Updated publish.md with information about how to create and use a GPG key for publishing artifacts.

flemming-n-larsen · flemming-n-larsen · commit b5b420b799e2 · 2024-01-08T22:50:32.000+01:00
diff --git a/publish.md b/publish.md
@@ -1,10 +1,37 @@
 # Dev setup
 
-In order to publish new version to Maven repository
-You need GPG key.
+## Create GPG key
+
+Link: [GnuPG cheatsheet](https://devhints.io/gnupg)
+
+In order to publish new version/release of Robocode to the Maven repository you need GPG key.
+
+You can create it using this command:
+
+```shell
+gpg --default-new-key-algo rsa4096 --gen-key
+```
+
+You can export the public key to a file with this command:
+
+```shell
+gpg --export --armor --output public-key.pub
+```
+
+Next you need to upload your public key (is in the .pub file) to this server:
+http://keyserver.ubuntu.com:11371/
+
+Next, you need to export the secret keys to a file that must be located in your home directory:
+
+```shell
+gpg --keyring secring.gpg --export-secret-keys > [user-home-dir]/.gnupg/secring.gpg
+```
+
+Where `[user-home-dir]` is the home directory for your user account.
+
+You can list the secret keys with this command, to read out the last 8 digits of the secret GPG key:
 
 ```shell
-gpg --keyring secring.gpg --export-secret-keys > ~/.gnupg/secring.gpg
 gpg -K
 ```
 
@@ -18,7 +45,7 @@ ossrhUsername=<user-at-issues.sonatype.org>
 ossrhPassword=<password-at-issues.sonatype.org>
 ```
 
-# Just staging
+## Just staging
 
 Make sure you are running on Java 8 before running the following commands.
 
@@ -28,7 +55,7 @@ Make sure you are running on Java 8 before running the following commands.
 
 When you log in, you should be able to see the binaries uploaded to [staging Repository].
 
-# Release to public repos
+## Release to public repos
 
 ```shell
 ./gradlew publishToSonatype closeAndReleaseSonatypeStagingRepository
