From 63fc51cd0a0a569014d09096102dd7f384d8e2ef Mon Sep 17 00:00:00 2001 From: kirich1409 Date: Mon, 1 Jun 2026 11:32:15 +0300 Subject: [PATCH] Extract Gradle Plugin Portal publish into separate workflow Isolates Portal publication so a re-run never re-triggers the Maven Central step. Adds workflow_dispatch with required ref/version inputs so the v1.0.0 tag can be published retroactively. Root cause fixed: the missing GPG signing env (ORG_GRADLE_PROJECT_signingInMemoryKey*) is now present alongside Portal creds, resolving the signatory error on marker publications. --- .github/workflows/publish-plugin-portal.yml | 66 +++++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 .github/workflows/publish-plugin-portal.yml diff --git a/.github/workflows/publish-plugin-portal.yml b/.github/workflows/publish-plugin-portal.yml new file mode 100644 index 0000000..4be4ff7 --- /dev/null +++ b/.github/workflows/publish-plugin-portal.yml @@ -0,0 +1,66 @@ +name: Publish Plugin to Gradle Plugin Portal + +on: + push: + tags: + - "v[0-9]+.[0-9]+.[0-9]+" + - "v[0-9]+.[0-9]+.[0-9]+-*" + # No branches: branch pushes produce SNAPSHOTs; Portal rejects them. + workflow_dispatch: + inputs: + ref: + description: "Git ref to check out (e.g. v1.0.0). Must point to the exact release tag." + required: true + version: + description: "Plugin version to publish (e.g. 1.0.0, without leading v)." + required: true + +permissions: + contents: read + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: false + +jobs: + publish-plugin-portal: + name: Publish plugin to Gradle Plugin Portal + runs-on: ubuntu-latest + environment: Main + + steps: + - uses: actions/checkout@v6 + with: + # On tag push: check out the triggering tag. + # On workflow_dispatch: check out the explicit ref input so develop-HEAD + # (1.1.0-SNAPSHOT) is never published in place of the release tag. + ref: ${{ inputs.ref || github.ref }} + + - uses: ./.github/actions/setup-build-env + + - name: Determine version + id: version + env: + INPUT_VERSION: ${{ inputs.version }} + run: | + if [[ -n "${INPUT_VERSION}" ]]; then + # Manual dispatch: use the explicitly supplied version. + VERSION="${INPUT_VERSION}" + else + # Tag push: strip the leading "v" from the tag (e.g. v1.0.0 -> 1.0.0). + VERSION="${GITHUB_REF_NAME#v}" + fi + echo "VERSION_NAME=${VERSION}" | tee -a "$GITHUB_OUTPUT" + + - name: Publish plugin to Gradle Plugin Portal + # publishPlugins uploads directly — no manual promotion step unlike Maven Central. + # GPG signing env is required: com.gradle.plugin-publish creates maven publications + # for plugin markers and the signing plugin signs them as part of publishPlugins. + env: + GRADLE_PUBLISH_KEY: ${{ secrets.GRADLE_PUBLISH_KEY }} + GRADLE_PUBLISH_SECRET: ${{ secrets.GRADLE_PUBLISH_SECRET }} + ORG_GRADLE_PROJECT_signingInMemoryKey: ${{ secrets.GPG_SIGNING_KEY }} + ORG_GRADLE_PROJECT_signingInMemoryKeyId: ${{ secrets.GPG_KEY_ID }} + ORG_GRADLE_PROJECT_signingInMemoryKeyPassword: ${{ secrets.GPG_KEY_PASSWORD }} + ORG_GRADLE_PROJECT_VERSION_NAME: ${{ steps.version.outputs.VERSION_NAME }} + run: ./gradlew --no-daemon :featured-gradle-plugin:publishPlugins --no-configuration-cache