From c7e289b84bf8d4b0ad575bd19156cefc8bfa3125 Mon Sep 17 00:00:00 2001 From: Julien Herr Date: Thu, 18 May 2023 21:41:35 +0200 Subject: [PATCH] Update signing configuration --- .github/workflows/publish-maven-central.yml | 19 ++++++++++--------- .github/workflows/release-maven-central.yml | 19 ++++++++++--------- .../kotlin/testng.maven-publish.gradle.kts | 1 + .../src/main/kotlin/testng.signing.gradle.kts | 14 ++++++++++++++ gradle.properties | 4 ++-- 5 files changed, 37 insertions(+), 20 deletions(-) create mode 100644 build-logic/publishing/src/main/kotlin/testng.signing.gradle.kts diff --git a/.github/workflows/publish-maven-central.yml b/.github/workflows/publish-maven-central.yml index 847ca807e2..5699a4724a 100644 --- a/.github/workflows/publish-maven-central.yml +++ b/.github/workflows/publish-maven-central.yml @@ -26,18 +26,19 @@ jobs: - name: Gradle wrapper validation uses: gradle/wrapper-validation-action@v1.0.6 - # Runs a single command using the runners shell - - name: Install gpg secret key - run: | - cat <(echo -e "${{ secrets.GPG_PRIVATE_KEY }}") | gpg --batch --import - gpg --export-secret-keys >$HOME/.gnupg/secring.gpg - gpg --list-secret-keys --keyid-format LONG - ls -l $HOME/.gnupg - # FIXME Check https://github.com/allure-framework/allure2/blob/430255d8cf5c236ed29bc0df0b72dcd9389c3df9/.github/workflows/release.yaml - name: Publish Release Candidate + env: + ORG_GRADLE_PROJECT_ghGitSourceUsername: ${{ github.actor }} + ORG_GRADLE_PROJECT_ghGitSourcePassword: ${{ secrets.GITHUB_TOKEN }} + ORG_GRADLE_PROJECT_ghNexusUsername: ${{ secrets.NEXUS_USERNAME }} + ORG_GRADLE_PROJECT_ghNexusPassword: ${{ secrets.NEXUS_PASSWORD }} + ORG_GRADLE_PROJECT_signingKeyId: ${{ secrets.GPG_KEY_ID }} + ORG_GRADLE_PROJECT_signingKey: ${{ secrets.GPG_PRIVATE_KEY }} + ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.GPG_PASSPHRASE }} + ORG_GRADLE_PROJECT_rc: ${{ github.event.inputs.release_candidate }} run: | - ./gradlew -PghGitSourceUsername=cbeust -PghGitSourcePassword=${{ secrets.GITHUB_TOKEN }} -PghDryRun -PghNexusUsername=${{ secrets.NEXUS_USERNAME }} -PghNexusPassword=${{ secrets.NEXUS_PASSWORD }} -Psigning.secretKeyRingFile=$HOME/.gnupg/secring.gpg -Psigning.password=${{ secrets.GPG_PASSPHRASE }} -Psigning.keyId=${{ secrets.GPG_KEY_ID }} -Prc=${{ github.event.inputs.release_candidate }} prepareVote + ./gradlew -PghDryRun prepareVote - name: Display next step run: | diff --git a/.github/workflows/release-maven-central.yml b/.github/workflows/release-maven-central.yml index 434c346543..f384d8a95b 100644 --- a/.github/workflows/release-maven-central.yml +++ b/.github/workflows/release-maven-central.yml @@ -31,14 +31,6 @@ jobs: - name: Gradle wrapper validation uses: gradle/wrapper-validation-action@v1.0.6 - # Runs a single command using the runners shell - - name: Install gpg secret key - run: | - cat <(echo -e "${{ secrets.GPG_PRIVATE_KEY }}") | gpg --batch --import - gpg --export-secret-keys >$HOME/.gnupg/secring.gpg - gpg --list-secret-keys --keyid-format LONG - ls -l $HOME/.gnupg - - name: Create Nexus.txt with staging repository details run: | mkdir -p build/stagingRepositories @@ -46,5 +38,14 @@ jobs: # FIXME Check https://github.com/allure-framework/allure2/blob/430255d8cf5c236ed29bc0df0b72dcd9389c3df9/.github/workflows/release.yaml - name: Publish Release Candidate + env: + ORG_GRADLE_PROJECT_ghGitSourceUsername: ${{ github.actor }} + ORG_GRADLE_PROJECT_ghGitSourcePassword: ${{ secrets.GITHUB_TOKEN }} + ORG_GRADLE_PROJECT_ghNexusUsername: ${{ secrets.NEXUS_USERNAME }} + ORG_GRADLE_PROJECT_ghNexusPassword: ${{ secrets.NEXUS_PASSWORD }} + ORG_GRADLE_PROJECT_signingKeyId: ${{ secrets.GPG_KEY_ID }} + ORG_GRADLE_PROJECT_signingKey: ${{ secrets.GPG_PRIVATE_KEY }} + ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.GPG_PASSPHRASE }} + ORG_GRADLE_PROJECT_rc: ${{ github.event.inputs.release_candidate }} run: | - ./gradlew -PghGitSourceUsername=cbeust -PghGitSourcePassword=${{ secrets.GITHUB_TOKEN }} -PghDryRun -PghNexusUsername=${{ secrets.NEXUS_USERNAME }} -PghNexusPassword=${{ secrets.NEXUS_PASSWORD }} -Psigning.secretKeyRingFile=$HOME/.gnupg/secring.gpg -Psigning.password=${{ secrets.GPG_PASSPHRASE }} -Psigning.keyId=${{ secrets.GPG_KEY_ID }} -Prc=${{ github.event.inputs.release_candidate }} publishDist + ./gradlew -PghDryRun publishDist diff --git a/build-logic/publishing/src/main/kotlin/testng.maven-publish.gradle.kts b/build-logic/publishing/src/main/kotlin/testng.maven-publish.gradle.kts index 5216f3facd..5bb24558a2 100644 --- a/build-logic/publishing/src/main/kotlin/testng.maven-publish.gradle.kts +++ b/build-logic/publishing/src/main/kotlin/testng.maven-publish.gradle.kts @@ -1,6 +1,7 @@ plugins { `maven-publish` id("testng.local-maven-repo") + id("testng.signing") } // It takes value from root project always: https://github.com/gradle/gradle/issues/13302 diff --git a/build-logic/publishing/src/main/kotlin/testng.signing.gradle.kts b/build-logic/publishing/src/main/kotlin/testng.signing.gradle.kts new file mode 100644 index 0000000000..d9d09cf655 --- /dev/null +++ b/build-logic/publishing/src/main/kotlin/testng.signing.gradle.kts @@ -0,0 +1,14 @@ +import org.gradle.kotlin.dsl.signing + +plugins { + signing +} + +plugins.withId("signing") { + configure { + val signingKeyId: String? by project + val signingKey: String? by project + val signingPassword: String? by project + useInMemoryPgpKeys(signingKeyId, signingKey, signingPassword) + } +} diff --git a/gradle.properties b/gradle.properties index 70dc8657ca..4fc492f2b8 100644 --- a/gradle.properties +++ b/gradle.properties @@ -15,9 +15,9 @@ project.vendor.name=TestNG project.vendor.id=org.testng # For now this URL is used only in POM references, and release tags are pused -scm.url=https\://github.com/cbeust/testng.git +scm.url=https\://github.com/testng-team/testng.git # In most cases it is the same as the project group nexus.profile=org.testng -github.organization=cbeust +github.organization=testng-team github.repository=testng