Merge pull request #54 from borisrizov-zf/ci/replace-gpg-import-steps

chore: replace import-gpg steps (ref. from EDC)
eclipse-tractusx · Nov 24, 2023 · 0ef3755 · 0ef3755
2 parents 5594e5d + 815b1d4
commit 0ef3755
Showing 1 changed file with 16 additions and 5 deletions.
diff --git a/.github/workflows/publish-maven.yaml b/.github/workflows/publish-maven.yaml
@@ -49,11 +49,22 @@ jobs:
           java-version: 17
           distribution: temurin
 
-      - name: Import GPG Key
-        uses: crazy-max/ghaction-import-gpg@v6
-        with:
-          gpg_private_key: ${{ secrets.ORG_GPG_PRIVATE_KEY }}
-          passphrase: ${{ secrets.ORG_GPG_PASSPHRASE }}
+      # this is necessary because it creates gpg.conf, etc.
+      - name: List Keys
+        shell: bash
+        run: |
+          gpg -K --keyid-format=long
+
+      - name: Import GPG Private Key
+        shell: bash
+        run: |
+          echo "use-agent" >> ~/.gnupg/gpg.conf
+          echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf
+          echo -e "${{ secrets.ORG_GPG_PRIVATE_KEY }}" | gpg --import --batch
+          for fpr in $(gpg --list-keys --with-colons | awk -F: '/fpr:/ {print $10}' | sort -u);
+          do
+            echo -e "5\\ny\\n" |  gpg --batch --command-fd 0 --expert --edit-key $fpr trust;
+          done
 
         # Environment variables used in settings.xml and pom.xml
       - name: Publish to Maven