A gradle plugin for sign publication artifacts. For fast deploy to maven central.
This plugin will not help you configure your remote server location.
PS only help you to sign all your artifacts with GPG
System requirement: gpg installed
plugins {
// Load this plugin first for resolve magic problems
id 'io.github.karlatemp.publication-sign' version '1.3.40'
// other plugins
}In order to avoid strange problems, please let this plugin load first
Important: If you are using Kotlin multiplatform.
Must apply this plugin before org.jetbrains.kotlin.multiplatform
plugins {
id 'io.github.karlatemp.publication-sign'
id 'org.jetbrains.kotlin.multiplatform'
}build.gradle
plugins {
id 'io.github.karlatemp.publication-sign'
}
publicationSign {
setupWorkflow { workflow ->
workflow.fastSetup("keys/key.pub", "keys/key.pri")
}
}
build.gradle.kts
plugins {
id("io.github.karlatemp.publication-sign")
}
configure<io.github.karlatemp.publicationsign.PublicationSignExtension> {
setupWorkflow {
fastSetup("keys/keys.pub", "keys/keys.pri")
}
}- Apply this plugin to root project. Then config
PublicationSignExtension - Subprojects only need apply the plugin. Don't need re-setup
PublicationSignExtension
See key-gen.sh
name: Publish
jobs:
# This workflow contains a single job called "build"
build:
runs-on: ubuntu-latest
env:
WORK_IN_CI: true
steps:
- name: Keys setup
shell: bash
run: |
mkdir keys
echo "$GPG_PUBLIC_" > keys/keys.pub
echo "$GPG_PRIVATE" > keys/keys.pri
env:
GPG_PRIVATE: ${{ secrets.GPG_PRIVATE_KEY }}
GPG_PUBLIC_: ${{ secrets.GPG_PUBLIC_KEY }}
- name: Build
run: ./gradlew build
- name: Publish
run: ./gradlew publish
./gradlew publish/ ./gradlew publishToMavenLocal
Implementation details:
In setupWorkflow { fastSetup() }, arguments that provided to fastSetup(publicKey & privateKey) will be resolved by Project.file().
When both of publicKey and privateKey exists, PS will run in CI mode, otherwise run in user mode.
You need setup a personal GPG key when PS running in user mode.
You can use
gpg --list-secret-keysto find your keys.References:
If you have multiple GPG keys, we recommand you to setup
signing.keyIdingradle.propertiesof your personal gradle data directory (~/.gradle)
signing.keyIdcan be found by executinggpg --list-secret-keys
Sometimes you will receive a GPG command response 2 != 0 error. It caused by GPG's data directory path length limit.
It means you need your project build with a short path on CI.
Actually just need use
setupWorkflow { workingDir = new File("/tmp") }to resolve it
In order to deal with the situation, PS added some options to forcefully override user settings in build.grade
- Check system property
publication-sign.workingDir, force override GPG command working dir if available - Check system environment variable
PUBLICATION_SIGN_WORKING_DIR, same as above - Check system environment variable
NOT_IN_CI, interrupt if true (Continue to use user mode) - Check is CI env
- Check system environment variable
CI, jump to AATD if true - Jump to AAID if system envionment variable
GITHUB_RUN_IDexists - Interrupt if no rule matched (Continue to use user mode)
- Check system environment variable
- Allocate a new temp directory and override user settings (AATD)
- Calculate project sha1 by project directory path
- Use
/tmp/ps_$projectshaif directory creation successed. (Windows) Driver name will be same as working directory of running process - Use
D:/a/psign_$projectshaif running on windows and directory creation successed - Use
/Users/runner/work/p_$projectshaif running on windows and directory creation successed - Use JDK system api to create temp directory
Follow-up content is some content about other aspects.
You may be thinking that even with PS, there are too many things to configure. Here are some secondary encapsulation of PS, which can complete the distribution of the project with less configuration.
- KasukuSakura/maven-center-publish: A GitHub action for fast setup maven central publishing
- Him188/maven-central-publish: (Gradle plugin) Configure publication to Maven Central for Gradle projects with minimal effort.