Skip to content

chore(ci): add signing env to publish workflow#15

Merged
xenoterracide merged 1 commit intodevelopfrom
chore/fix-signing-2
Feb 6, 2026
Merged

chore(ci): add signing env to publish workflow#15
xenoterracide merged 1 commit intodevelopfrom
chore/fix-signing-2

Conversation

@xenoterracide
Copy link
Owner

@xenoterracide xenoterracide commented Feb 6, 2026
edited
Loading

  • name the GitHub release step for clearer logs when publishing
  • supply the GPG key and passphrase so Gradle can sign artifacts before
    release

@xenoterracide
ci(workflows): add GPG signing configuration to publish workflow
34643e7 
- Integrated `GPG_SECRET_KEY` and `GPG_PASSPHRASE` to sign staging releases.
- Updated release step to use additional environment variables for Gradle tasks.
Copilot AI review requested due to automatic review settings February 6, 2026 22:41
@xenoterracide xenoterracide changed the title ci(workflows): add GPG signing configuration to publish workflow chore(ci): add signing env to publish workflow Feb 6, 2026
@chatgpt-codex-connector
Copy link

chatgpt-codex-connector bot commented Feb 6, 2026

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

@xenoterracide xenoterracide merged commit a91467e into develop Feb 6, 2026
9 checks passed
@xenoterracide xenoterracide deleted the chore/fix-signing-2 branch February 6, 2026 22:42
Copilot AI reviewed Feb 6, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds Gradle GPG signing environment configuration to the publish GitHub Actions workflow so the GitHub Release step can run signing-required Gradle publish tasks during release creation.

Changes:

  • Names the GitHub Release step for clarity.
  • Adds ORG_GRADLE_PROJECT_signingInMemoryKey and ORG_GRADLE_PROJECT_signingInMemoryKeyPassword to the GitHub Release step environment.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

.github/workflows/publish.yml
Comment on lines 58 to 60
export STAGING=$(printf "%s" $(./gradlew stagingPath --quiet))
gh release create ${{ github.event.workflow_run.head_branch }} --generate-notes $STAGING/* --verify-tag
if: ${{ steps.detect-tag.outputs.is_tag == 'true' }}
Copy link

Copilot AI Feb 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

gh release create is using ${{ github.event.workflow_run.head_branch }} as the release/tag name, but this job is gated on a Git tag existing at HEAD. For workflow_run executions triggered by a tag push, head_branch can be empty (and in other cases it may be a branch name), which will cause --verify-tag to fail or create a release with the wrong identifier. Prefer using the actual tag you already detect (e.g., output the tag name from detect-tag and pass that to gh release create).

Copilot uses AI. Check for mistakes.
.github/workflows/publish.yml
Comment on lines 62 to +64
GH_TOKEN: ${{ github.token }}
ORG_GRADLE_PROJECT_signingInMemoryKey: ${{ secrets.GPG_SECRET_KEY }}
ORG_GRADLE_PROJECT_signingInMemoryKeyPassword: ${{ secrets.GPG_PASSPHRASE }}
Copy link

Copilot AI Feb 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The GPG signing env vars are now duplicated in three separate steps. To reduce drift (e.g., if secret names change), consider defining ORG_GRADLE_PROJECT_signingInMemoryKey and ORG_GRADLE_PROJECT_signingInMemoryKeyPassword once at the job env: level (or via a YAML anchor) and only override per-step if needed.

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@xenoterracide