Update signing configuration

testng-team · May 18, 2023 · c7e289b · c7e289b
1 parent afc97a1
commit c7e289b
Show file tree

Hide file tree

Showing 5 changed files with 37 additions and 20 deletions.
diff --git a/.github/workflows/publish-maven-central.yml b/.github/workflows/publish-maven-central.yml
@@ -26,18 +26,19 @@ jobs:
     - name: Gradle wrapper validation
       uses: gradle/[email protected]
 
-    # Runs a single command using the runners shell
-    - name: Install gpg secret key
-      run: |
-        cat <(echo -e "${{ secrets.GPG_PRIVATE_KEY }}") | gpg --batch --import
-        gpg --export-secret-keys >$HOME/.gnupg/secring.gpg
-        gpg --list-secret-keys --keyid-format LONG
-        ls -l $HOME/.gnupg
-
     # FIXME Check https://github.com/allure-framework/allure2/blob/430255d8cf5c236ed29bc0df0b72dcd9389c3df9/.github/workflows/release.yaml
     - name: Publish Release Candidate
+      env:
+        ORG_GRADLE_PROJECT_ghGitSourceUsername: ${{ github.actor }}
+        ORG_GRADLE_PROJECT_ghGitSourcePassword: ${{ secrets.GITHUB_TOKEN }}
+        ORG_GRADLE_PROJECT_ghNexusUsername: ${{ secrets.NEXUS_USERNAME }}
+        ORG_GRADLE_PROJECT_ghNexusPassword: ${{ secrets.NEXUS_PASSWORD }}
+        ORG_GRADLE_PROJECT_signingKeyId: ${{ secrets.GPG_KEY_ID }}
+        ORG_GRADLE_PROJECT_signingKey: ${{ secrets.GPG_PRIVATE_KEY }}
+        ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.GPG_PASSPHRASE }}
+        ORG_GRADLE_PROJECT_rc: ${{ github.event.inputs.release_candidate }}
       run: |
-        ./gradlew -PghGitSourceUsername=cbeust -PghGitSourcePassword=${{ secrets.GITHUB_TOKEN }} -PghDryRun -PghNexusUsername=${{ secrets.NEXUS_USERNAME }} -PghNexusPassword=${{ secrets.NEXUS_PASSWORD }} -Psigning.secretKeyRingFile=$HOME/.gnupg/secring.gpg -Psigning.password=${{ secrets.GPG_PASSPHRASE }} -Psigning.keyId=${{ secrets.GPG_KEY_ID }} -Prc=${{ github.event.inputs.release_candidate }} prepareVote
+        ./gradlew -PghDryRun prepareVote
 
     - name: Display next step
       run: |

diff --git a/.github/workflows/release-maven-central.yml b/.github/workflows/release-maven-central.yml
@@ -31,20 +31,21 @@ jobs:
     - name: Gradle wrapper validation
       uses: gradle/[email protected]
 
-    # Runs a single command using the runners shell
-    - name: Install gpg secret key
-      run: |
-        cat <(echo -e "${{ secrets.GPG_PRIVATE_KEY }}") | gpg --batch --import
-        gpg --export-secret-keys >$HOME/.gnupg/secring.gpg
-        gpg --list-secret-keys --keyid-format LONG
-        ls -l $HOME/.gnupg
-
     - name: Create Nexus.txt with staging repository details
       run: |
          mkdir -p build/stagingRepositories
          echo -n ${{ github.event.inputs.staging_repository_id }} > build/stagingRepositories/nexus.txt
 
     # FIXME Check https://github.com/allure-framework/allure2/blob/430255d8cf5c236ed29bc0df0b72dcd9389c3df9/.github/workflows/release.yaml
     - name: Publish Release Candidate
+      env:
+        ORG_GRADLE_PROJECT_ghGitSourceUsername: ${{ github.actor }}
+        ORG_GRADLE_PROJECT_ghGitSourcePassword: ${{ secrets.GITHUB_TOKEN }}
+        ORG_GRADLE_PROJECT_ghNexusUsername: ${{ secrets.NEXUS_USERNAME }}
+        ORG_GRADLE_PROJECT_ghNexusPassword: ${{ secrets.NEXUS_PASSWORD }}
+        ORG_GRADLE_PROJECT_signingKeyId: ${{ secrets.GPG_KEY_ID }}
+        ORG_GRADLE_PROJECT_signingKey: ${{ secrets.GPG_PRIVATE_KEY }}
+        ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.GPG_PASSPHRASE }}
+        ORG_GRADLE_PROJECT_rc: ${{ github.event.inputs.release_candidate }}
       run: |
-        ./gradlew -PghGitSourceUsername=cbeust -PghGitSourcePassword=${{ secrets.GITHUB_TOKEN }} -PghDryRun -PghNexusUsername=${{ secrets.NEXUS_USERNAME }} -PghNexusPassword=${{ secrets.NEXUS_PASSWORD }} -Psigning.secretKeyRingFile=$HOME/.gnupg/secring.gpg -Psigning.password=${{ secrets.GPG_PASSPHRASE }} -Psigning.keyId=${{ secrets.GPG_KEY_ID }} -Prc=${{ github.event.inputs.release_candidate }} publishDist
+        ./gradlew -PghDryRun publishDist
diff --git a/build-logic/publishing/src/main/kotlin/testng.maven-publish.gradle.kts b/build-logic/publishing/src/main/kotlin/testng.maven-publish.gradle.kts
@@ -1,6 +1,7 @@
 plugins {
     `maven-publish`
     id("testng.local-maven-repo")
+    id("testng.signing")
 }
 
 // It takes value from root project always: https://github.com/gradle/gradle/issues/13302

diff --git a/build-logic/publishing/src/main/kotlin/testng.signing.gradle.kts b/build-logic/publishing/src/main/kotlin/testng.signing.gradle.kts
@@ -0,0 +1,14 @@
+import org.gradle.kotlin.dsl.signing
+
+plugins {
+    signing
+}
+
+plugins.withId("signing") {
+    configure<SigningExtension> {
+        val signingKeyId: String? by project
+        val signingKey: String? by project
+        val signingPassword: String? by project
+        useInMemoryPgpKeys(signingKeyId, signingKey, signingPassword)
+    }
+}
diff --git a/gradle.properties b/gradle.properties
@@ -15,9 +15,9 @@ project.vendor.name=TestNG
 project.vendor.id=org.testng
 
 # For now this URL is used only in POM references, and release tags are pused
-scm.url=https\://github.com/cbeust/testng.git
+scm.url=https\://github.com/testng-team/testng.git
 
 # In most cases it is the same as the project group
 nexus.profile=org.testng
-github.organization=cbeust
+github.organization=testng-team
 github.repository=testng