GPG + Github Action example For Maven Publishing

GPG Generation

Read https://central.sonatype.org/publish/requirements/gpg/

Example working github actions setup for my incomplete work.

https://github.com/Kambaa/gmc-maven-plugin/blob/master/.github/workflows/maven.yml

Another axample

https://github.com/rapidappio/rapidapp-java/blob/main/.github/workflows/release.yaml

GPG Import

gpg --import private.key
# enter your password when asked

List/Export keys:

gpg --homedir C:\Users\USERNAME\.gnupg --list-keys
gpg --homedir C:\Users\USERNAME\.gnupg --export-secret-keys ENTER_KEY > private.key
gpg --homedir C:\Users\USERNAME\.gnupg --armor --export-secret-key [email protected] -w0

Send/Receive Keys:

gpg --keyserver keyserver.ubuntu.com --send-keys <KEY>
gpg --keyserver keyserver.ubuntu.com --recv-keys <KEY>

Maven settings.xml

add this:


maven settings.xml
<!-- in servers --> 
<server>
<id>ossrh</id>
<username>SONATYPE_USERNAME</username>
<password>SONATYPE_PASSWORD</password>
</server>

or this:

  <server>
    <id>gpg.passphrase</id>
    <passphrase><GPG_PASSPHRASE></passphrase>
  </server>

in profiles section, add

    <profile>
      <id>ossrh</id>
      <activation>
      <activeByDefault>true</activeByDefault>
    </activation>
    <properties>
      <!-- for linux -->
      <gpg.executable>gpg2</gpg.executable> 
      <!-- for windows -->
      <gpg.executable>"%ProgramFiles(x86)%\GnuPG\bin\gpg.exe" --homedir "C:\Users\USERNAME\.gnupg"</gpg.executable>
      <!-- <gpg.passphrase><YOUR_PASSPHRASE></gpg.passphrase> -->
    </properties>
  </profile>

Kambaa/gpg-notes.md

GPG Generation

Example working github actions setup for my incomplete work.

GPG Import

List/Export keys:

Send/Receive Keys:

Maven settings.xml