Update publish.yml to decode GPG key from base64 and set as multiline environment variable

robercoding · robercoding · commit cd450db6a43a · 2025-07-31T16:40:40.000+02:00
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -70,13 +70,19 @@ jobs:
       - name: Validate Gradle Wrapper
         uses: gradle/actions/wrapper-validation@v3
 
-      # This assumes the GPG key is stored as a base64-encoded string in the secret
+          # Decode the base64 encoded GPG key from secrets and save to temporary file
+          # Start multiline environment variable for GitHub Actions
+          # Add the decoded GPG key content to the environment variable
+          # End the multiline environment variable
+          # Clean up temporary file for security
       - name: Set up GPG key
         env:
           GPG_KEY_CONTENTS: ${{ secrets.GPG_KEY_CONTENTS }}
         run: |
-          echo "$GPG_KEY_CONTENTS" | base64 -d > /tmp/gpg_key.asc 
-          echo "ORG_GRADLE_PROJECT_signingInMemoryKey=$(cat /tmp/gpg_key.asc)" >> $GITHUB_ENV
+          echo "$GPG_KEY_CONTENTS" | base64 -d > /tmp/gpg_key.asc
+          echo "ORG_GRADLE_PROJECT_signingInMemoryKey<<EOF" >> $GITHUB_ENV
+          cat /tmp/gpg_key.asc >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
           rm /tmp/gpg_key.asc
 
       - name: Cache Gradle and Konan
