Automate the build of the RC jars

[pjfanning]

For this, the main stumbling block is getting an approved signing key from the ASF Infrastructure Team. We would need the signing key and its password to be set up as GitHub Application secrets that all the apache/pekko* repos have access to.

https://github.com/sbt/sbt-ci-release has good documentation and we could use that plugin. Ideally the base64 encoded key would be added as a secret in the format described by sbt-ci-release.

We already publish unsigned snapshot jars nightly to the ASF Nexus instance (repository.apache.org) and our workflows have access to GitHub secrets with a username and password for authentication on that instance.

      - name: Publish to Apache Maven repo
        env:
          NEXUS_USER: ${{ secrets.NEXUS_USER }}
          NEXUS_PW: ${{ secrets.NEXUS_PW }}
        run: sbt -Dsbt.repository.publish.attempts=10 +publish

For the signing key, ASF Infrastructure would probably create it and add the GitHub secrets. We should talk to them about the format of the encode key value so that it is in a format that we can use.
The public part of the key would need to be provided to us so that we can add it to https://dist.apache.org/repos/dist/release/pekko/KEYS and the copy of the KEYS file that we keep in this repo. It should also be added to a key server (https://infra.apache.org/release-signing.html#keyserver).

We could start by signing the snapshot jars that we build using GitHub actions and once this works, we can add a new GitHub workflow that:

• takes a git tag as input - eg v2.0.0-M1-RC1
• sets up the preferred Java version for the release
• checks out the code as at that tag point
• runs sbt +publishSigned and sbt "sonatypePrepare; sonatypeBundleUpload; sonatypeClose" to stage the release jars.
• this automates some of the steps in https://github.com/apache/pekko-site/wiki/Pekko-Release-Process

[raboof]

Yes, I'd like to pick this up.

[pjfanning]

Thanks @raboof - I extended the description to include the part of about how we need the public key so that we can update the KEYS file and it also needs to end up on a public Key Server.

[He-Pin]

The scala 3 is releasing with CI
scala/scala3#23887

[He-Pin]

refs: #188