From c7a0350897acf90c78513f53ed5df820866444e8 Mon Sep 17 00:00:00 2001
From: Sebastian Stenzel <overheadhunter@users.noreply.github.com>
Date: Thu, 17 Oct 2024 13:13:21 +0200
Subject: [PATCH] use BC signer for `maven-gpg-plugin` (#96)

* use BC signer for `maven-gpg-plugin`

see https://issues.apache.org/jira/browse/MGPG-106
---
 .github/workflows/publish-central.yml | 5 ++---
 .github/workflows/publish-github.yml  | 3 +--
 pom.xml                               | 7 ++-----
 3 files changed, 5 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/publish-central.yml b/.github/workflows/publish-central.yml
index 633a579..aa49068 100644
--- a/.github/workflows/publish-central.yml
+++ b/.github/workflows/publish-central.yml
@@ -21,8 +21,6 @@ jobs:
           server-id: ossrh # Value of the distributionManagement/repository/id field of the pom.xml
           server-username: MAVEN_USERNAME # env variable for username in deploy
           server-password: MAVEN_PASSWORD # env variable for token in deploy
-          gpg-private-key: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
-          gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
       - name: Enforce project version ${{ github.event.inputs.tag }}
         run: mvn versions:set -B -DnewVersion=${{ github.event.inputs.tag }}
       - name: Deploy
@@ -30,4 +28,5 @@ jobs:
         env:
           MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
           MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
-          MAVEN_GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
\ No newline at end of file
+          MAVEN_GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
+          MAVEN_GPG_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }}
\ No newline at end of file
diff --git a/.github/workflows/publish-github.yml b/.github/workflows/publish-github.yml
index 0ab2eec..6d0c514 100644
--- a/.github/workflows/publish-github.yml
+++ b/.github/workflows/publish-github.yml
@@ -13,8 +13,6 @@ jobs:
           java-version: 22
           distribution: 'zulu'
           cache: 'maven'
-          gpg-private-key: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
-          gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
       - name: Enforce project version ${{ github.event.release.tag_name }}
         run: mvn versions:set -B -DnewVersion=${{ github.event.release.tag_name }}
       - name: Deploy
@@ -22,6 +20,7 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           MAVEN_GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
+          MAVEN_GPG_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }}
       - name: Slack Notification
         uses: rtCamp/action-slack-notify@v2
         env:
diff --git a/pom.xml b/pom.xml
index b9efd24..6a0c7d8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -242,11 +242,8 @@
 									<goal>sign</goal>
 								</goals>
 								<configuration>
-									<keyname>E6E6A235</keyname>
-									<gpgArguments>
-										<arg>--pinentry-mode</arg>
-										<arg>loopback</arg>
-									</gpgArguments>
+									<signer>bc</signer>
+									<keyFingerprint>58117AFA1F85B3EEC154677D615D449FE6E6A235</keyFingerprint>
 								</configuration>
 							</execution>
 						</executions>