SIGNING.md - third_party/github/pinterest/ktlint - Git at Google

 Release artifacts are signed. This is handled by the GitHub workflow.

 To test the creation of signed artifacts on the local machine, follow steps below:

 * Change property `VERSION_NAME` in `gradle.properties` so that it does not end with `-SNAPSHOT`. Whenever the version ends with `-SNAPSHOT`, the artifacts are never signed. Make sure that this change is not committed.
 * Use [GPG](https://infra.apache.org/openpgp.html#key-gen-generate-key) to generate a key. Maven requires a RSA key of at least 4096 bits. Most likely it does not matter for local publication whether this is used. Execute command:
   ```
   gpg --full-gen-key
   ```
   * Please select what kind of key you want: 1) RSA - RSA
   * What keysize do you want? 4096
   * Key is valid for? 0 (does not expire)
   * Real-name: ktlint-test
   * Email address: ktlint-test@nowhere.com
   * Comment: Test signing of ktlint artifacts on local machine only
   * Passphrase: i-will-try-no-to-forget-this-passphrase
   * The output ends with something like
   ```text
   pub   rsa4096 2023-10-08 [SC]
         5B0ABB03277D2FEB46FE7E8E22D6006063A5D3C3
   uid                      ktlint-test (Test signing of ktlint artifacts on local machine only) <ktlint-test@nowhere.com>
   sub   rsa4096 2023-10-08 [E]
   ```
 * Execute all commands below in the same terminal
   ```shell
   export ORG_GRADLE_PROJECT_signingInMemoryKeyId="63A5D3C3" # Last 8 characters of full id of the public key generated by gpg command above
   export ORG_GRADLE_PROJECT_signingInMemoryKeyPassword="i-will-try-no-to-forget-this-passphrase"
   # Command below will export the armored GPG signing key and store it in an environment variable. Note that this command will ask for the password (see ORG_GRADLE_PROJECT_signingKeyPassword).
   export ORG_GRADLE_PROJECT_signingInMemoryKey="$(gpg --export-secret-keys --armor $ORG_GRADLE_PROJECT_signingInMemoryKeyId | tail -r | tail -n +3 | tail -r | tail -n +3 | tr -d '\n')"
   ```
 * Execute the Gradle publication (this can not be combined with the export statements above because of the manual input of the passphrase)
   ```
   ./gradlew publishToMavenLocal
   ```
	Release artifacts are signed. This is handled by the GitHub workflow.

	To test the creation of signed artifacts on the local machine, follow steps below:

	* Change property `VERSION_NAME` in `gradle.properties` so that it does not end with `-SNAPSHOT`. Whenever the version ends with `-SNAPSHOT`, the artifacts are never signed. Make sure that this change is not committed.
	* Use [GPG](https://infra.apache.org/openpgp.html#key-gen-generate-key) to generate a key. Maven requires a RSA key of at least 4096 bits. Most likely it does not matter for local publication whether this is used. Execute command:
	```
	gpg --full-gen-key
	```
	* Please select what kind of key you want: 1) RSA - RSA
	* What keysize do you want? 4096
	* Key is valid for? 0 (does not expire)
	* Real-name: ktlint-test
	* Email address: ktlint-test@nowhere.com
	* Comment: Test signing of ktlint artifacts on local machine only
	* Passphrase: i-will-try-no-to-forget-this-passphrase
	* The output ends with something like
	```text
	pub rsa4096 2023-10-08 [SC]
	5B0ABB03277D2FEB46FE7E8E22D6006063A5D3C3
	uid ktlint-test (Test signing of ktlint artifacts on local machine only) <ktlint-test@nowhere.com>
	sub rsa4096 2023-10-08 [E]
	```
	* Execute all commands below in the same terminal
	```shell
	export ORG_GRADLE_PROJECT_signingInMemoryKeyId="63A5D3C3" # Last 8 characters of full id of the public key generated by gpg command above
	export ORG_GRADLE_PROJECT_signingInMemoryKeyPassword="i-will-try-no-to-forget-this-passphrase"
	# Command below will export the armored GPG signing key and store it in an environment variable. Note that this command will ask for the password (see ORG_GRADLE_PROJECT_signingKeyPassword).
	export ORG_GRADLE_PROJECT_signingInMemoryKey="$(gpg --export-secret-keys --armor $ORG_GRADLE_PROJECT_signingInMemoryKeyId \| tail -r \| tail -n +3 \| tail -r \| tail -n +3 \| tr -d '\n')"
	```
	* Execute the Gradle publication (this can not be combined with the export statements above because of the manual input of the passphrase)
	```
	./gradlew publishToMavenLocal
	```