ | |
| -Dgpg.debug=true | |
| echo "Checking deployment status..." | |
| mvn nexus-staging:rc-list | |
| echo "Closing staging repository..." | |
| mvn nexus-staging:rc-close | |
| echo "Releasing to Maven Central..." | |
| mvn nexus-staging:rc-release |