You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@logging.apache.org by vy...@apache.org on 2023/01/03 11:50:41 UTC

[logging-log4j-tools] branch master updated: INFRA-23996 Sign artifacts

This is an automated email from the ASF dual-hosted git repository.

vy pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/logging-log4j-tools.git


The following commit(s) were added to refs/heads/master by this push:
     new 974c4b1  INFRA-23996 Sign artifacts
974c4b1 is described below

commit 974c4b1020cc2103291a7f056863ec790dec4745
Author: Volkan Yazıcı <vo...@yazi.ci>
AuthorDate: Tue Jan 3 12:51:25 2023 +0100

    INFRA-23996 Sign artifacts
---
 .github/workflows/build.yml          | 14 ++++++--------
 .github/workflows/maven-settings.xml |  5 +++++
 2 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 218adb8..4bff19a 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -118,14 +118,13 @@ jobs:
           architecture: x64
           cache: maven
 
-      - name: Import GPG private key (RELEASE)
-        if: startsWith(github.ref, 'refs/heads/release/')
+      - name: Import GPG secret key
         run: |
-          echo -n "$GPG_PKEY" \
-          | base64 --decode \
+          echo -n "$GPG_SECRET_KEY" \
           | gpg -v --batch --import --yes --pinentry-mode error
+          gpg --list-secret-keys
         env:
-          GPG_PKEY: ${{ secrets.GPG_PKEY }}
+          $GPG_SECRET_KEY: ${{ secrets.$GPG_SECRET_KEY }}
 
       - name: Export artifact version
         run: |
@@ -168,18 +167,17 @@ jobs:
           }
 
       - name: Deploy
-        if: github.ref == 'refs/heads/master'
         # `package install:install deploy:deploy` goal is needed to deploy without configuring the plugin in the POM.
         # For details see: https://maven.apache.org/plugins/maven-gpg-plugin/examples/deploy-signed-artifacts.html
+        # `package` is necessary before `gpg:sign` too.
         run: |
           ./mvnw \
             --show-version --batch-mode --errors --no-transfer-progress \
-            -Dgpg.skip=true \
             -DskipTests=true \
             -DinstallAtEnd=true \
             -DdeployAtEnd=true \
             --settings .github/workflows/maven-settings.xml \
-            package install:install deploy:deploy
+            package gpg:sign install:install deploy:deploy
         env:
           NEXUS_USER: ${{ secrets.NEXUS_USER }}
           NEXUS_PW: ${{ secrets.NEXUS_PW }}
diff --git a/.github/workflows/maven-settings.xml b/.github/workflows/maven-settings.xml
index 3584392..33a7f8f 100644
--- a/.github/workflows/maven-settings.xml
+++ b/.github/workflows/maven-settings.xml
@@ -19,6 +19,11 @@
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.1.0 http://maven.apache.org/xsd/settings-1.1.0.xsd">
   <servers>
+    <server>
+      <id>apache.releases.https</id>
+      <username>${env.NEXUS_USER}</username>
+      <password>${env.NEXUS_PW}</password>
+    </server>
     <server>
       <id>apache.snapshots.https</id>
       <username>${env.NEXUS_USER}</username>