From 6b93ed06479e2dfbe62e16943fadaee2aa8a1a0b Mon Sep 17 00:00:00 2001 From: Andre Weber Date: Tue, 28 Nov 2023 13:02:25 +0100 Subject: [PATCH 1/4] chore: Fix Signing Using A GPG Subkey --- .github/workflows/deploy-release.yaml | 2 +- .github/workflows/deploy-snapshot.yaml | 4 ++-- buildSrc/src/main/kotlin/publish.gradle.kts | 16 ++++++++++------ 3 files changed, 13 insertions(+), 9 deletions(-) diff --git a/.github/workflows/deploy-release.yaml b/.github/workflows/deploy-release.yaml index 6fe5f12f..5254d769 100644 --- a/.github/workflows/deploy-release.yaml +++ b/.github/workflows/deploy-release.yaml @@ -9,7 +9,6 @@ on: jobs: deployment: - if: github.repository == 'eclipse-kuksa/kuksa-android-sdk' runs-on: ubuntu-latest steps: - name: Checkout code @@ -28,6 +27,7 @@ jobs: - name: Publish Library env: + ORG_GPG_KEY_ID: ${{ secrets.ORG_GPG_KEY_ID }} ORG_GPG_PASSPHRASE: ${{ secrets.ORG_GPG_PASSPHRASE }} ORG_GPG_PRIVATE_KEY: ${{ secrets.ORG_GPG_PRIVATE_KEY }} ORG_OSSRH_PASSWORD: ${{ secrets.ORG_OSSRH_PASSWORD }} diff --git a/.github/workflows/deploy-snapshot.yaml b/.github/workflows/deploy-snapshot.yaml index 3061f473..c9b8d13e 100644 --- a/.github/workflows/deploy-snapshot.yaml +++ b/.github/workflows/deploy-snapshot.yaml @@ -10,7 +10,6 @@ on: jobs: deployment: - if: github.repository == 'eclipse-kuksa/kuksa-android-sdk' runs-on: ubuntu-latest steps: - name: Checkout code @@ -32,8 +31,9 @@ jobs: - name: Publish Library env: + ORG_GPG_KEY_ID: ${{ secrets.ORG_GPG_KEY_ID }} ORG_GPG_PASSPHRASE: ${{ secrets.ORG_GPG_PASSPHRASE }} ORG_GPG_PRIVATE_KEY: ${{ secrets.ORG_GPG_PRIVATE_KEY }} ORG_OSSRH_PASSWORD: ${{ secrets.ORG_OSSRH_PASSWORD }} ORG_OSSRH_USERNAME: ${{ secrets.ORG_OSSRH_USERNAME }} - run: ./gradlew publishAllPublicationsToOSSRHSnapshotRepository + run: ./gradlew --stacktrace publishAllPublicationsToOSSRHSnapshotRepository diff --git a/buildSrc/src/main/kotlin/publish.gradle.kts b/buildSrc/src/main/kotlin/publish.gradle.kts index 261c61a8..fb2d8103 100644 --- a/buildSrc/src/main/kotlin/publish.gradle.kts +++ b/buildSrc/src/main/kotlin/publish.gradle.kts @@ -29,11 +29,6 @@ interface PublishPluginExtension { val extension = project.extensions.create("publish") -// configure GPG -> https://docs.gradle.org/current/userguide/signing_plugin.html#example_configure_the_gnupgsignatory -ext["signing.gnupg.executable"] = "gpg" -ext["signing.gnupg.keyName"] = System.getenv("ORG_GPG_PRIVATE_KEY") -ext["signing.gnupg.passphrase"] = System.getenv("ORG_GPG_PASSPHRASE") - afterEvaluate { publishing { repositories { @@ -79,7 +74,16 @@ afterEvaluate { } signing { - useGpgCmd() + val keyId = System.getenv("ORG_GPG_KEY_ID") + val privateKey = System.getenv("ORG_GPG_PRIVATE_KEY") + val passphrase = System.getenv("ORG_GPG_PASSPHRASE") + + useInMemoryPgpKeys( + keyId, + privateKey, + passphrase, + ) + sign(publishing.publications) } } From 36462a92aa6aecec758e1d90b5af641ec85189bd Mon Sep 17 00:00:00 2001 From: Andre Weber Date: Wed, 29 Nov 2023 10:26:38 +0100 Subject: [PATCH 2/4] chore: Truncate KeyId --- buildSrc/src/main/kotlin/publish.gradle.kts | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/buildSrc/src/main/kotlin/publish.gradle.kts b/buildSrc/src/main/kotlin/publish.gradle.kts index fb2d8103..fb05b226 100644 --- a/buildSrc/src/main/kotlin/publish.gradle.kts +++ b/buildSrc/src/main/kotlin/publish.gradle.kts @@ -74,7 +74,10 @@ afterEvaluate { } signing { - val keyId = System.getenv("ORG_GPG_KEY_ID") + var keyId: String? = System.getenv("ORG_GPG_KEY_ID") + if (keyId != null && keyId.length > 8) { + keyId = keyId.takeLast(8) + } val privateKey = System.getenv("ORG_GPG_PRIVATE_KEY") val passphrase = System.getenv("ORG_GPG_PASSPHRASE") From 68adf928e990b318f5bfc4416e0a34853e24617a Mon Sep 17 00:00:00 2001 From: Andre Weber Date: Wed, 29 Nov 2023 12:07:24 +0100 Subject: [PATCH 3/4] docs: Replace GitHub Packages with Maven Central --- README.md | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 548dbdfe..d3860696 100644 --- a/README.md +++ b/README.md @@ -26,21 +26,9 @@ Snapshot builds are also available (but of course less stable): [Package view](h See the [quickstart guide](https://github.com/eclipse-kuksa/kuksa-android-sdk/tree/main/docs/QUICKSTART.md) for additional integration options. -### GitHub packages +### Maven Central -The KUKSA SDK is currently uploaded to [GitHub packages](https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-gradle-registry) -where an [authentication](https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-gradle-registry#authenticating-to-github-packages) -is needed to download the dependency. - -``` -maven { - url = uri("https://maven.pkg.github.com/eclipse-kuksa/kuksa-android-sdk") - credentials { - username = - password = - } -} -``` +The KUKSA SDK is currently uploaded to [Maven Central](https://central.sonatype.com/search?q=org.eclipse.kuksa). ## Usage From 5b75f19fcb094a108607a837a7222091c4c3348f Mon Sep 17 00:00:00 2001 From: Andre Weber Date: Wed, 29 Nov 2023 10:55:01 +0100 Subject: [PATCH 4/4] chore: Run Deployment Workflows only in eclipse Organisation --- .github/workflows/deploy-release.yaml | 1 + .github/workflows/deploy-snapshot.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/workflows/deploy-release.yaml b/.github/workflows/deploy-release.yaml index 5254d769..55ac14bc 100644 --- a/.github/workflows/deploy-release.yaml +++ b/.github/workflows/deploy-release.yaml @@ -9,6 +9,7 @@ on: jobs: deployment: + if: github.repository == 'eclipse-kuksa/kuksa-android-sdk' runs-on: ubuntu-latest steps: - name: Checkout code diff --git a/.github/workflows/deploy-snapshot.yaml b/.github/workflows/deploy-snapshot.yaml index c9b8d13e..e0b01a06 100644 --- a/.github/workflows/deploy-snapshot.yaml +++ b/.github/workflows/deploy-snapshot.yaml @@ -10,6 +10,7 @@ on: jobs: deployment: + if: github.repository == 'eclipse-kuksa/kuksa-android-sdk' runs-on: ubuntu-latest steps: - name: Checkout code