Thanks a lot for this step-by-step instruction!

It's worth to mention there is an alternative way to base64-ing your private key and echoing it to file-system. Gradle signing plugin may use an in-memory ascii-armored (like safe-encoded to transfer as a text) key that you explicitly configure in `signing` closure. The key than is put as a secret and exported as an ENV.

To get such key you run the pgp executable like this:

gpg --export-secret-keys --armor AABBCCDD > AABBCCDD.asc

Then you get the key in a transfer-safe way:

-----BEGIN PGP PRIVATE KEY BLOCK-----
--== The key sequence itself ==--
-----END PGP PRIVATE KEY BLOCK-----

which could be directly copy-pasted as a secret variable

Then configure signing to use in-memory keys:

signing {
    useInMemoryPgpKeys(signingKey, signingPassword)
    sign publishing.publications
}

To be able to build locally the armored key may be “escaped” to put inside your local.properties (line-breaks transformed):

signingKey=-----BEGIN PGP PRIVATE KEY BLOCK-----\n\nescaped key\n-----END PGP PRIVATE KEY BLOCK-----\n
signingPassword=pass
ossrhUsername=user
ossrhPassword=pass

Bonus: thus you have all your signing/publishing credentials in one portable file.

Take a look at complete build scripts here. The publishing is made based on your solution.