fix(gradle): add support for blank gpg passphrase #1884
Conversation
|
|
293a79e to
147b7c8
Compare
Update documentation following jreleaser/jreleaser#1884
| cosign ? COSIGN_PASSWORD : GPG_PASSPHRASE, | ||
| "signing.passphrase", | ||
| signing.getPassphrase(), | ||
| new Errors(), |
There was a problem hiding this comment.
I tried to minimise my changes. I pass new Errors() here as a way to ignore the errors (otherwise it just fails).
There was a problem hiding this comment.
Yes, passing a new instance of Errors is the way to go. You could change the logic to always pass a new instance no matter what.
Also, the warning should be already resolved from internal message resources.
Given that the errors instance is new, if the passphrase is blank there should be a single error message. You could grab it and print it as a warning.
There was a problem hiding this comment.
But if I print the error as a warning, it says this:
[WARN] [validation] signing.passphrase must not be blank. Configure a value using the Gradle DSL, or define a System property jreleaser.gpg.passphrase, or define a JRELEASER_GPG_PASSPHRASE environment variable, or define a key/value pair in /home/jones/.jreleaser/config.properties with a key named JRELEASER_GPG_PASSPHRASE
Which works, but it feels a bit weird because signing.passphrase can actually be blank, right? This is why I was thinking of logging "[WARN] Passphrase is blank" instead.
There was a problem hiding this comment.
Ok, right. Then please add a message resource for the new warning message stating that the passphrase is blank. And if one should be supplies then use the suggested env vars or sys props.
There was a problem hiding this comment.
Done! What do you think? 😊
| @@ -160,6 +160,7 @@ signing.file.newer = {} is newer than {} | |||
| signing.check.published.key = Checking if key {} has been published | |||
| signing.key.published = Key {} was found as published | |||
| signing.key.not.published = Key {} was NOT found as published | |||
| signing.passphrase.blank = Passphrase is blank. In case a passphrase is needed, you can configure a value using the Gradle DSL, or define a System property {}, or define a {} environment variable, or define a key/value pair in {} with a key named {} | |||
There was a problem hiding this comment.
The Gradle DSL is not the only one. There should be another message key in the resources file that can be used as a guide.
| "signing.passphrase", | ||
| signing.getPassphrase(), | ||
| new Errors(), | ||
| context.isDryrun()); |
There was a problem hiding this comment.
The last parameter can be explicitly set to false.
9cdd537 to
1100aa0
Compare
|
Thank you 😄 |
Update documentation following jreleaser/jreleaser#1884
|
And thank you for the guidance! And I see that it's already released in early-access 🎉. Out of curiosity, what is the process to get it to Maven Central? Just to have an idea about when I could expect to see it there? |
|
Releases to Maven Central are posted every two months, at the end of the month, on even months. The next release is scheduled for June 30th. Per our release cadence #873 |
Update documentation following jreleaser/jreleaser#1884
|
🎉 This issue has been resolved in |
Fixes #1883
Context
GPG private keys are not always protected by a passphrase. Jreleaser should support unprotected keys.
Testing
I tried it both with a passphrase-protected key and an unprotected key, and it works for me.
Checklist
Apache License 2.0, e.g. the code was written by
you or the original code is licensed under a license compatible to Apache License 2.0.