Use inmemory to sign gpg

.github/workflows/gradle.yml

@@ -69,6 +69,10 @@ jobs:
     - name: Upload Snapshot
       uses: gradle/actions/setup-gradle@v3
       if: success() && endsWith(env.VERSION_NAME, '-SNAPSHOT')
+      env:
+        OSSRH_GPG_SECRET_KEY_PASSWORD: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}
+        OSSRH_GPG_SECRET_KEY_ID: ${{ secrets.OSSRH_GPG_SECRET_KEY_ID }}
+        OSSRH_GPG_SECRET_KEY: ${{ secrets.OSSRH_GPG_SECRET_KEY }}
       with:
         arguments: |
           --no-configuration-cache

convention-plugins/src/main/kotlin/com/addhen/gradle/convention/MavenPublish.kt

@@ -55,7 +55,11 @@ fun Project.configureMavenPublish() {
 
     signing {
       if (project.hasProperty("signing.gnupg.keyName")) {
-        useGpgCmd()
+        useInMemoryPgpKeys(
+          System.getenv("OSSRH_GPG_SECRET_KEY_ID"),
+          System.getenv("OSSRH_GPG_SECRET_KEY"),
+          System.getenv("OSSRH_GPG_SECRET_KEY_PASSWORD"),
+        )
         sign(publishing.publications)
       }
     }