Closed aalmiray closed 1 year ago
afrittoli
commented
1 year ago Thanks @aalmiray - the public key is public, so no problem at all. I uploaded it already to one of the public GPG keyservers, but I'm happy to add it to the secrets on GitHub too.
afrittoli
commented
1 year ago @afrittoli this setup requires adding one extra secret:
GPG_PUBLIC_KEY. It's required for verifying local signatures. If this were to be a problem and the project rather not put the public key as a secrete I think it's possible to skip local signature verification, in which case an update to the settings would be required.An additional benefit is that the JReleaser plugin will also let the project announce releases if the desired announcers were to be configured.
Secret added. For reference, the public key is:
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEZD1hXRYJKwYBBAHaRw8BAQdATXSWmjn+kAAkSk0t0sKBMfSCVLsJaB12w6yl
cGFbTVS0SkNERXZlbnRzIEJvdCAoR1BHIEtleSBmb3IgdGhlIENERXZlbnRzIENJ
L0NEIEJvdCkgPGNkZXZlbnRzQGNkLmZvdW5kYXRpb24+iJkEExYKAEEWIQQ5Jm1M
p/pPcLvC2G3Z9vVH9AgOAgUCZD1hXQIbAwUJAeEzgAULCQgHAgIiAgYVCgkICwIE
FgIDAQIeBwIXgAAKCRDZ9vVH9AgOAjItAP0YLI/9ECCbz2+KNSOG6gQT+zkWyzNx
KzDt6LuEs5DKogD/TMLru01B4SoAN7CNaTV6HY0Fz75xXBZH4aW9WFjPaQi4OARk
PWFdEgorBgEEAZdVAQUBAQdAhOUpryhWsl5P9os9ZCw2W3j528PeNJyDgsAwOGNT
BhYDAQgHiH4EGBYKACYWIQQ5Jm1Mp/pPcLvC2G3Z9vVH9AgOAgUCZD1hXQIbDAUJ
AeEzgAAKCRDZ9vVH9AgOAmblAQDCi50kp6QILxNkh8OqNF3feSqDOYUc9CaWuJS2
67/zeAD+OOXiMkhG88scQzK5f/JLU8DoGEn1MrSeqmBSashbsQc=
=qPWa
-----END PGP PUBLIC KEY BLOCK-----
@afrittoli this setup requires adding one extra secret:
GPG_PUBLIC_KEY. It's required for verifying local signatures. If this were to be a problem and the project rather not put the public key as a secret I think it's possible to skip local signature verification, in which case an update to the settings would be required.An additional benefit is that the JReleaser plugin will also let the project announce releases if the desired announcers were to be configured.