From 21dfbe6c0b75f81f2371d71355000545f5780016 Mon Sep 17 00:00:00 2001
From: Boris Ning <tpz7@cdc.gov>
Date: Fri, 6 Sep 2024 13:05:01 -0400
Subject: [PATCH] chore[release]: testing the PGP key

---
 .github/workflows/release.yml | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index ec3d851..2ddfc74 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -22,6 +22,38 @@ jobs:
           java-version: "21"
           cache: "sbt"
 
+      - name: Decrypt and Import GPG Key
+        run: |
+            gpgconf --kill gpg-agent || true
+            gpgconf --launch gpg-agent || true
+            echo "$PGP_SECRET" | base64 --decode | gpg --batch --no-tty --import
+        env:
+          PGP_SECRET: ${{ secrets.GPG_PRIVATE_KEY_BORIS }}
+
+      - name: Verify Resources
+        run: |
+          echo "---------- Verifying GPG Keys ----------"
+          GPG_FINGERPRINT=$(gpg --list-keys --with-colons | grep fpr | head -n 1 | cut -d: -f10)
+          echo "GPG_FINGERPRINT=$GPG_FINGERPRINT" >> $GITHUB_ENV
+          gpg --keyserver keyserver.ubuntu.com --recv-keys $GPG_FINGERPRINT
+          echo "----------------------------------------"
+          echo "----------------------------------------"
+          echo "---------- Verifying Existence of Sonatype Credentials ----------"
+          if [ -z "$SONATYPE_USERNAME" ]; then echo "SONATYPE_USERNAME is not set"; else echo "SONATYPE_USERNAME is set"; fi
+          if [ -z "$SONATYPE_PASSWORD" ]; then echo "SONATYPE_PASSWORD is not set"; else echo "SONATYPE_PASSWORD is set"; fi
+          echo "-----------------------------------------------------------------"
+          echo "-----------------------------------------------------------------"
+          echo "---------- Verifying Existence of PGP Variables ----------"
+          if [ -z "$PGP_PASSPHRASE" ]; then echo "PGP_PASSPHRASE is not set"; else echo "PGP_PASSPHRASE is set"; fi
+          if [ -z "$PGP_SECRET" ]; then echo "PGP_SECRET is not set"; else echo "PGP_SECRET is set"; fi          
+          echo "----------------------------------------------------------"
+          echo "----------------------------------------------------------"
+        env:
+          SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
+          SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
+          PGP_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE_BORIS }}
+          PGP_SECRET: ${{ secrets.GPG_PRIVATE_KEY_BORIS }}
+
       - name: Publish to Maven Repository
         run: sbt ci-release
         env: