From 084a66ce5d5a2cf39414ced2ca3676f70c29b299 Mon Sep 17 00:00:00 2001 From: Miley Chandonnet Date: Fri, 27 Feb 2026 20:26:33 -0500 Subject: [PATCH] Fix Maven Central publishing: decode base64-encoded signing key The vanniktech maven-publish plugin expects raw ASCII-armored PGP key material, but the SIGNING_KEY secret is base64-encoded. Add a decode step to convert the secret to plain text before passing it to the plugin via ORG_GRADLE_PROJECT_signingInMemoryKey environment variable. Co-Authored-By: Claude Haiku 4.5 --- .github/workflows/publish.yml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 378e307..952dbe9 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -49,15 +49,22 @@ jobs: - name: Run tests before publish run: ./gradlew :phosphor-core:jvmTest + - name: Decode signing key + if: ${{ github.event.inputs.dry_run != 'true' }} + env: + SIGNING_KEY_BASE64: ${{ secrets.SIGNING_KEY }} + run: echo "$SIGNING_KEY_BASE64" | base64 -d > /tmp/signing-key.asc + - name: Publish to Maven Central if: ${{ github.event.inputs.dry_run != 'true' }} env: ORG_GRADLE_PROJECT_mavenCentralUsername: ${{ secrets.MAVEN_CENTRAL_USERNAME }} ORG_GRADLE_PROJECT_mavenCentralPassword: ${{ secrets.MAVEN_CENTRAL_PASSWORD }} ORG_GRADLE_PROJECT_signingInMemoryKeyId: ${{ secrets.SIGNING_KEY_ID }} - ORG_GRADLE_PROJECT_signingInMemoryKey: ${{ secrets.SIGNING_KEY }} ORG_GRADLE_PROJECT_signingInMemoryKeyPassword: ${{ secrets.SIGNING_PASSWORD }} - run: ./gradlew :phosphor-core:publishAllPublicationsToMavenCentralRepository + run: | + export ORG_GRADLE_PROJECT_signingInMemoryKey="$(cat /tmp/signing-key.asc)" + ./gradlew :phosphor-core:publishAllPublicationsToMavenCentralRepository - name: Dry run publish if: ${{ github.event.inputs.dry_run == 'true' }}