From 6b4979c9d894be6dcf637d7c316d9cc4099d3602 Mon Sep 17 00:00:00 2001 From: EmanueleIannuzzi Date: Fri, 20 Mar 2026 18:30:36 +0100 Subject: [PATCH 1/3] fix: PGP key handling and preprocessing --- build.gradle.kts | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/build.gradle.kts b/build.gradle.kts index 1edd859..70d2c07 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -73,29 +73,32 @@ subprojects { } @OptIn(ExperimentalEncodingApi::class) -private fun MavenPublishBaseExtension.signIfKeyPresent(project: Project) { +fun MavenPublishBaseExtension.signIfKeyPresent(project: Project) { val keyId = System.getenv("KEY_ID") - val keyBytes = runCatching { - Base64.decode(System.getenv("SECRING").toByteArray()).decodeToString() - }.getOrNull() - val keyPassword = System.getenv("PASSWORD") + val signingKey = System.getenv("SECRING") + val signingKeyPassphrase = System.getenv("PASSWORD") - if (keyBytes != null && keyPassword != null) { - project.logger.info("Signing artifacts with in-memory PGP key (.gpg)") + if (!signingKey.isNullOrBlank()) { + project.logger.info("Signing artifacts with in-memory PGP key for ${project.path}") project.extensions.configure("signing") { - // For binary .gpg keys - if (keyId == null) { - useInMemoryPgpKeys(keyBytes, keyPassword) - } else { - useInMemoryPgpKeys(keyId, keyBytes, keyPassword) - } + useInMemoryPgpKeys(keyId, preprocessPrivateGpgKey(signingKey), signingKeyPassphrase) signAllPublications() } } else { - project.logger.info("Skipping signing of artifacts: PGP key or password not found in environment variables") + project.logger.warn("Skipping signing of artifacts: PGP key or password not found in environment variables for ${project.path}") } } +private fun preprocessPrivateGpgKey(key: String): String { + val prefix = "-----BEGIN PGP PRIVATE KEY BLOCK-----" + val suffix = "-----END PGP PRIVATE KEY BLOCK-----" + val delimiter = "\r\n" + return prefix + delimiter + key + .replace(prefix, "") + .replace(suffix, "") + .replace(" ", "\r\n") + delimiter + suffix +} + tasks.register("printVersion") { doLast { println(projectVersion) From bbe8f8e5126fbf4a2397bbe8bf085aa9d9766b1b Mon Sep 17 00:00:00 2001 From: EmanueleIannuzzi Date: Fri, 20 Mar 2026 18:31:19 +0100 Subject: [PATCH 2/3] refactor: remove unused Base64 API --- build.gradle.kts | 2 -- 1 file changed, 2 deletions(-) diff --git a/build.gradle.kts b/build.gradle.kts index 70d2c07..dd80645 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -3,7 +3,6 @@ import com.vanniktech.maven.publish.SonatypeHost import helpers.configureMavenCentralMetadata import org.jetbrains.kotlin.gradle.dsl.KotlinJvmProjectExtension import org.jetbrains.kotlin.gradle.tasks.KotlinCompile -import kotlin.io.encoding.Base64 import kotlin.io.encoding.ExperimentalEncodingApi val kotlinJvmTarget: String by project @@ -72,7 +71,6 @@ subprojects { } } -@OptIn(ExperimentalEncodingApi::class) fun MavenPublishBaseExtension.signIfKeyPresent(project: Project) { val keyId = System.getenv("KEY_ID") val signingKey = System.getenv("SECRING") From 8c618a664d0f570bbb1ca205304300c030f29416 Mon Sep 17 00:00:00 2001 From: EmanueleIannuzzi Date: Fri, 20 Mar 2026 18:45:27 +0100 Subject: [PATCH 3/3] refactor: rename environment variables --- build.gradle.kts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/build.gradle.kts b/build.gradle.kts index dd80645..dde6997 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -72,9 +72,9 @@ subprojects { } fun MavenPublishBaseExtension.signIfKeyPresent(project: Project) { - val keyId = System.getenv("KEY_ID") - val signingKey = System.getenv("SECRING") - val signingKeyPassphrase = System.getenv("PASSWORD") + val keyId = System.getenv("SIGNING_KEY_ID") + val signingKey = System.getenv("SIGNING_KEY") + val signingKeyPassphrase = System.getenv("SIGNING_KEY_PASSPHRASE") if (!signingKey.isNullOrBlank()) { project.logger.info("Signing artifacts with in-memory PGP key for ${project.path}")