From f4dea44e745e912681b5d3429337b800256fb0e0 Mon Sep 17 00:00:00 2001
From: dekm <gevan73@gmail.com>
Date: Tue, 26 Mar 2024 15:48:12 +0100
Subject: [PATCH 1/2] try and import the gpg key in the workflow

---
 .github/workflows/maven-publish.yml | 15 +++++++++------
 pax-sdk/pom.xml                     |  2 +-
 2 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/maven-publish.yml b/.github/workflows/maven-publish.yml
index 9699c4c..cf23204 100644
--- a/.github/workflows/maven-publish.yml
+++ b/.github/workflows/maven-publish.yml
@@ -10,6 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       contents: read
+      packages: write
 
     steps:
     - uses: actions/checkout@v3
@@ -19,16 +20,18 @@ jobs:
       with:
         java-version: '17'
         distribution: 'temurin'
-        server-id: ossrh # Server ID from your settings.xml
-        gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} # Imported from GitHub secrets
-        gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }} # Imported from GitHub secrets
+
+    - name: Import GPG Key
+      uses: crazy-max/ghaction-import-gpg@v3
+      with:
+        gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
+        passphrase: ${{ secrets.GPG_PASSPHRASE }}
 
     - name: Build with Maven
-      run: mvn clean install -B -P release --settings pax-sdk/settings.xml --file pax-sdk/pom.xml
-      env:
-        GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+      run: mvn clean install -B -P release --file pax-sdk/pom.xml
 
     - name: Sign and Deploy to OSSRH
       run: mvn deploy -B -P release --settings pax-sdk/settings.xml --file pax-sdk/pom.xml
       env:
+        GPG_EXECUTABLE: gpg
         GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
diff --git a/pax-sdk/pom.xml b/pax-sdk/pom.xml
index f51fb3d..4aca71c 100644
--- a/pax-sdk/pom.xml
+++ b/pax-sdk/pom.xml
@@ -845,7 +845,7 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-gpg-plugin</artifactId>
-				<version>1.6</version>
+				<version>3.1.0</version>
 				<executions>
 					<execution>
 						<id>sign-artifacts</id>

From bef0c54453992118d8a264ce18bb3bcd0260f2f9 Mon Sep 17 00:00:00 2001
From: dekm <gevan73@gmail.com>
Date: Tue, 26 Mar 2024 16:04:25 +0100
Subject: [PATCH 2/2] pass in OSSRH credentials

---
 .github/workflows/maven-publish.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/maven-publish.yml b/.github/workflows/maven-publish.yml
index cf23204..44fe0f9 100644
--- a/.github/workflows/maven-publish.yml
+++ b/.github/workflows/maven-publish.yml
@@ -35,3 +35,5 @@ jobs:
       env:
         GPG_EXECUTABLE: gpg
         GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+        OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+        OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}