configure maven-gpg-plugin to prevent gpg from using PIN entry programs

brokkoli71 · brokkoli71 · commit c5818cb161ad · 2024-06-24T16:16:37.000+02:00
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -12,11 +12,11 @@ jobs:
       - name: Set up JDK
         uses: actions/setup-java@v3
         with:
-          java-version: '22'
+          java-version: '22' # or 11?
           distribution: 'temurin'
           server-id: ossrh
-          server-username: MAVEN_USERNAME
-          server-password: MAVEN_PASSWORD
+          server-username: ${{secrets.OSSRH_USERNAME}}
+          server-password: ${{secrets.OSSRH_TOKEN}}
 
       - name: Download blosc jar
         run: |
@@ -32,7 +32,8 @@ jobs:
           gpg --list-secret-keys --keyid-format LONG
 
       - name: Publish package
-        run: mvn --batch-mode deploy
+        # when working, add --no-transfer-progress
+        run: mvn --batch-mode -Dgpg.passphrase=${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }} deploy
         env:
           MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
           MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }}
diff --git a/pom.xml b/pom.xml
@@ -113,7 +113,6 @@
         </repository>
     </distributionManagement>
 
-    <!-- Repositories are not recommended (see https://maven.apache.org/repository/guide-central-repository-upload.html#faq-and-common-mistakes)-->
     <repositories>
         <repository>
             <id>unidata-all</id>
@@ -200,6 +199,12 @@
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-gpg-plugin</artifactId>
                 <version>1.6</version>
+                <configuration>
+                    <gpgArguments>
+                        <arg>--pinentry-mode</arg>
+                        <arg>loopback</arg>
+                    </gpgArguments>
+                </configuration>
                 <executions>
                     <execution>
                         <id>sign-artifacts</id>
