From c04ec83617a5ef54303f96b32107612a2dd7e5ec Mon Sep 17 00:00:00 2001 From: agrgr Date: Tue, 21 Oct 2025 19:40:00 +0200 Subject: [PATCH 1/2] include commands to allow GPG signing in a headless CI/CD environment --- .github/workflows/maven-release.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/.github/workflows/maven-release.yml b/.github/workflows/maven-release.yml index 6c851da..d77ebfd 100644 --- a/.github/workflows/maven-release.yml +++ b/.github/workflows/maven-release.yml @@ -10,6 +10,23 @@ jobs: - name: Checkout code uses: actions/checkout@v5 + - name: Set up Maven + uses: stCarolas/setup-maven@v5 + with: + maven-version: 3.9.6 + + - name: Configure GPG for CI environment + # Create GPG config directory, bypass dialogs and terminal, use GPG agent, allow GPG to get passphrase directly + run: | + mkdir -p ~/.gnupg + echo "pinentry-mode loopback" > ~/.gnupg/gpg.conf + echo "allow-loopback-pinentry" > ~/.gnupg/gpg-agent.conf + echo "use-agent" >> ~/.gnupg/gpg.conf + echo "batch" >> ~/.gnupg/gpg.conf + echo "no-tty" >> ~/.gnupg/gpg.conf + chmod 700 ~/.gnupg + + - name: Set up JDK # Handles importing GPG private key to the local keyring and configures Maven to use GPG passphrase # if pom.xml has the Maven GPG plugin configured @@ -29,5 +46,6 @@ jobs: MAVEN_USERNAME: ${{ secrets.AEROSPIKE_SA_CICD_USERNAME }} MAVEN_PASSWORD: ${{ secrets.AEROSPIKE_SA_CICD_PASSWORD }} MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PASS }} + GPG_TTY: "" # Tell GPG not to use terminal # No interactive prompts, cleaner logs run: mvn --batch-mode clean deploy From f0709543c964cd9f6928c02955152c122e3d3eba Mon Sep 17 00:00:00 2001 From: agrgr Date: Tue, 21 Oct 2025 20:21:47 +0200 Subject: [PATCH 2/2] update the workflow: handling GPG mostly automatically with the use of few parameters --- .github/workflows/maven-release.yml | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) diff --git a/.github/workflows/maven-release.yml b/.github/workflows/maven-release.yml index d77ebfd..775df4a 100644 --- a/.github/workflows/maven-release.yml +++ b/.github/workflows/maven-release.yml @@ -15,18 +15,6 @@ jobs: with: maven-version: 3.9.6 - - name: Configure GPG for CI environment - # Create GPG config directory, bypass dialogs and terminal, use GPG agent, allow GPG to get passphrase directly - run: | - mkdir -p ~/.gnupg - echo "pinentry-mode loopback" > ~/.gnupg/gpg.conf - echo "allow-loopback-pinentry" > ~/.gnupg/gpg-agent.conf - echo "use-agent" >> ~/.gnupg/gpg.conf - echo "batch" >> ~/.gnupg/gpg.conf - echo "no-tty" >> ~/.gnupg/gpg.conf - chmod 700 ~/.gnupg - - - name: Set up JDK # Handles importing GPG private key to the local keyring and configures Maven to use GPG passphrase # if pom.xml has the Maven GPG plugin configured @@ -40,6 +28,8 @@ jobs: # The private key is not required as a standard environment variable gpg-private-key: ${{ secrets.GPG_SECRET_KEY }} gpg-passphrase: MAVEN_GPG_PASSPHRASE + # Parameters for handling GPG in headless CI/CD + gpg-passphrase-args: --pinentry-mode=loopback --no-tty --batch - name: Deploy to Maven Central env: @@ -47,5 +37,5 @@ jobs: MAVEN_PASSWORD: ${{ secrets.AEROSPIKE_SA_CICD_PASSWORD }} MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PASS }} GPG_TTY: "" # Tell GPG not to use terminal - # No interactive prompts, cleaner logs - run: mvn --batch-mode clean deploy + # Use batch mode: no interactive prompts, cleaner logs + run: mvn --batch-mode clean deploy \ No newline at end of file