ci: add signing of artifacts and sonatype as maven repo

Author: tommytroen

.github/workflows/publish-release.yml

@@ -28,9 +28,19 @@ jobs:
           key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle.kts') }}
           restore-keys: |
             ${{ runner.os }}-gradle-
+      - name: Import gpg key
+        env:
+          GPG_KEY_BASE64: ${{ secrets.GPG_KEY_BASE64 }}
+          GPG_KEY_NAME: ${{ secrets.GPG_KEY_NAME }}
+          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+        run: echo $GPG_KEY_BASE64 | base64 --decode | gpg --yes --batch --import
       - name: Publish artifact
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GPG_KEY_NAME: ${{ secrets.GPG_KEY_NAME }}
+          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+          SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
+          SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
 
         # The GITHUB_REF tag comes in the format 'refs/tags/xxx'.
         # So if we split on '/' and take the 3rd value, we can get the release name.

build.gradle.kts

@@ -59,7 +59,7 @@ dependencies {
 publishing {
     publications {
         create<MavenPublication>("mavenJava") {
-            artifactId = "${rootProject.name}"
+            artifactId = rootProject.name
             from(components["java"])
             versionMapping {
                 usage("java-api") {
@@ -71,7 +71,7 @@ publishing {
                 }
             }
             pom {
-                name.set("${rootProject.name}")
+                name.set(rootProject.name)
                 description.set("A simple mock oauth2 server based on OkHttp MockWebServer")
                 url.set("https://github.com/navikt/${rootProject.name}")
 
@@ -86,11 +86,6 @@ publishing {
                         organization.set("NAV (Arbeids- og velferdsdirektoratet) - The Norwegian Labour and Welfare Administration")
                         organizationUrl.set("https://www.nav.no")
                     }
-                    developer {
-                        id.set("tommytroen")
-                        name.set("Tommy Trøen")
-                        email.set("tommy.troen@nav.no")
-                    }
                 }
                 scm {
                     connection.set("scm:git:git://github.com/navikt/${rootProject.name}.git")
@@ -108,18 +103,28 @@ publishing {
                 username = System.getenv("GITHUB_ACTOR")
                 password = System.getenv("GITHUB_TOKEN")
             }
-           /*
-            // change URLs to point to your repos, e.g. http://my.org/repo
+        }
+        maven {
+            name = "Sonatype"
             val releasesRepoUrl = uri("$mavenRepoBaseUrl/service/local/staging/deploy/maven2/")
             val snapshotsRepoUrl = uri("$mavenRepoBaseUrl/content/repositories/snapshots")
-            url = if (version.toString().endsWith("SNAPSHOT")) snapshotsRepoUrl else releasesRepoUrl*/
+            url = if (version.toString().endsWith("SNAPSHOT")) snapshotsRepoUrl else releasesRepoUrl
+            credentials {
+                username = System.getenv("SONATYPE_USERNAME")
+                password = System.getenv("SONATYPE_PASSWORD")
+            }
         }
     }
 }
 
-/*signing {
+ext["signing.gnupg.keyName"] = System.getenv("GPG_KEY_NAME")
+ext["signing.gnupg.passphrase"] = System.getenv("GPG_PASSPHRASE")
+ext["signing.gnupg.useLegacyGpg"] = true
+
+signing {
+    useGpgCmd()
     sign(publishing.publications["mavenJava"])
-}*/
+}
 
 tasks.javadoc {
     if (JavaVersion.current().isJava9Compatible) {
@@ -166,13 +171,15 @@ tasks {
     "jibDockerBuild" {
         dependsOn("shadowJar")
     }
-/*
-    "publish" {
+
+ /*   "publish" {
         dependsOn("shadowJar")
         dependsOn("jibDockerBuild")
-    }
-*/
+    }*/
+
     withType<Sign>().configureEach {
-        onlyIf { !version.toString().endsWith("SNAPSHOT") }
+        onlyIf {
+            project.hasProperty("signing.gnupg.keyName")
+        }
     }
 }