Revised GPG import stuff to try to workaround pinentry issues

Author: djspiewak

Diff for: .github/workflows/ci.yml

@@ -101,15 +101,11 @@ jobs:
             ~/Library/Caches/Coursier/v1
           key: ${{ runner.os }}-sbt-cache-v2-${{ hashFiles('**/*.sbt') }}-${{ hashFiles('project/build.properties') }}
 
-      - name: Export GPG_TTY
-        run: echo "GPG_TTY=$(tty)" >> $GITHUB_ENV
-
       - name: Import signing key
-        run: echo $PGP_SECRET | base64 -d | gpg --import
-
-      - name: Hack pinentry to use PGP_PASSPHRASE
         env:
           PGP_PASSPHRASE: ${{ secrets.PGP_PASSPHRASE }}
-        run: echo "$PGP_PASSPHRASE" | gpg --batch --yes --passphrase-fd 0 build.sbt &> /dev/null
+        run: |
+          echo "$PGP_SECRET" | base64 -d > /tmp/signing-key.gpg
+          echo "$PGP_PASSPHRASE" | gpg --pinentry-mode loopback --passphrase-fd 0 --import /tmp/signing-key.gpg
 
       - run: sbt ++${{ matrix.scala }} release

Diff for: build.sbt

@@ -79,14 +79,13 @@ ThisBuild / spiewakMainBranches := Seq("main")
 ThisBuild / githubWorkflowArtifactUpload := false
 
 // we can remove this once we have a non-password-protected key in the secrets
-ThisBuild / githubWorkflowPublishPreamble :=
-  WorkflowStep.ComputeVar("GPG_TTY", "tty") +: (ThisBuild / githubWorkflowPublishPreamble).value
-
-ThisBuild / githubWorkflowPublishPreamble +=
+ThisBuild / githubWorkflowPublishPreamble := Seq(
   WorkflowStep.Run(
-    List("echo \"$PGP_PASSPHRASE\" | gpg --batch --yes --passphrase-fd 0 build.sbt &> /dev/null"),
-    name = Some("Hack pinentry to use PGP_PASSPHRASE"),
-    env = Map("PGP_PASSPHRASE" -> "${{ secrets.PGP_PASSPHRASE }}"))
+    List(
+      "echo \"$PGP_SECRET\" | base64 -d > /tmp/signing-key.gpg",
+      "echo \"$PGP_PASSPHRASE\" | gpg --pinentry-mode loopback --passphrase-fd 0 --import /tmp/signing-key.gpg"),
+    name = Some("Import signing key"),
+    env = Map("PGP_PASSPHRASE" -> "${{ secrets.PGP_PASSPHRASE }}")))
 
 // environments