chore[release]: testing the PGP key

CDCgov · Sep 6, 2024 · 21dfbe6 · 21dfbe6
1 parent 1b0a1be
commit 21dfbe6
Showing 1 changed file with 32 additions and 0 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -22,6 +22,38 @@ jobs:
           java-version: "21"
           cache: "sbt"
 
+      - name: Decrypt and Import GPG Key
+        run: |
+            gpgconf --kill gpg-agent || true
+            gpgconf --launch gpg-agent || true
+            echo "$PGP_SECRET" | base64 --decode | gpg --batch --no-tty --import
+        env:
+          PGP_SECRET: ${{ secrets.GPG_PRIVATE_KEY_BORIS }}
+
+      - name: Verify Resources
+        run: |
+          echo "---------- Verifying GPG Keys ----------"
+          GPG_FINGERPRINT=$(gpg --list-keys --with-colons | grep fpr | head -n 1 | cut -d: -f10)
+          echo "GPG_FINGERPRINT=$GPG_FINGERPRINT" >> $GITHUB_ENV
+          gpg --keyserver keyserver.ubuntu.com --recv-keys $GPG_FINGERPRINT
+          echo "----------------------------------------"
+          echo "----------------------------------------"
+          echo "---------- Verifying Existence of Sonatype Credentials ----------"
+          if [ -z "$SONATYPE_USERNAME" ]; then echo "SONATYPE_USERNAME is not set"; else echo "SONATYPE_USERNAME is set"; fi
+          if [ -z "$SONATYPE_PASSWORD" ]; then echo "SONATYPE_PASSWORD is not set"; else echo "SONATYPE_PASSWORD is set"; fi
+          echo "-----------------------------------------------------------------"
+          echo "-----------------------------------------------------------------"
+          echo "---------- Verifying Existence of PGP Variables ----------"
+          if [ -z "$PGP_PASSPHRASE" ]; then echo "PGP_PASSPHRASE is not set"; else echo "PGP_PASSPHRASE is set"; fi
+          if [ -z "$PGP_SECRET" ]; then echo "PGP_SECRET is not set"; else echo "PGP_SECRET is set"; fi          
+          echo "----------------------------------------------------------"
+          echo "----------------------------------------------------------"
+        env:
+          SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
+          SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
+          PGP_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE_BORIS }}
+          PGP_SECRET: ${{ secrets.GPG_PRIVATE_KEY_BORIS }}
+
       - name: Publish to Maven Repository
         run: sbt ci-release
         env: