-
Notifications
You must be signed in to change notification settings - Fork 223
Manage OSSRH
Aaron Crawfis edited this page Apr 15, 2021
·
4 revisions
- url: https://oss.sonatype.org/
- user/pass: Find the secret in dapr keyvault (java-sdk-ossrh-repo)
- Download GPG private key from dapr keyvault (
java-sdk-mvn-gpg-private-keysecret in keyvault) - Base64-decode secret to private key
# for linux user
$ echo "secret" | base64 -D > gpg-private.key
- import gpg private key to your local machine
$ gpg --batch --import gpg-private.key
- Set the secret environment variables
export OSSRH_USER_TOKEN=user_token # See `java-sdk-ossrh-user-token` secret in keyvault
export OSSRH_PWD_TOKEN=user_pass # See `java-sdk-ossrh-user-token` secret in keyvault
export GPG_KEY=gpg_key # See `java-sdk-mvn-gpg-private-key-pass` secret in keyvault
export GPG_PWD=gpg_pwd # See `java-sdk-mvn-gpg-private-key-pass` secret in keyvault
- Deploy by maven
export GPG_TTY=$(tty)
mvn -V -B -Dgpg.skip=false -s settings.xml deploy
- Generate GPG Cert
$ export GPG_TTY=$(tty)
# when gpg asks password of cert, use `java-sdk-mvn-gpg-private-key-pass` secret in keyvault. if you want to use the different password, please update `java-sdk-mvn-gpg-private-key-pass` secret in keyvault.
$ gpg --generate-key
gpg (GnuPG) 2.2.19; Copyright (C) 2019 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Note: Use "gpg --full-generate-key" for a full featured key generation dialog.
GnuPG needs to construct a user ID to identify your key.
Real name: dapr.io
Email address: daprweb@microsoft.com
You selected this USER-ID:
"dapr.io <daprweb@microsoft.com>"
Change (N)ame, (E)mail, or (O)kay/(Q)uit? O
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key B32573E3D5C334D9 marked as ultimately trusted
gpg: directory '/Users/youngp/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/Users/youngp/.gnupg/openpgp-revocs.d/2C250DF7621BD1A2D6B06E27B32573E3D5C334D9.rev'
public and secret key created and signed.
pub rsa2048 2020-01-17 [SC] [expires: 2022-01-16]
2C250DF7621BD1A2D6B06E27B32573E3D5C334D9
uid dapr.io <daprweb@microsoft.com>
sub rsa2048 2020-01-17 [E] [expires: 2022-01-16]
- Export private key
# e.g. KEYID is 2C250DF7621BD1A2D6B06E27B32573E3D5C334D9 in the example
$ gpg -a --export-secret-key KEYID > private-key.gpg
- Base64-encode private-key.gpg
base64 private-key.gpg
-
Update
GPG_PRIVATE_KEYvariable in GitHub Settings->secrets -
Update
java-sdk-mvm-gpg-private-keysecret in keyvault