Base64-decode PGP_SECRET before passing to Gradle (#7)

The PGP_SECRET repository secret is stored base64-encoded (matching
fgbio's convention), but Gradle's useInMemoryPgpKeys expects the raw
ASCII-armored key. Decode it in the workflow before invoking Gradle.

Author: tfenne

.github/workflows/release.yml

@@ -117,11 +117,13 @@ jobs:
           fi
 
       - name: Publish to Maven Central
-        run: ./gradlew publishToSonatype closeAndReleaseSonatypeStagingRepository
+        run: |
+          export PGP_SECRET=$(echo "$PGP_SECRET_B64" | base64 --decode)
+          ./gradlew publishToSonatype closeAndReleaseSonatypeStagingRepository
         env:
           SONATYPE_USER: ${{ secrets.SONATYPE_USER }}
           SONATYPE_PASS: ${{ secrets.SONATYPE_PASS }}
-          PGP_SECRET: ${{ secrets.PGP_SECRET }}
+          PGP_SECRET_B64: ${{ secrets.PGP_SECRET }}
           PGP_PASSPHRASE: ${{ secrets.PGP_PASSPHRASE }}
 
       - name: Upload release JAR