Create a GPG key with gpg --gen-key, and export it with gpg --keyring secring.gpg --export-secret-keys > ~/.gnupg/secring.gpg. Be sure to publish it with gpg --keyserver keyserver.ubuntu.com --send-keys <your-key-id>. See also the information in the Gradle docs.
Create an user token for your Nexus account on https://s01.oss.sonatype.org/ (in your profile) to use as sonatypeUsername and sonatypePassword.
Configure your ~/.gradle/gradle.properties:
signing.keyId=<last-8-chars>
signing.password=<private-key-password>
signing.secretKeyRingFile=<path-of-your-secring>
sonatypeUsername=<user-token-name>
sonatypePassword=<user-token-password>To run the pipeline from Github, export your GPG key with gpg --export-secret-keys --armor <keyid> | tee <keyid>.asc and set the following environment variables:
ORG_GRADLE_PROJECT_signingKeyId=<last-8-chars>
ORG_GRADLE_PROJECT_signingKey=<ascii-armored-key>
ORG_GRADLE_PROJECT_signingPassword=<private-key-password>
ORG_GRADLE_PROJECT_sonatypeUsername=<user-token-name>
ORG_GRADLE_PROJECT_sonatypePassword=<user-token-password>Actually, these environment variables are read from the repository secrets configured on Github.
Publish with:
./gradlew clean publishToSonatypeTo also release the artifacts to Maven Central run:
./gradlew clean publishToSonatype closeAndReleaseSonatypeStagingRepository