From e88103862ef9ddecf0cc509810b241c343d4ac86 Mon Sep 17 00:00:00 2001 From: "Mahesh.Binayak" Date: Wed, 3 Jun 2026 12:48:10 +0530 Subject: [PATCH 1/2] [GPG migration] Remove static private key, pass GPG_PRIVATE_KEY as secret - Deleted .github/keys/mosipgpgkey_sec.gpg (private key now stored as GPG_PRIVATE_KEY repo secret) - Updated all kattu workflow refs from master-java21 to mahesh-patch-1 - Added GPG_PRIVATE_KEY secret passthrough to build and publish jobs Signed-off-by: Mahesh.Binayak Co-Authored-By: Claude Sonnet 4.6 --- .github/keys/mosipgpgkey_sec.gpg | Bin 2663 -> 0 bytes .github/workflows/push-trigger.yml | 8 +++++--- 2 files changed, 5 insertions(+), 3 deletions(-) delete mode 100644 .github/keys/mosipgpgkey_sec.gpg diff --git a/.github/keys/mosipgpgkey_sec.gpg b/.github/keys/mosipgpgkey_sec.gpg deleted file mode 100644 index 97de55678f8289b67245faaa95534caff22da5aa..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2663 zcmaLXX*d*$9tQAPWb9i)*_VVYV@$GdNn^5R29dF4nPJAhMKP46L6Yp!327R88HN5a!b&-`}rA>|>XChRoKXOCr47i%DqEc5_q84HM3=sTiyHYODL3TL5is59vl$0S z0P5K9i{z~+wleRGRKMl<*)5aQTBct*FFWudgJRnFET(72mrDmV9;Hd3jpVQFX^}_ z<1>tMeUoTe{<>j4Sl*F^S}yKjYuAJfUm#cR`9!vKOZ5~`EGDHTsLhjaIlqMT|ibes6-JO^oZ;_(fXz-}1m7;Fc0vih~S-l*y`s z+e5k`-!Lb8zU9?SFbX9+4ouyB(rl4dsSn9eZ>+47Ni+amQnP?qW_3)}M$~za7R04; z53Ze2D2hU@KbHu0VW)vjGwRC!h?o0NTvYJPnowNier5fN^RGavD@W6SlFN7T%Uk_? z)Kug6b;6#x>aVobJ+w9VJY5~dXH%QeShiu**;XY0ng6KwdZm5jz^Pnc%D>lM)53>1 z!3?ZAEf&{6G)k@P;r^{@3V=C8x85RXso6eNyC!J1CSl#`EU~oJ`r^Wk+YyME=`N(3 ziCwp&2o#9jpR$@LI5gNJ9beNRf^VuMq*v}9d_sP#cUvB~He+Rn;3Dk~4*CkC8&G~V z%~tY`L|5ag!SpFlU8?(%_VV<$YTX4Uy^Dul7axlELQ*oXu3eiyQeK!-oj{J40+xBF z0|G2&9orf8%9oX_mn(e5^m$)qWGjC1DYjO{$3E;5_NPQ_%87T*NZd1v0^1)L z{+VRC3G!nw5nVIcAg$?!W_)uPO21X^({O*ih~gvNHOYDo4^eYyT008jOUrh$;ZTx( zhuL7fM&N_Ou)#7)D1U62%-{F#i1&>2A;@_95W+(}17$*ef`gQ04E|NA``|sXfrOxN ztS{Cl)Wq+fN!>dLZ=1t0_cIn!4Pgvj=vWHWIx3L;^g9H69IvNASob7G(kj` zEy-wVWn`-ZOPdw6iZmT_^90Cq$|(!L#VPQg&uTK{*ilT^ot#xzcQ<#gZpPNx z*858Olsa4_9@r}Xw(4f$=+Vje8}RFjdAnAjrG9eIjx$jql1m@)r-Ov+G5IREVCCc0 zdTfsCs15mLk72P}+T@5N;#Eg`{E=4kk>y)7Kf!e`Cein%qhUy*QQNbSyW!cMVW9o> zoWP_vX2;L#*Q6V~NbazF%@Op*@~`*uyA-ZjW+9x!D(7*mEjW8|C@Y_OPn>(V;(jh& z929Tr0;FB`P1@pt3M7kmYYb=gHd4zLErQPU&ahIKyV$sFSi!CYqxX`)C3S zsFCL(dlRiaUqr^4bM)ZqF(5H0tPxE~H5^(o_l%?cIc1TOYQcIO>9?bSf zD^v%b0!>vGrcXEkWlP>wKgvP%H*kkasI!79#4x{u*`(6~6&tl#Q8bsJJnRPe+H)a% zUAwF-lkMWAer+YVwjv&2lrzjZ9vZwqJdyQ1u}X~3r1rb?^>7WdW=G@XJsqVrnMYsp z2NZa@y`U`va_m8*C|iUx*NJe7Bx z*utP~`8H~vQh>;Q&ZAyMR;xjYenPH>Hbsp~5&!1&f0b3$uLqw=?|68O5{qzlmCGvS zgv#+dZ2q)&*pYh=6U-6S!KZkYUUD6Y?fn@tFQxO?izh>1pzVEwbw8y87n+3`PF}4R zIxWRXV@q$jE=G%zsVfd3R!DxEO(&Ao-?hmv#ZNuSXh1M9y+}lK(1lCeA}%(IB-{A6 zgt)}E>^;uadQ#c9W8g|zMh*3bK#`K#(s)v|$Zi0qYoEh$$vgd(`ZQsW8>qe*C+)iVx)hWwg)zdwrEa{_G%_ z68Tp`giRFXQ_-f#h=?wT!d?kWbu-nR(edIm3M}h0=65#1d;N)74v&nWsbc$;;htvro%w;%G@v${ z*xxkDfW&$JAAsQh1+d5t!cvf!{3_=ofw(Xpom#0t9iu(hPFsH83m4iS5Xy;ra{iP~ z?1`I{(IE{)wYI0 zp?Lro`tclyiF&K_MBTH9kbUsg=yu-maA!*_U*}`HPj-_Wbh&ke5YP9M2PwKR~+0n z`yU!zDyk)lFb4N<72OjB)L)J#F`fE*5><~{u0AZpb_3h}4U&GS>wU*FJ#yt)=4Y@a SkkiE(Bh1Lh;14qU=Klc8TJt&p diff --git a/.github/workflows/push-trigger.yml b/.github/workflows/push-trigger.yml index bead808..645719f 100644 --- a/.github/workflows/push-trigger.yml +++ b/.github/workflows/push-trigger.yml @@ -23,7 +23,7 @@ on: jobs: build-maven-imagedecoder: - uses: mosip/kattu/.github/workflows/maven-build.yml@master-java21 + uses: mosip/kattu/.github/workflows/maven-build.yml@mahesh-patch-1 with: SERVICE_LOCATION: imagedecoder BUILD_ARTIFACT: imagedecoder @@ -32,12 +32,13 @@ jobs: OSSRH_SECRET: ${{ secrets.OSSRH_SECRET }} OSSRH_TOKEN: ${{ secrets.OSSRH_TOKEN }} GPG_SECRET: ${{ secrets.GPG_SECRET }} + GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} publish_to_nexus: if: "${{ !contains(github.ref, 'master') && github.event_name != 'pull_request' && github.event_name != 'release' && github.event_name != 'prerelease' && github.event_name != 'publish' }}" needs: build-maven-imagedecoder - uses: mosip/kattu/.github/workflows/maven-publish-to-nexus.yml@master-java21 + uses: mosip/kattu/.github/workflows/maven-publish-to-nexus.yml@mahesh-patch-1 with: SERVICE_LOCATION: imagedecoder secrets: @@ -46,12 +47,13 @@ jobs: OSSRH_URL: ${{ secrets.OSSRH_CENTRAL_URL }} OSSRH_TOKEN: ${{ secrets.OSSRH_TOKEN }} GPG_SECRET: ${{ secrets.GPG_SECRET }} + GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} sonar_analysis: needs: build-maven-imagedecoder if: "${{ github.event_name != 'pull_request' }}" - uses: mosip/kattu/.github/workflows/maven-sonar-analysis.yml@master-java21 + uses: mosip/kattu/.github/workflows/maven-sonar-analysis.yml@mahesh-patch-1 with: SERVICE_LOCATION: imagedecoder PROJECT_KEY: 'mosip_imagedecoder' From 4b01a59920f2f10976dfa0324bbc76596a34e94c Mon Sep 17 00:00:00 2001 From: "Mahesh.Binayak" Date: Wed, 3 Jun 2026 12:52:03 +0530 Subject: [PATCH 2/2] [GPG migration] Add gpg-migration branch to push trigger Signed-off-by: Mahesh.Binayak Co-Authored-By: Claude Sonnet 4.6 --- .github/workflows/push-trigger.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/push-trigger.yml b/.github/workflows/push-trigger.yml index 645719f..bc2da2c 100644 --- a/.github/workflows/push-trigger.yml +++ b/.github/workflows/push-trigger.yml @@ -20,6 +20,7 @@ on: - 'master' - '1.*' - 'release*' + - 'gpg-migration' jobs: build-maven-imagedecoder: