Added artifact signing (#5)

Author: gmazzo

.github/workflows/build.yaml

@@ -31,6 +31,8 @@ jobs:
       - name: Validate Publish
         if: ${{ github.event_name == 'pull_request' }}
         env:
+          ORG_GRADLE_PROJECT_signingKey: ${{ secrets.SIGNING_KEY }}
+          ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.SIGNING_PASSWORD }}
           GRADLE_PUBLISH_KEY: ${{ secrets.GRADLE_PUBLISH_KEY }}
           GRADLE_PUBLISH_SECRET: ${{ secrets.GRADLE_PUBLISH_SECRET }}
         run: ./gradlew -s publishToMavenLocal :plugin:publishPlugins --validate-only

.github/workflows/release.yaml

@@ -23,6 +23,8 @@ jobs:
           gradle-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
       - name: Publish
         env:
+          ORG_GRADLE_PROJECT_signingKey: ${{ secrets.SIGNING_KEY }}
+          ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.SIGNING_PASSWORD }}
           GRADLE_PUBLISH_KEY: ${{ secrets.GRADLE_PUBLISH_KEY }}
           GRADLE_PUBLISH_SECRET: ${{ secrets.GRADLE_PUBLISH_SECRET }}
         run: ./gradlew -s publish

plugin/build.gradle.kts

@@ -4,6 +4,7 @@ plugins {
     alias(libs.plugins.gradle.pluginPublish)
     alias(libs.plugins.jacoco.testkit)
     alias(libs.plugins.publicationsReport)
+    signing
     groovy
 }
 
@@ -42,6 +43,15 @@ dependencies {
     testImplementation(gradleTestKit())
 }
 
+signing {
+    val signingKey: String? by project
+    val signingPassword: String? by project
+
+    useInMemoryPgpKeys(signingKey, signingPassword)
+    publishing.publications.configureEach(::sign)
+    tasks.withType<Sign>().configureEach { enabled = signingKey != null }
+}
+
 testing.suites.withType<JvmTestSuite> {
     useJUnitJupiter()
 }