build: Sign release artifacts

.github/workflows/release.yml

@@ -41,6 +41,13 @@ jobs:
       - name: Install dependencies
         run: npm install
 
+      - name: Import GPG key
+        uses: crazy-max/ghaction-import-gpg@v6
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.GPG_PASSPHRASE }}
+          fingerprint: ${{ env.GPG_FINGERPRINT }}
+
       - name: Release
         env:
           GITHUB_TOKEN: ${{ secrets.REPOSITORY_PUSH_ACCESS }}

.releaserc

@@ -31,7 +31,7 @@
       {
         "assets": [
           {
-            "path": "build/libs/*all.jar"
+            "path": "build/libs/*-all*"
           }
         ],
         successComment: false

build.gradle.kts

@@ -1,15 +1,29 @@
 plugins {
-    kotlin("jvm") version "1.9.10"
+    alias(libs.plugins.kotlin)
     alias(libs.plugins.shadow)
+    application
+    `maven-publish`
+    signing
 }
 
 group = "app.revanced"
 
+application {
+    mainClass = "app.revanced.cli.command.MainCommandKt"
+}
+
 repositories {
     mavenCentral()
     mavenLocal()
     google()
-    maven { url = uri("https://jitpack.io") }
+    maven {
+        // A repository must be speficied for some reason. "registry" is a dummy.
+        url = uri("https://maven.pkg.github.com/revanced/registry")
+        credentials {
+            username = project.findProperty("gpr.user") as String? ?: System.getenv("GITHUB_ACTOR")
+            password = project.findProperty("gpr.key") as String? ?: System.getenv("GITHUB_TOKEN")
+        }
+    }
 }
 
 dependencies {
@@ -36,9 +50,6 @@ tasks {
     }
 
     shadowJar {
-        manifest {
-            attributes("Main-Class" to "app.revanced.cli.command.MainCommandKt")
-        }
         minimize {
             exclude(dependency("org.jetbrains.kotlin:.*"))
             exclude(dependency("org.bouncycastle:.*"))
@@ -46,25 +57,29 @@ tasks {
         }
     }
 
-    build {
+    publish {
         dependsOn(shadowJar)
     }
+}
 
-    /*
+// Needed by gradle-semantic-release-plugin.
-    Dummy task to hack gradle-semantic-release-plugin to release this project.
+// Tracking: https://github.com/KengoTODA/gradle-semantic-release-plugin/issues/435
 
-    Explanation:
+// The maven-publish is also necessary to make the signing plugin work.
-    SemVer is a standard for versioning libraries.
+publishing {
-    For that reason the semantic-release plugin uses the "publish" task to publish libraries.
+    repositories {
-    However, this subproject is not a library, and the "publish" task is not available for this subproject.
+        mavenLocal()
-    Because semantic-release is not designed to handle this case, we need to hack it.
+    }
 
-    RE: https://github.com/KengoTODA/gradle-semantic-release-plugin/issues/435
+    publications {
-     */
+        create<MavenPublication>("revanced-cli-publication") {
-
+            from(components["java"])
-    register<DefaultTask>("publish") {
+        }
-        group = "publishing"
-        description = "Dummy task to hack gradle-semantic-release-plugin to release ReVanced CLI"
-        dependsOn(build)
     }
 }
+
+signing {
+    useGpgCmd()
+
+    sign(publishing.publications["revanced-cli-publication"])
+}