Sign archives before publish.

.github/workflows/publish-maven.yml

@@ -25,8 +25,10 @@ jobs:
           distribution: temurin
           check-latest: true
           cache: "gradle"
+      - name: Save Private Key
+        run: echo -n "${{ secrets.MAVEN_GPG_PRIVATE_KEY }}" | base64 -d > secring.gpg
       - name: Run Build
-        run: ./gradlew publish
+        run: ./gradlew publish -Psigning.keyId=B4701DB2 -Psigning.password="${{ secrets.MAVEN_GPG_PASS }}" -Psigning.secretKeyRingFile=secring.gpg
         env:
           USERNAME: ${{ secrets.MAVEN_USERNAME }}
           PASSWORD: ${{ secrets.MAVEN_PASSWORD }}

build.gradle

@@ -1,6 +1,7 @@
 plugins {
     id "java"
     id "maven-publish"
+    id "signing"
     id "fr.stardustenterprises.rust.importer" version "3.2.5"
     id 'com.github.johnrengelman.shadow' version '7.1.2'
 }
@@ -37,6 +38,10 @@ java {
     withJavadocJar()
 }
 
+signing {
+    sign publishing.publications
+}
+
 group = 'rocks.kavin'
 version = '1.0'
 sourceCompatibility = JavaVersion.VERSION_17