From 5622632074ab3c296544b9bbd22f2c47c273a4ac Mon Sep 17 00:00:00 2001
From: Bruno Ziswiler <bruno.ziswiler@ergon.ch>
Date: Fri, 20 Sep 2024 12:32:07 +0200
Subject: [PATCH] Add signing and local publication.

---
 build.gradle.kts                    | 22 ++++++++++++++++++++++
 scripts/require-command.sh          | 19 +++++++++++++++++++
 scripts/sign-and-publish-locally.sh | 29 +++++++++++++++++++++++++++++
 3 files changed, 70 insertions(+)
 create mode 100755 scripts/require-command.sh
 create mode 100755 scripts/sign-and-publish-locally.sh

diff --git a/build.gradle.kts b/build.gradle.kts
index 874615a..2d7d8af 100644
--- a/build.gradle.kts
+++ b/build.gradle.kts
@@ -5,6 +5,8 @@ plugins {
 	alias(libs.plugins.detekt)
 	alias(libs.plugins.kotlin.jvm)
 	alias(libs.plugins.spotless)
+	`maven-publish`
+	signing
 }
 
 group = "ch.ergon.todochecker"
@@ -51,6 +53,26 @@ spotless {
 		ktlint()
 	}
 }
+publishing {
+	publications {
+		create<MavenPublication>("gradle-plugin") {
+			from(components["java"])
+		}
+		repositories {
+			maven {
+				name = "local"
+				url = uri(layout.buildDirectory.dir("local-repo"))
+			}
+		}
+	}
+}
+
+signing {
+	val signingKey: String? by project
+	val signingPassword: String? by project
+	useInMemoryPgpKeys(signingKey, signingPassword)
+	sign(publishing.publications["gradle-plugin"])
+}
 
 tasks.register("resolveAndLockAll") {
 	doFirst {
diff --git a/scripts/require-command.sh b/scripts/require-command.sh
new file mode 100755
index 0000000..621aeab
--- /dev/null
+++ b/scripts/require-command.sh
@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+
+set -o errexit
+set -o pipefail
+set -o nounset
+
+command="${1}"
+RESOLVED_COMMAND=""
+
+
+if hash "${command}" 2>/dev/null; then
+  RESOLVED_COMMAND=$(command -v "${command}")
+else
+  (echo >&2 "ERROR: ${1} is not installed.")
+  (echo >&2 "Make sure ${1} is installed and on your PATH.")
+  exit 1
+fi
+
+echo "${RESOLVED_COMMAND}"
diff --git a/scripts/sign-and-publish-locally.sh b/scripts/sign-and-publish-locally.sh
new file mode 100755
index 0000000..90b05f9
--- /dev/null
+++ b/scripts/sign-and-publish-locally.sh
@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+
+# exit on error
+set -e
+# exit on undefined variables
+set -u
+# return the command that was the reason behind the failure
+set -o pipefail
+
+SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &> /dev/null && pwd)
+REQUIRE_COMMAND="${SCRIPT_DIR}/require-command.sh"
+GRADLE="${SCRIPT_DIR}/../gradlew"
+
+OP_CMD=$("${REQUIRE_COMMAND}" op)
+SIGNING_KEY=$(${OP_CMD} read --account ergon.1password.eu "op://CoP CD/Gradle Todo Checker PlugIn Signing Keys/Signing Keys/private key")
+SIGNING_KEY_PASSWORD=$(${OP_CMD} read --no-newline --account ergon.1password.eu "op://CoP CD/Gradle Todo Checker PlugIn Signing Keys/password")
+
+ORG_GRADLE_PROJECT_signingKey="${SIGNING_KEY}"
+ORG_GRADLE_PROJECT_signingPassword="${SIGNING_KEY_PASSWORD}"
+export ORG_GRADLE_PROJECT_signingKey
+export ORG_GRADLE_PROJECT_signingPassword
+
+"${GRADLE}" clean sign
+"${GRADLE}" clean publishTodoCheckerPluginPublicationToLocalRepository
+
+unset SIGNING_KEY
+unset ORG_GRADLE_PROJECT_signingKey
+unset SIGNING_KEY_PASSWORD
+unset ORG_GRADLE_PROJECT_signingPassword