aws · lauzadis · Sep 8, 2025 · Sep 8, 2025 · Sep 8, 2025 · Sep 8, 2025
@@ -19,4 +19,8 @@ runs:
         export JRELEASER_MAVENCENTRAL_TOKEN="foo"
         export JRELEASER_GENERIC_TOKEN="foo"
 
+        export JRELEASER_GPG_PASSPHRASE="foo"
+        export JRELEASER_GPG_PUBLIC_KEY="${{ secrets.DUMMY_GPG_PUBLIC_KEY }}"
+        export JRELEASER_GPG_SECRET_KEY="${{ secrets.DUMMY_GPG_PRIVATE_KEY }}"
+
         ./gradlew jreleaserFullRelease --dryrun --stacktrace
@@ -182,8 +182,7 @@ fun Project.configureNexusPublishing(repoName: String, githubOrganization: Strin
 }
 
 /**
- * Configure publishing for this project. This applies the `maven-publish` and `signing` plugins and configures
- * the publications.
+ * Configure publishing for this project. This applies the `maven-publish` plugin and configures publications.
  * @param repoName the repository name (e.g. `smithy-kotlin`, `aws-sdk-kotlin`, etc)
  * @param githubOrganization the name of the GitHub organization that [repoName] is located in
  */
@@ -236,23 +235,6 @@ fun Project.configurePublishing(repoName: String, githubOrganization: String = "
                 }
             }
         }
-
-        val secretKey = System.getenv(EnvironmentVariables.GPG_SECRET_KEY)
-        val passphrase = System.getenv(EnvironmentVariables.GPG_PASSPHRASE)
-
-        if (!secretKey.isNullOrBlank() && !passphrase.isNullOrBlank()) {
-            apply(plugin = "signing")
-            extensions.configure<SigningExtension> {
-                useInMemoryPgpKeys(secretKey, passphrase)
-                sign(publications)
-            }
-
-            // FIXME - workaround for https://github.com/gradle/gradle/issues/26091
-            val signingTasks = tasks.withType<Sign>()
-            tasks.withType<AbstractPublishToMaven>().configureEach {
-                mustRunAfter(signingTasks)
-            }
-        }
     }
 
     tasks.withType<AbstractPublishToMaven>().configureEach {
@@ -312,6 +294,9 @@ fun Project.configureJReleaser() {
     val requiredVariables = listOf(
         EnvironmentVariables.MAVEN_CENTRAL_USERNAME,
         EnvironmentVariables.MAVEN_CENTRAL_TOKEN,
+        EnvironmentVariables.GPG_PASSPHRASE,
+        EnvironmentVariables.GPG_PUBLIC_KEY,
+        EnvironmentVariables.GPG_SECRET_KEY,
         EnvironmentVariables.GENERIC_TOKEN,
     )
 
@@ -346,6 +331,11 @@ fun Project.configureJReleaser() {
             version = providers.gradleProperty("sdkVersion").get()
         }
 
+        signing {
+            active = Active.ALWAYS
+            armored = true
+        }
+
         // JReleaser requires a releaser to be configured even though we don't use it.
         // https://github.com/jreleaser/jreleaser/discussions/1725#discussioncomment-10674529
         release {
@@ -365,7 +355,6 @@ fun Project.configureJReleaser() {
                 mavenCentral {
                     create("maven-central") {
                         active = Active.ALWAYS // the Maven deployer default is ALWAYS, but MavenCentral is NEVER
-                        sign = false // Signing is done when publishing, see the 'configurePublishing' function
                         url = "https://central.sonatype.com/api/v1/publisher"
                         stagingRepository(rootProject.layout.buildDirectory.dir("m2").get().toString())
                         artifacts {