Signing about nexus-publish-e2e-minimal HOT 5 OPEN

I may have found "the problem", though no idea why it is a problem. The signing happens on our CI server, so it was not immediately obvious. But digging through the Jenkins console I see this:

* What went wrong:
A problem was found with the configuration of task ':hibernate-jpamodelgen:signPublishedArtifactsPublication' (type 'Sign').
  - In plugin 'org.gradle.signing' type 'org.gradle.plugins.signing.Sign' property 'signatory.keyId' doesn't have a configured value.
    
    Reason: This property isn't marked as optional and no value has been configured.
    
    Possible solutions:
      1. Assign a value to 'signatory.keyId'.
      2. Mark property 'signatory.keyId' as optional.

But these should be picked up by command line properties, right? I have the following:

./gradlew sign -x test --no-scan \
    -Psigning.password=$SIGNING_PASS -Psigning.keyId=$SIGNING_KEY -Psigning.secretKeyRingFile=$SIGNING_KEYRING \
    -Psignatory.password=$SIGNING_PASS -Psignatory.keyId=$SIGNING_KEY -Psignatory.secretKeyRingFile=$SIGNING_KEYRING \

where $SIGNING_PASS, $SIGNING_KEY and $SIGNING_KEYRING come from Jenkin's Credentials plugin. They get used in other (Maven) builds so I know they are correct values.

from nexus-publish-e2e-minimal.

Someone on StackOverflow[1] indicated that the property names have change from signing.* to signing.gnupg.*. I have tried with both and same failures. I should also mention I have tried all of these:

1. Project properties (-P)
2. System props (-D)
3. Environment variables

All fail. Every combination fails.

[1] https://stackoverflow.com/questions/32816003/how-to-sign-with-gradle-and-gpg2

from nexus-publish-e2e-minimal.

-Psigning.keyId=$SIGNING_KEY

You use signing.keyId, but signingKey is expected by findProperty('signingKey'). I propose to log the values to stdout (log or println) to verify they are resolved properly. In addition, signing is performed in the Gradle execution with publishToSonatype closeAndReleaseSonatypeStagingRepository (you do not need to call gradlew sign before and you need to use -P... in the second call).

from nexus-publish-e2e-minimal.

Thanks for the reply @szpak !

That was a different iteration. Like I said, I was trying to just use the "new" settings someone mentioned on Stack Overflow. In that second iteration I have:

signing {
	useGpgCmd()
	sign publishing.publications.publishedArtifacts
}

and then have the command line I mentioned:

./gradlew sign -x test --no-scan \
    -Psigning.password=$SIGNING_PASS -Psigning.keyId=$SIGNING_KEY -Psigning.secretKeyRingFile=$SIGNING_KEYRING

and also tried (per SO post):

./gradlew sign -x test --no-scan \
    -Psigning.gnupg.password=$SIGNING_PASS -Psigning.gnupg.keyId=$SIGNING_KEY -Psigning.gnupg.secretKeyRingFile=$SIGNING_KEYRING

Neither command line worked.

from nexus-publish-e2e-minimal.

The best for CI would be useInMemoryPgpKeys() - see my blog post or the official documentation. We use it in this project and it works fine.

For your first configuration, remember that signingKey is not a key ID, but the key itself.

Having it failing on CI, please paste the command you call (on CI) and the error you have.

Btw, make sure you don't use a SNAPSHOT version as you explicitly disable signing for SNAPSHOTs.

from nexus-publish-e2e-minimal.