From 08fbd3c0274b0c4c35fafbf7625f8a5f51e8124f Mon Sep 17 00:00:00 2001
From: You Qi <youqi@axzae.com>
Date: Fri, 28 Apr 2023 13:00:00 +0800
Subject: [PATCH] Introduce signing with PGP key

---
 .github/workflows/pre-merge.yaml      | 2 ++
 .github/workflows/publish-plugin.yaml | 2 ++
 plugin-build/plugin/build.gradle.kts  | 8 ++++++++
 3 files changed, 12 insertions(+)

diff --git a/.github/workflows/pre-merge.yaml b/.github/workflows/pre-merge.yaml
index 12f880f..5f9b8df 100644
--- a/.github/workflows/pre-merge.yaml
+++ b/.github/workflows/pre-merge.yaml
@@ -17,6 +17,8 @@ jobs:
     env:
       GRADLE_PUBLISH_KEY: ${{ secrets.GRADLE_PUBLISH_KEY }}
       GRADLE_PUBLISH_SECRET: ${{ secrets.GRADLE_PUBLISH_SECRET }}
+      GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }}
+      GPG_SIGNING_PASSWORD: ${{ secrets.GPG_SIGNING_PASSWORD }}
     if: ${{ !contains(github.event.head_commit.message, 'ci skip') }}
     steps:
       - name: Checkout Repo
diff --git a/.github/workflows/publish-plugin.yaml b/.github/workflows/publish-plugin.yaml
index 6428331..f0dc03c 100644
--- a/.github/workflows/publish-plugin.yaml
+++ b/.github/workflows/publish-plugin.yaml
@@ -11,6 +11,8 @@ jobs:
     env:
       GRADLE_PUBLISH_KEY: ${{ secrets.GRADLE_PUBLISH_KEY }}
       GRADLE_PUBLISH_SECRET: ${{ secrets.GRADLE_PUBLISH_SECRET }}
+      GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }}
+      GPG_SIGNING_PASSWORD: ${{ secrets.GPG_SIGNING_PASSWORD }}
     if: ${{ !contains(github.event.head_commit.message, 'ci skip') }}
     steps:
       - name: Checkout Repo
diff --git a/plugin-build/plugin/build.gradle.kts b/plugin-build/plugin/build.gradle.kts
index 6d35f07..aef0e41 100644
--- a/plugin-build/plugin/build.gradle.kts
+++ b/plugin-build/plugin/build.gradle.kts
@@ -1,6 +1,7 @@
 import org.jetbrains.kotlin.gradle.tasks.KotlinCompile
 
 plugins {
+    signing
     kotlin("jvm")
     `java-gradle-plugin`
     alias(libs.plugins.pluginPublish)
@@ -21,6 +22,13 @@ java {
     targetCompatibility = JavaVersion.VERSION_1_8
 }
 
+signing {
+    val signingKey = System.getenv("GPG_SIGNING_KEY")
+    val signingPassword = System.getenv("GPG_SIGNING_PASSWORD")
+    useInMemoryPgpKeys(signingKey.chunked(64).joinToString("\n"), signingPassword)
+    sign(tasks["jar"])
+}
+
 tasks.withType<KotlinCompile> {
     kotlinOptions {
         jvmTarget = JavaVersion.VERSION_1_8.toString()