I am working on an open-source Java library and want to automate deployment to Sonatype. I managed to publish from my local machine, however, I want to automate things so that each tag is published. The problem which I am encountering is related to signing my artifacts using the signing plugin.
More precisely, I have a main project which contains 3 modules: masker, log4j2 and logback. The last two build jar artifacts and have the signing code in the build.gradle:
signing {
sign publishing.publications
}
The problem I am facing is that this approach requires having the gradle.properties file with the keyId, password and file location. For obvious reasons, I don’t want these commited in the repository. So, I use Gitlab CI to store these secret values in variables.
However, I can’t write the two gradle.properties files (one in the log4j2 module and one in the logback module) during publishing. And using the ./gradlew with the -P does not pass the arguments to the sub-modules. I don’t know how else to automate things, so any help is appreciated.
I tried using this method:
def signingKey = findProperty("signingKey")
def signingPassword = findProperty("signingPassword")
useInMemoryPgpKeys(signingKey, signingPassword)
However, it did not work locally:
* What went wrong:
Execution failed for task ':log4j2:signMavenJavaPublication'.
> Cannot perform signing task ':log4j2:signMavenJavaPublication' because it has no configured signatory
P.S: For anyone interested in looking over the code directly, you can find it here: Petre Popescu Open Source Projects / LogMasker · GitLab