@@ -34,38 +34,62 @@ jobs:
3434 env :
3535 GPG_PRIVATE_KEY : ${{ secrets.GPG_PRIVATE_KEY }}
3636 GPG_PASSPHRASE : ${{ secrets.GPG_PASSPHRASE }}
37- GPG_KEY_ID : ${{ secrets.GPG_KEY_ID }}
3837 run : |
3938 mkdir -p ~/.gnupg
4039 chmod 700 ~/.gnupg
41- echo "$GPG_PRIVATE_KEY" | gpg --batch --import
4240 echo "pinentry-mode loopback" > ~/.gnupg/gpg.conf
4341 chmod 600 ~/.gnupg/gpg.conf
42+
43+ # Import the private key
44+ echo "Importing GPG private key..."
45+ echo "$GPG_PRIVATE_KEY" | gpg --batch --import
46+
4447 # List keys for debugging
45- echo "=== GPG Keys ==="
48+ echo "=== GPG Keys After Import ==="
4649 gpg --list-secret-keys --keyid-format LONG
47- # Try to extract key ID, or use secret if provided
48- if [ -n "$GPG_KEY_ID" ]; then
49- KEY_ID="$GPG_KEY_ID"
50- echo "Using GPG_KEY_ID from secrets: $KEY_ID"
51- else
52- # Extract key ID from keyring
50+
51+ # Extract key ID from the imported key (always extract, don't use secret)
52+ # Try multiple methods to extract the key ID
53+ KEY_ID=$(gpg --list-secret-keys --keyid-format LONG 2>/dev/null | grep -E "^sec" | head -1 | sed -n 's/.*\/\([A-F0-9]\{16\}\).*/\1/p')
54+
55+ if [ -z "$KEY_ID" ]; then
56+ # Fallback: try with different format
5357 KEY_ID=$(gpg --list-secret-keys --keyid-format LONG 2>/dev/null | grep -E "^sec" | head -1 | awk -F'/' '{print $2}' | awk '{print $1}')
54- if [ -z "$KEY_ID" ]; then
55- # Fallback: try with pub
56- KEY_ID=$(gpg --list-secret-keys --keyid-format LONG 2>/dev/null | grep -E "^pub" | head -1 | awk -F'/' '{print $2}' | awk '{print $1}')
57- fi
5858 fi
59+
5960 if [ -z "$KEY_ID" ]; then
60- echo "ERROR: Could not extract GPG key ID"
61- echo "Please set GPG_KEY_ID secret or ensure key is properly imported"
61+ # Last resort: try with pub
62+ KEY_ID=$(gpg --list-secret-keys --keyid-format LONG 2>/dev/null | grep -E "^pub" | head -1 | sed -n 's/.*\/\([A-F0-9]\{16\}\).*/\1/p')
63+ fi
64+
65+ if [ -z "$KEY_ID" ]; then
66+ echo "ERROR: Could not extract GPG key ID from imported key"
67+ echo "=== Full key listing ==="
6268 gpg --list-secret-keys --keyid-format LONG
69+ echo "=== Full key listing (SHORT format) ==="
70+ gpg --list-secret-keys --keyid-format SHORT
6371 exit 1
6472 fi
65- echo "key_id=$KEY_ID" >> $GITHUB_OUTPUT
66- echo "GPG Key ID: $KEY_ID"
73+
74+ echo "Extracted GPG Key ID: $KEY_ID"
75+
76+ # Verify the key exists
77+ if ! gpg --list-secret-keys --keyid-format LONG | grep -q "$KEY_ID"; then
78+ echo "ERROR: Extracted key ID $KEY_ID not found in keyring"
79+ echo "=== Full key listing ==="
80+ gpg --list-secret-keys --keyid-format LONG
81+ exit 1
82+ fi
83+
6784 # Trust the imported key (ultimate trust)
85+ echo "Trusting key $KEY_ID..."
6886 echo "$KEY_ID:6:" | gpg --import-ownertrust || true
87+
88+ # Verify trust
89+ gpg --check-trustdb || true
90+
91+ echo "key_id=$KEY_ID" >> $GITHUB_OUTPUT
92+ echo "✅ GPG Key ID configured: $KEY_ID"
6993
7094name : Extract version from tag
7195 id : get_version
@@ -105,13 +129,24 @@ jobs:
105129 gpg --list-secret-keys --keyid-format LONG
106130 exit 1
107131 fi
132+
108133 echo "Using GPG Key ID: $KEY_ID"
109- # Verify key exists
110- if ! gpg --list-secret-keys --keyid-format LONG | grep -q "$KEY_ID"; then
134+
135+ # Final verification: key must exist
136+ if ! gpg --list-secret-keys --keyid-format LONG 2>/dev/null | grep -q "$KEY_ID"; then
111137 echo "ERROR: Key $KEY_ID not found in keyring"
138+ echo "=== Available keys ==="
112139 gpg --list-secret-keys --keyid-format LONG
113140 exit 1
114141 fi
142+
143+ # Test signing with the key
144+ echo "Testing GPG signing..."
145+ echo "test" | gpg --batch --yes --pinentry-mode loopback --sign --local-user "$KEY_ID" --output /dev/null 2>&1 || {
146+ echo "WARNING: GPG signing test failed, but continuing..."
147+ }
148+
149+ echo "Publishing to Maven Central..."
115150 mvn clean deploy -P release \
116151 -Dgpg.keyname="$KEY_ID" \
117152 -Dgpg.passphrase="$GPG_PASSPHRASE" \
0 commit comments