build: Sign release artifacts

2024-11-26 21:46:49 +01:00 · 2024-02-14 05:09:42 +01:00 · 2024-02-14 05:09:42 +01:00 · f1d7d0dc62
commit f1d7d0dc62
parent 40c90f5c1b
3 changed files with 43 additions and 21 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -41,6 +41,13 @@ jobs:
      - name: Install dependencies
        run: npm install

+      - name: Import GPG key
+        uses: crazy-max/ghaction-import-gpg@v6
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.GPG_PASSPHRASE }}
+          fingerprint: ${{ env.GPG_FINGERPRINT }}
+
      - name: Release
        env:
          GITHUB_TOKEN: ${{ secrets.REPOSITORY_PUSH_ACCESS }}
--- a/.releaserc
+++ b/.releaserc
@ -31,7 +31,7 @@
      {
        "assets": [
          {
-            "path": "build/libs/*all.jar"
+            "path": "build/libs/*-all*"
          }
        ],
        successComment: false
--- a/build.gradle.kts
+++ b/build.gradle.kts
@ -1,15 +1,29 @@
 plugins {
-    kotlin("jvm") version "1.9.10"
+    alias(libs.plugins.kotlin)
    alias(libs.plugins.shadow)
+    application
+    `maven-publish`
+    signing
 }

 group = "app.revanced"

+application {
+    mainClass = "app.revanced.cli.command.MainCommandKt"
+}
+
 repositories {
    mavenCentral()
    mavenLocal()
    google()
-    maven { url = uri("https://jitpack.io") }
+    maven {
+        // A repository must be speficied for some reason. "registry" is a dummy.
+        url = uri("https://maven.pkg.github.com/revanced/registry")
+        credentials {
+            username = project.findProperty("gpr.user") as String? ?: System.getenv("GITHUB_ACTOR")
+            password = project.findProperty("gpr.key") as String? ?: System.getenv("GITHUB_TOKEN")
+        }
+    }
 }

 dependencies {
@ -36,9 +50,6 @@ tasks {
    }

    shadowJar {
-        manifest {
-            attributes("Main-Class" to "app.revanced.cli.command.MainCommandKt")
-        }
        minimize {
            exclude(dependency("org.jetbrains.kotlin:.*"))
            exclude(dependency("org.bouncycastle:.*"))
@ -46,25 +57,29 @@ tasks {
        }
    }

-    build {
+    publish {
        dependsOn(shadowJar)
    }
+}

-    /*
-    Dummy task to hack gradle-semantic-release-plugin to release this project.
+// Needed by gradle-semantic-release-plugin.
+// Tracking: https://github.com/KengoTODA/gradle-semantic-release-plugin/issues/435

-    Explanation:
-    SemVer is a standard for versioning libraries.
-    For that reason the semantic-release plugin uses the "publish" task to publish libraries.
-    However, this subproject is not a library, and the "publish" task is not available for this subproject.
-    Because semantic-release is not designed to handle this case, we need to hack it.
+// The maven-publish is also necessary to make the signing plugin work.
+publishing {
+    repositories {
+        mavenLocal()
+    }

-    RE: https://github.com/KengoTODA/gradle-semantic-release-plugin/issues/435
-     */
-
-    register<DefaultTask>("publish") {
-        group = "publishing"
-        description = "Dummy task to hack gradle-semantic-release-plugin to release ReVanced CLI"
-        dependsOn(build)
+    publications {
+        create<MavenPublication>("revanced-cli-publication") {
+            from(components["java"])
+        }
    }
 }
+
+signing {
+    useGpgCmd()
+
+    sign(publishing.publications["revanced-cli-publication"])
+}