GH-257 updating to adhere to the latest recommended configuration for GPG signing (#261)

see the related issue #257

see the related docs PR actions/setup-java#608

Author: francoisledroff

.github/workflows/maven-snapshot.yml

@@ -14,14 +14,6 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v6
 
-      - name: Import GPG key
-        env:
-          GPG_SECRET_KEYS: ${{ secrets.GPG_SECRET_KEYS }}
-          GPG_OWNERTRUST: ${{ secrets.GPG_OWNERTRUST }}
-        run: |
-          echo $GPG_SECRET_KEYS | base64 --decode | gpg --import --no-tty --batch --yes
-          echo $GPG_OWNERTRUST | base64 --decode | gpg --import-ownertrust --no-tty --batch --yes
-
       - name: Setup JDK
         uses: actions/setup-java@v5
         with:
@@ -31,27 +23,28 @@ jobs:
           server-id: central
           server-username: MAVEN_USERNAME
           server-password: MAVEN_CENTRAL_TOKEN
-          gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
-          gpg-passphrase: MAVEN_GPG_PASSPHRASE
 
       - name: AEM6.5 Build
-        run: mvn clean deploy -DskipTests -Paem65deps,aem65,release
+        run: mvn clean deploy -DskipTests -Paem65deps,aem65,release -Dgpg.signer=bc
         env:
           MAVEN_USERNAME: ${{ secrets.AIO_MAVEN_USER_NAME }}
           MAVEN_CENTRAL_TOKEN: ${{ secrets.AIO_MAVEN_TOKEN }}
           MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+          MAVEN_GPG_KEY: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
 
       - name: AEMaaCS Build
-        run: mvn clean deploy -PaemaacsDeps,aemaacs,release,attach-javadoc,attach-source
+        run: mvn clean deploy -PaemaacsDeps,aemaacs,release,attach-javadoc,attach-source -Dgpg.signer=bc
         env:
           MAVEN_USERNAME: ${{ secrets.AIO_MAVEN_USER_NAME }}
           MAVEN_CENTRAL_TOKEN: ${{ secrets.AIO_MAVEN_TOKEN }}
           MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+          MAVEN_GPG_KEY: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
 
       - name: Main Build
-        run: mvn clean deploy -DskipTests -Prelease
+        run: mvn clean deploy -DskipTests -Prelease -Dgpg.signer=bc
         env:
           MAVEN_USERNAME: ${{ secrets.AIO_MAVEN_USER_NAME }}
           MAVEN_CENTRAL_TOKEN: ${{ secrets.AIO_MAVEN_TOKEN }}
           MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+          MAVEN_GPG_KEY: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
 

.mvn/settings.xml

@@ -19,18 +19,6 @@
 -->
 <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
     <interactiveMode>false</interactiveMode>
-    <profiles>
-        <profile>
-            <id>signing</id>
-            <activation>
-                <activeByDefault>true</activeByDefault>
-            </activation>
-            <properties>
-                <gpg.executable>gpg</gpg.executable>
-                <gpg.passphrase>${env.MAVEN_GPG_PASSPHRASE}</gpg.passphrase>
-            </properties>
-        </profile>
-    </profiles>
     <servers>
         <server>
             <id>central</id>

pom.xml

@@ -565,13 +565,6 @@
           <plugin>
             <groupId>org.apache.maven.plugins</groupId>
             <artifactId>maven-gpg-plugin</artifactId>
-            <!-- Prevent gpg from using pinentry programs -->
-            <configuration>
-              <gpgArguments>
-                <arg>--pinentry-mode</arg>
-                <arg>loopback</arg>
-              </gpgArguments>
-            </configuration>
             <executions>
               <execution>
                 <id>sign-artifacts</id>