Create GitHub workflow to release to Maven Central

purejava · purejava · commit ee46e0d63108 · 2025-01-09T15:25:03.000+01:00
Configure dependabot for Gradle
Update codeql-analysis.yml for Gradle
Create codeql-analysis.init.gradle
diff --git a/.github/workflows/release_to_maven.yml b/.github/workflows/release_to_maven.yml
@@ -21,18 +21,21 @@ jobs:
           java-version: '17'
           distribution: 'temurin'
 
-      - name: Setup Gradle
-        uses: gradle/actions/setup-gradle@v4
-
       - name: Setup GPG key information
         run: |
-          mkdir -p ~/.gnupg
-          echo -n "$GPG_SIGNING_KEY_B64" | base64 --decode > /home/runner/.gnupg/secring.gpg
-          cat /home/runner/.gnupg/secring.gpg
+          echo "signing.gnupg.homeDir=${{ github.workspace }}/.gnupg" >> ~/.gradle/gradle.properties
+          echo "signing.gnupg.keyName=ABC48776" >> ~/.gradle/gradle.properties
+          echo "signing.gnupg.passphrase=${GPG_SIGNING_KEY_PW}" >> ~/.gradle/gradle.properties
         env:
-          GPG_SIGNING_KEY_B64: ${{ secrets.GPG_PRIVATE_KEY_B64 }}
+          GPG_SIGNING_KEY_PW: ${{ secrets.GPG_PASSPHRASE }}
+
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@v4
 
       - name: Publish package
-        run: ./gradlew publishToSonatype closeSonatypeStagingRepository -Psigning.password="${SIGP}"
+        run: ./gradlew publishToSonatype closeSonatypeStagingRepository
         env:
-          SIGP: ${{ secrets.GPG_PASSPHRASE }}
+          SONATYPE_USERNAME: ${{ secrets.NEXUS_USERNAME }}
+          SONATYPE_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
+          GPG_SIGNING_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+          GPG_SIGNING_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
diff --git a/build.gradle b/build.gradle
@@ -64,6 +64,10 @@ publishing {
                     developerConnection = 'scm:git:ssh://github.com/purejava/keepassxc-proxy-access.git'
                     url = 'https://github.com/purejava/keepassxc-proxy-access/tree/main'
                 }
+                issueManagement {
+                    system = 'GitHub Issues'
+                    url = 'https://github.com/purejava/keepassxc-proxy-access/issues'
+                }
             }
         }
     }
@@ -82,6 +86,8 @@ nexusPublishing {
 
 if (!version.toString().endsWith("-SNAPSHOT")) {
     signing {
+        useGpgCmd()
+        sign configurations.runtimeElements
         sign publishing.publications.mavenJava
     }
 }
diff --git a/gradle.properties b/gradle.properties
@@ -5,8 +5,7 @@ org.gradle.configuration-cache=false
 org.gradle.parallel=true
 org.gradle.caching=true
 
-signing.keyId=ABC48776
-signing.secretKeyRingFile=/home/runner/.gnupg/secring.gpg
+signing.gnupg.executable=/usr/local/bin/gpg
+signing.gnupg.homeDir=/Users/ralph/.gnupg
+signing.gnupg.keyName=ABC48776
 
-sonatypeUsername=eKFz9O/f
-sonatypePassword=SrmcuXuWSP5vDWAKVz+DBrlXYBsHnGFGiSUR/4X6EWgw

Original file line number	Diff line number	Diff line change
`@@ -64,6 +64,10 @@ publishing {`
`64`	`64`	`developerConnection = 'scm:git:ssh://github.com/purejava/keepassxc-proxy-access.git'`
`65`	`65`	`url = 'https://github.com/purejava/keepassxc-proxy-access/tree/main'`
`66`	`66`	`}`
	`67`	`+ issueManagement {`
	`68`	`+ system = 'GitHub Issues'`
	`69`	`+ url = 'https://github.com/purejava/keepassxc-proxy-access/issues'`
	`70`	`+ }`
`67`	`71`	`}`
`68`	`72`	`}`
`69`	`73`	`}`
`@@ -82,6 +86,8 @@ nexusPublishing {`
`82`	`86`
`83`	`87`	`if (!version.toString().endsWith("-SNAPSHOT")) {`
`84`	`88`	`signing {`
	`89`	`+ useGpgCmd()`
	`90`	`+ sign configurations.runtimeElements`
`85`	`91`	`sign publishing.publications.mavenJava`
`86`	`92`	`}`
`87`	`93`	`}`