This is an automated email from the ASF dual-hosted git repository.
jdaugherty pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/grails-core.git
The following commit(s) were added to refs/heads/7.0.x by this push:
new 07bd6c5e7c [skip ci] adopt ASF signing workflow
07bd6c5e7c is described below
commit 07bd6c5e7cfe8bb30991bba2b37fa369de5cec36
Author: James Daugherty <[email protected]>
AuthorDate: Tue May 27 15:24:35 2025 -0400
[skip ci] adopt ASF signing workflow
---
.github/workflows/release.yml | 21 +++++++++-------
grails-gradle/gradle/signing-config.gradle | 2 ++
.../publishing/GrailsPublishGradlePlugin.groovy | 29 ++++++++++++++++++----
3 files changed, 38 insertions(+), 14 deletions(-)
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index b91898528d..27db5491fb 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -35,6 +35,12 @@ jobs:
uses: actions/checkout@v4
- name: 'Ensure Common Build Date' # to ensure a reproducible build
run: echo "SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)" >>
"$GITHUB_ENV"
+ - name: '🔐 Set up GPG'
+ run: |
+ echo "${{ secrets.GRAILS_GPG_KEY }}" | gpg --batch --import
+ gpg --list-keys
+ env:
+ GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }}
- name: "☕️ Setup JDK"
uses: actions/setup-java@v4
with:
@@ -90,9 +96,8 @@ jobs:
NEXUS_PUBLISH_USERNAME: ${{ secrets.NEXUS_STAGE_DEPLOYER_USER }}
NEXUS_PUBLISH_PASSWORD: ${{ secrets.NEXUS_STAGE_DEPLOYER_PW }}
NEXUS_PUBLISH_URL: ${{ secrets.GRAILS_NEXUS_PUBLISH_RELEASE_URL }}
- NEXUS_PUBLISH_STAGING_PROFILE_ID: ${{
secrets.NEXUS_PUBLISH_STAGING_PROFILE_ID }} # TODO: unknown at this time
- SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
- SIGNING_PASSPHRASE: ${{ secrets.SIGNING_PASSPHRASE }}
+ NEXUS_PUBLISH_STAGING_PROFILE_ID: ${{ secrets.STAGING_PROFILE_ID }}
+ SIGNING_KEY: ${{ secrets.GPG_KEY_ID }}
working-directory: 'grails-gradle'
run: >
./gradlew
@@ -104,9 +109,8 @@ jobs:
NEXUS_PUBLISH_USERNAME: ${{ secrets.NEXUS_STAGE_DEPLOYER_USER }}
NEXUS_PUBLISH_PASSWORD: ${{ secrets.NEXUS_STAGE_DEPLOYER_PW }}
NEXUS_PUBLISH_URL: ${{ secrets.GRAILS_NEXUS_PUBLISH_RELEASE_URL }}
- NEXUS_PUBLISH_STAGING_PROFILE_ID: ${{
secrets.NEXUS_PUBLISH_STAGING_PROFILE_ID }} # TODO: unknown at this time
- SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
- SIGNING_PASSPHRASE: ${{ secrets.SIGNING_PASSPHRASE }}
+ NEXUS_PUBLISH_STAGING_PROFILE_ID: ${{ secrets.STAGING_PROFILE_ID }}
+ SIGNING_KEY: ${{ secrets.GPG_KEY_ID }}
working-directory: 'grails-gradle'
run: >
./gradlew
@@ -122,9 +126,8 @@ jobs:
NEXUS_PUBLISH_USERNAME: ${{ secrets.NEXUS_STAGE_DEPLOYER_USER }}
NEXUS_PUBLISH_PASSWORD: ${{ secrets.NEXUS_STAGE_DEPLOYER_PW }}
NEXUS_PUBLISH_URL: ${{ secrets.GRAILS_NEXUS_PUBLISH_RELEASE_URL }}
- NEXUS_PUBLISH_STAGING_PROFILE_ID: ${{
secrets.NEXUS_PUBLISH_STAGING_PROFILE_ID }} # TODO: unknown at this time
- SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
- SIGNING_PASSPHRASE: ${{ secrets.SIGNING_PASSPHRASE }}
+ NEXUS_PUBLISH_STAGING_PROFILE_ID: ${{ secrets.STAGING_PROFILE_ID }}
+ SIGNING_KEY: ${{ secrets.GPG_KEY_ID }}
run: >
./gradlew
-Psigning.secretKeyRingFile=${{ github.workspace }}/secring.gpg
diff --git a/grails-gradle/gradle/signing-config.gradle
b/grails-gradle/gradle/signing-config.gradle
index d06001245e..25d7d90c44 100644
--- a/grails-gradle/gradle/signing-config.gradle
+++ b/grails-gradle/gradle/signing-config.gradle
@@ -24,6 +24,8 @@ if (isReleaseVersion) {
afterEvaluate {
signing {
required { isReleaseVersion && gradle.taskGraph.hasTask('publish')
}
+ useGpgCmd()
+
Publication[] publications = new
Publication[publishing.publications.size()]
publishing.publications.findAll().toArray(publications)
sign(publications)
diff --git
a/grails-gradle/plugins/src/main/groovy/org/grails/gradle/plugin/publishing/GrailsPublishGradlePlugin.groovy
b/grails-gradle/plugins/src/main/groovy/org/grails/gradle/plugin/publishing/GrailsPublishGradlePlugin.groovy
index 8b6366528f..bb8d2d2154 100644
---
a/grails-gradle/plugins/src/main/groovy/org/grails/gradle/plugin/publishing/GrailsPublishGradlePlugin.groovy
+++
b/grails-gradle/plugins/src/main/groovy/org/grails/gradle/plugin/publishing/GrailsPublishGradlePlugin.groovy
@@ -105,7 +105,7 @@ The credentials and connection url must be specified as a
project property or an
NEXUS_PUBLISH_SNAPSHOT_URL
NEXUS_PUBLISH_STAGING_PROFILE_ID
-When using `NEXUS_PUBLISH`, the property `signing.secretKeyRingFile` must be
set to the path of the GPG keyring file.
+When using `NEXUS_PUBLISH`, either the property `signing.secretKeyRingFile`
must be set to the path of the GPG keyring file or local gpg must be configured
to sign artifacts.
Note: if project properties are used, the properties must be defined prior to
applying this plugin.
"""
@@ -125,10 +125,6 @@ Note: if project properties are used, the properties must
be defined prior to ap
final ExtraPropertiesExtension extraPropertiesExtension =
project.extensions.findByType(ExtraPropertiesExtension)
- extraPropertiesExtension.setProperty('signing.keyId',
project.findProperty('signing.keyId') ?: System.getenv('SIGNING_KEY'))
- extraPropertiesExtension.setProperty('signing.password',
project.findProperty('signing.password') ?: System.getenv('SIGNING_PASSPHRASE'))
- extraPropertiesExtension.setProperty('signing.secretKeyRingFile',
project.findProperty('signing.secretKeyRingFile') ?:
System.getenv('SIGNING_KEYRING'))
-
PublishType snapshotPublishType =
project.hasProperty(SNAPSHOT_PUBLISH_TYPE_PROPERTY) ?
PublishType.valueOf(project.property(SNAPSHOT_PUBLISH_TYPE_PROPERTY) as String)
: PublishType.MAVEN_PUBLISH
PublishType releasePublishType =
project.hasProperty(RELEASE_PUBLISH_TYPE_PROPERTY) ?
PublishType.valueOf(project.property(RELEASE_PUBLISH_TYPE_PROPERTY) as String)
: PublishType.NEXUS_PUBLISH
@@ -178,6 +174,26 @@ Note: if project properties are used, the properties must
be defined prior to ap
final PluginManager projectPluginManager = project.pluginManager
projectPluginManager.apply(MavenPublishPlugin)
+ boolean localSigning = false
+ if(isRelease) {
+ String signingKeyId = project.findProperty('signing.keyId') ?:
System.getenv('SIGNING_KEY')
+ extraPropertiesExtension.setProperty('signing.keyId', signingKeyId)
+ String secringFile =
project.findProperty('signing.secretKeyRingFile') ?:
System.getenv('SIGNING_KEYRING')
+ if(!secringFile) {
+ project.logger.info("No keyring file has been specified.
Assuming the use of local gpgCommand instead.")
+ localSigning = true
+ extraPropertiesExtension.setProperty('signing.gnupg.keyName',
signingKeyId)
+ }
+ else {
+
extraPropertiesExtension.setProperty('signing.secretKeyRingFile', secringFile)
+
+ String signingPassphrase =
project.findProperty('signing.password') ?: System.getenv('SIGNING_PASSPHRASE')
+ if(signingPassphrase) {
+ extraPropertiesExtension.setProperty('signing.password',
signingPassphrase)
+ }
+ }
+ }
+
if (isRelease || useNexusPublish) {
if (project.pluginManager.hasPlugin(SIGNING_PLUGIN_ID)) {
project.rootProject.logger.debug('Signing Plugin already
applied to project {}', project.name)
@@ -407,6 +423,9 @@ Note: if project properties are used, the properties must
be defined prior to ap
if (isRelease) {
extensionContainer.configure(SigningExtension, {
it.required = isRelease
+ if(localSigning) {
+ it.useGpgCmd()
+ }
it.sign project.publishing.publications.maven
})
}
