use in-memory key variant

elastic · Jan 17, 2024 · c0d034d · c0d034d
1 parent c78c60b
commit c0d034d
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 3 deletions.
diff --git a/.buildkite/hooks/prepare-release.sh b/.buildkite/hooks/prepare-release.sh
@@ -32,6 +32,12 @@ export KEY_ID_SECRET
 # Import the key into the keyring
 echo "$KEYPASS_SECRET" | gpg --batch --import "$KEY_FILE"
 
+# Export the key in ascii armored format
+gpg --enarmor ${KEY_FILE}
+SECRING_ASC="$(cat "$KEY_FILE.asc")"
+export SECRING_ASC
+
+
 echo "--- Configure git context :git:"
 # Configure the committer since the maven release requires to push changes to GitHub
 # This will help with the SLSA requirements.

diff --git a/.ci/snapshot.sh b/.ci/snapshot.sh
@@ -41,6 +41,5 @@ chmod 600 ${folder}/gpg/gpg.conf
 ./gradlew \
     --debug \
     --console=plain \
-    -Psigning.gnupg.optionsFile=${folder}/gpg/gpg.conf \
     clean ${publishArg} \
     | tee snapshot.txt
diff --git a/agent/build.gradle b/agent/build.gradle
@@ -154,7 +154,7 @@ publishing {
 }
 
 signing {
-  // use gpg agent
-  useGpgCmd()
+  // use in-memory ascii-armored key in enviroment variables
+  useInMemoryPgpKeys(System.getenv("KEY_ID_SECRET"), System.getenv("SECRING_ASC"), System.getenv("KEYPASS_SECRET"))
   sign publishing.publications.agentJar
 }