Update publish.yml to set up GPG key from base64-encoded secret and remove in-memory key configuration

robercoding · robercoding · commit 16faa4a6baf3 · 2025-07-31T16:31:24.000+02:00
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -57,7 +57,6 @@ jobs:
       ORG_GRADLE_PROJECT_mavenCentralUsername: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
       ORG_GRADLE_PROJECT_mavenCentralPassword: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}
       # GPG signing configuration
-      ORG_GRADLE_PROJECT_signingInMemoryKey: ${{ secrets.GPG_KEY_CONTENTS }}
       ORG_GRADLE_PROJECT_signingInMemoryKeyId: ${{ secrets.SIGNING_KEY_ID }}
       ORG_GRADLE_PROJECT_signingInMemoryKeyPassword: ${{ secrets.SIGNING_PASSWORD }}
 
@@ -71,6 +70,15 @@ jobs:
       - name: Validate Gradle Wrapper
         uses: gradle/actions/wrapper-validation@v3
 
+      # This assumes the GPG key is stored as a base64-encoded string in the secret
+      - name: Set up GPG key
+        env:
+          GPG_KEY_CONTENTS: ${{ secrets.GPG_KEY_CONTENTS }}
+        run: |
+          echo "$GPG_KEY_CONTENTS" | base64 -d > /tmp/gpg_key.asc 
+          echo "ORG_GRADLE_PROJECT_signingInMemoryKey=$(cat /tmp/gpg_key.asc)" >> $GITHUB_ENV
+          rm /tmp/gpg_key.asc
+
       - name: Cache Gradle and Konan
         uses: actions/cache@v4
         with:
