triaging gpg signing

.github/workflows/maven-deploy.yml

@@ -21,16 +21,14 @@ jobs:
           server-username: OSSRH_USERNAME
           server-password: OSSRH_PASSWORD
           gpg-private-key: ${{ secrets.OSSRH_GPG_SECRET_KEY }}
-          # this sets the wrong variable in settings.xml needed for maven-gpg-plugin since 3.x.x
-          # instead you need to set passphraseEnvName in your pom.xml for now
-          # gpg-passphrase: OSSRH_GPG_SECRET_KEY_PASSWORD
-      - run: cat ~/.m2/settings.xml
       # helps identify build failures due to expired keys
       - run: gpg --list-secret-keys --keyid-format=long
       - run: mvn -B -ntp versions:set -DnewVersion=$(./version.sh)
       - run: mvn -B -ntp clean deploy
         env:
           OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }}
           OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
-#          OSSRH_GPG_SECRET_KEY_PASSWORD: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}
+          # this env var needs to be named 'MAVEN_GPG_PASSPHRASE'. if a different name is desired,
+          # it needs to be specified here and in the maven-gpg-plugin configuration variable 'passphraseEnvName'
+          # see issue: https://github.com/actions/setup-java/issues/668
           MAVEN_GPG_PASSPHRASE: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}

pom.xml

@@ -80,7 +80,6 @@
                 <version>3.2.4</version>
                 <configuration>
                     <bestPractices>true</bestPractices>
-<!--                    <passphraseEnvName>OSSRH_GPG_SECRET_KEY_PASSWORD</passphraseEnvName>-->
                 </configuration>
                 <executions>
                     <execution>