How do I use a GPG key when publishing a release to Sonatype Nexus via GitHub actions

Question

I've set up a repository in the Maven Central Repository via Sonatype, and now I'm trying to create a GitHub action that will automatically publish an updated version when I create a new release on GitHub.

I know how to create the trigger using the on: clause and run the gradlew publish task, but I don't know how to supply GitHub with the GPG encryption key needed for it.

How do I do it?

My progress so far is here.

You could add the GPG key as a github secret on the repository to use it in your workflow. — GuiFalourd, Apr 08 '21 at 02:04

score 0 · Answer 1 · answered Apr 08 '21 at 13:19

Your issue seems similar to this one

Summarizing:

GitHub Actions is basically a container that runs commands, you can define your key as a secret on your project and then importing it in your Github Action workflow

Here are the steps that could be used on a project to publish the generated artifacts to Sonatype's repository:

On a terminal window, you can search for the key ID by e-mail: gpg --list-secret-keys user@example.com
Export your key as Base64: gpg --export-secret-keys YOUR_ID_HERE | base64 > private.key
In your Github project, create a new Secret named GPG_SECRET_KEY (for example) and paste the Base64 content of your key (here is a reference how to do it)
In your workflow .yml file, include a step to import the key from your just defined secret like the example below:

- name: Configure GPG Key
  run: |
    mkdir -p ~/.gnupg/
    printf "$GPG_SIGNING_KEY" | base64 --decode > ~/.gnupg/private.key
    gpg --import ~/.gnupg/private.key
  env:
    GPG_SECRET_KEY: ${{ secrets.GPG_SECRET_KEY }}

Note: Your GPG Key can't be protected by a password.

How do I use a GPG key when publishing a release to Sonatype Nexus via GitHub actions

1 Answers1