Skip to content

Latest commit

 

History

History
34 lines (32 loc) · 2.04 KB

SIGNING.md

File metadata and controls

34 lines (32 loc) · 2.04 KB

Release artifacts are signed. This is handled by the GitHub workflow.

To test the creation of signed artifacts on the local machine, follow steps below:

  • Change property VERSION_NAME in gradle.properties so that it does not end with -SNAPSHOT. Whenever the version ends with -SNAPSHOT, the artifacts are never signed. Make sure that this change is not committed.
  • Use GPG to generate a key. Maven requires a RSA key of at least 4096 bits. Most likely it does not matter for local publication whether this is used. Execute command:
    gpg --full-gen-key
    
    • Please select what kind of key you want: 1) RSA - RSA
    • What keysize do you want? 4096
    • Key is valid for? 0 (does not expire)
    • Real-name: ktlint-test
    • Email address: [email protected]
    • Comment: Test signing of ktlint artifacts on local machine only
    • Passphrase: i-will-try-no-to-forget-this-passphrase
    • The output ends with something like
    pub   rsa4096 2023-10-08 [SC]
          5B0ABB03277D2FEB46FE7E8E22D6006063A5D3C3
    uid                      ktlint-test (Test signing of ktlint artifacts on local machine only) <[email protected]>
    sub   rsa4096 2023-10-08 [E]
    
  • Execute all commands below in the same terminal
    export ORG_GRADLE_PROJECT_signingKeyId="63A5D3C3" # Last 8 characters of full id of the public key generated by gpg command above
    export ORG_GRADLE_PROJECT_signingKeyPassword="i-will-try-no-to-forget-this-passphrase"
    # Command below will export the armored GPG signing key and store it in an environment variable. Note that this command will ask for the password (see ORG_GRADLE_PROJECT_signingKeyPassword).
    export ORG_GRADLE_PROJECT_signingKey="$(gpg --export-secret-keys --armor $ORG_GRADLE_PROJECT_signingKeyId | tail -r | tail -n +3 | tail -r | tail -n +3 | tr -d '\n')"
  • Execute the Gradle publication (this can not be combined with the export statements above because of the manual input of the passphrase)
    ./gradlew publishToMavenLocal