fix: flip order of tasks to use signing key first

.github/workflows/publish.yml

@@ -37,15 +37,15 @@ jobs:
           mkdir -p ~/.gradle/
           echo "${{secrets.OSSRH_GPG_SECRET_KEY}}" > ~/.gradle/secring.gpg.b64
           base64 -d ~/.gradle/secring.gpg.b64 > ~/.gradle/secring.gpg
+      - name: Publish package to Maven Central
+        # wraped the signing.password with single quotes as the password could contain special characters
+        run: ./gradlew publishToSonatype closeAndReleaseSonatypeStagingRepository -Psigning.keyId=${{secrets.OSSRH_GPG_SECRET_KEY_ID}} -Psigning.password='${{secrets.OSSRH_GPG_SECRET_KEY_PASSWORD}}' -Psigning.secretKeyRingFile=$(echo ~/.gradle/secring.gpg) --warn --stacktrace
+        env:
+          MAVEN_USERNAME: ${{secrets.OSSRH_USERNAME}}
+          MAVEN_PASSWORD: ${{secrets.OSSRH_PASSWORD}}
       - name: Publish to GitHub Packages
         uses: gradle/gradle-build-action@67421db6bd0bf253fb4bd25b31ebb98943c375e1
         with:
           arguments: publish
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - name: Publish package to Maven Central
-        # wraped the signing.password with single quotes as the password could contain special characters
-        run: ./gradlew publishToSonatype closeAndReleaseSonatypeStagingRepository -Psigning.keyId=${{secrets.OSSRH_GPG_SECRET_KEY_ID}} -Psigning.password='${{secrets.OSSRH_GPG_SECRET_KEY_PASSWORD}}' -Psigning.secretKeyRingFile=$(echo ~/.gradle/secring.gpg) --warn --stacktrace
-        env:
-          MAVEN_USERNAME: ${{secrets.OSSRH_USERNAME}}
-          MAVEN_PASSWORD: ${{secrets.OSSRH_PASSWORD}}