[stage-vote-release-plugin] signingKey instead of secretKeyRingFile

[juherr]

Hi,

Because the GPG export can have some issues when a passphrase is needed in CI, we want to use "in-memory ascii-armored keys" and provide -Psigning.signingKey option instead of the default -Psigning.secretKeyRingFile option.

Is it possible?

[vlsi]

That is doable if you post-configure the signing plugin.

For instance, something like

plugins.withId("signing") {
    configure<SigningExtension> {
        useInMemoryPgpKeys(.., ...)
    }
}

I guess you could add it to https://github.com/testng-team/testng/blob/master/build-logic/publishing/src/main/kotlin/testng.maven-publish.gradle.kts or create testng.signing.gradle.kts and "include" it into testng.maven-publish.gradle.kts with id("testng.signing").

WDYT?

[juherr]

That sounds great. I will try that and keep you in touch.

Maybe you should add a documention section for the next users.

[juherr]

It worked like a charm, thanks! https://github.com/testng-team/testng/commit/c7e289b84bf8d4b0ad575bd19156cefc8bfa3125

For my understanding, is it possible to replace plugins.withId("signing") { ... } by signing { ... }?

[vlsi]

For my understanding, is it possible to replace plugins.withId("signing") { ... } by signing { ... }?

That depends. If you have plugins { signing } at the beginning of the build.gradle.kts, then you could just use signing { ... }.

The meaning is:

plugins.withId("signing") { ... } -- execute action when signing plugin is added to a project. If singing plugin is never applied, then the action is not executed.

signing { ... } -- configures signing configuration. Apparently, it expects that signing plugin should be already applied (e.g. with plugins { signing }) otherwise it would fail.

[juherr]

Ok, clear. Thanks for the explanations! Ping @krmahadevan fyi