-
Notifications
You must be signed in to change notification settings - Fork 208
Manage OSSRH
Artur Souza edited this page May 30, 2023
·
4 revisions
- url: https://oss.sonatype.org/
- user/pass: Find the secret in Dapr's 1Password (java-sdk-ossrh-repo)
- Download GPG private key from Dapr's 1Password (
java-sdk-mvn-gpg-private-keysecret in 1Password) - Base64-decode secret to private key
# for linux user
$ echo "secret" | base64 -D > gpg-private.key
- import gpg private key to your local machine
$ gpg --batch --import gpg-private.key
- Set the secret environment variables
export OSSRH_USER_TOKEN=user_token # See `java-sdk-ossrh-user-token` secret in 1Password
export OSSRH_PWD_TOKEN=user_pass # See `java-sdk-ossrh-user-token` secret in 1Password
export GPG_KEY=gpg_key # See `java-sdk-mvn-gpg-private-key-pass` secret in 1Password
export GPG_PWD=gpg_pwd # See `java-sdk-mvn-gpg-private-key-pass` secret in 1Password
- Deploy by maven
export GPG_TTY=$(tty)
mvn -V -B -Dgpg.skip=false -s settings.xml deploy
- Generate GPG Cert
$ export GPG_TTY=$(tty)
# when gpg asks password of cert, use `java-sdk-mvn-gpg-private-key-pass` secret in 1Password. if you want to use the different password, please update `java-sdk-mvn-gpg-private-key-pass` secret in 1Password.
$ gpg --generate-key
gpg (GnuPG) 2.2.19; Copyright (C) 2019 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Note: Use "gpg --full-generate-key" for a full featured key generation dialog.
GnuPG needs to construct a user ID to identify your key.
Real name: dapr.io
Email address: dapr@dapr.io
You selected this USER-ID:
"dapr.io <dapr@dapr.io>"
Change (N)ame, (E)mail, or (O)kay/(Q)uit? O
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key B32573E3D5C334D9 marked as ultimately trusted
gpg: directory '/Users/youngp/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/Users/youngp/.gnupg/openpgp-revocs.d/2C250DF7621BD1A2D6B06E27B32573E3D5C334D9.rev'
public and secret key created and signed.
pub rsa2048 2020-01-17 [SC] [expires: 2022-01-16]
2C250DF7621BD1A2D6B06E27B32573E3D5C334D9
uid dapr.io <dapr@dapr.io>
sub rsa2048 2020-01-17 [E] [expires: 2022-01-16]
- Export private key
# e.g. KEYID is 2C250DF7621BD1A2D6B06E27B32573E3D5C334D9 in the example
$ gpg -a --export-secret-key KEYID > private-key.gpg
- Base64-encode private-key.gpg
base64 private-key.gpg
- Export public key
# e.g. KEYID is 2C250DF7621BD1A2D6B06E27B32573E3D5C334D9 in the example
gpg -a --export KEYID > public-key.gpg
-
Upload public key only to https://keys.openpgp.org/upload/ - it will require to verify an e-mail sent to dapr@dapr.io
-
Update variables in GitHub Settings->secrets
-
GPG_PRIVATE_KEYwith the Base64 value of the private key -
GPG_KEYwith the new Key Id (2C250DF7621BD1A2D6B06E27B32573E3D5C334D9in this example) -
GPG_PASSwith the password used to generate the new key
-
-
Update
java-sdk-mvm-gpg-private-keysecret in keyvault