Before publishing a new release, ensure that the GPG signing key has not expired. This check is not automated in the build process.
To manually check the expiration date of the signing key:
-
Import the project signing key into your GPG keyring.
echo "<signing.key string from signing.enc.properties>" | base64 --decode | gpg --import
-
List the keys in your keyring to view expiration details.
gpg --list-keys
-
If the key is expired or nearing expiration, follow the instructions in the
signing.enc.propertiesfile to extend the key's expiration.
Once the changelog is ready, run the publish GitHub Actions workflow.