From d72573c54131f0fd081b204dd1b2e6a1949b835b Mon Sep 17 00:00:00 2001
From: geobelsky <geobelsky@gmail.com>
Date: Fri, 6 Mar 2026 13:37:30 +0000
Subject: [PATCH] fix: force Maven signing with primary key id

Configure gpg signing to use the primary key id from secrets so Maven Central can resolve signatures consistently from public key servers.

Made-with: Cursor
---
 .github/workflows/publish-maven-central.yml | 1 +
 pom.xml                                     | 1 +
 2 files changed, 2 insertions(+)

diff --git a/.github/workflows/publish-maven-central.yml b/.github/workflows/publish-maven-central.yml
index febbabf..eba75fd 100644
--- a/.github/workflows/publish-maven-central.yml
+++ b/.github/workflows/publish-maven-central.yml
@@ -15,6 +15,7 @@ jobs:
       MAVEN_CENTRAL_USERNAME: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
       MAVEN_CENTRAL_PASSWORD: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}
       MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
+      MAVEN_GPG_KEY_ID: ${{ secrets.MAVEN_GPG_KEY_ID }}
     steps:
       - name: Checkout
         uses: actions/checkout@v4
diff --git a/pom.xml b/pom.xml
index 369464b..622adf5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -116,6 +116,7 @@
               <goal>sign</goal>
             </goals>
             <configuration>
+              <keyname>${env.MAVEN_GPG_KEY_ID}!</keyname>
               <gpgArguments>
                 <arg>--pinentry-mode</arg>
                 <arg>loopback</arg>