skip to Main Content

Introduction

Currently, I’m trying to contribute on a GitHub Action that automatically publishes a java library.
The branch where I’m developing: https://github.com/MathieuSoysal/Java-maven-library-publisher/tree/2-add-automated-tests

The yaml code of the Action :

name: Java maven library publisher
author: "Mathieu Soysal (@MathieuSoysal)"
description: "Build automatically Java Maven library and publish it to GitHub Packages and Maven Central."
branding:
  icon: "package"
  color: "gray-dark"

inputs:
  nexus-username:
    description: "Nexus username"
    required: true
  nexus-password:
    description: "Nexus password"
    required: true
  gpg-private-key:
    description: "GPG private key"
    required: true
  gpg-passphrase:
    description: "GPG passphrase"
    required: true
  github-token:
    description: "GitHub token"
    required: true
  # Java version to use
  java-version:
    description: "Java version to use"
    required: true
    default: "17"
  # Library version
  library-version:
    description: "Library version"
    required: false
    default: ""

runs:
  using: "composite"

  steps:
    - name: Checkout
      uses: actions/checkout@v3

    - name: Set up JDK 17 for deploy to OSSRH
      uses: actions/setup-java@v3
      with:
        distribution: "adopt"
        java-version: ${{ inputs.java-version }}
        server-id: ossrh
        server-username: ${{ inputs.nexus-username }}
        server-password: ${{ inputs.nexus-password }}
        gpg-private-key: ${{ inputs.gpg-private-key }}
        gpg-passphrase: ${{ inputs.gpg-passphrase }}

    - name: Build with Maven
      run: mvn -B package --file pom.xml
      shell: bash

    - name: Update package version
      if: ${{ inputs.library-version != '' }}
      run: mvn versions:set -DnewVersion=${{ inputs.library-version }}
      shell: bash

    - name: Prepare Maven environnement with Java 17 for deployment to OSSRH
      run: export MAVEN_OPTS="--add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.lang.reflect=ALL-UNNAMED --add-opens=java.base/java.text=ALL-UNNAMED --add-opens=java.desktop/java.awt.font=ALL-UNNAMED"
      shell: bash

    - name: Publish to Apache Maven Central
      run: mvn deploy -PossrhDeploy
      shell: bash
      env:
        MAVEN_USERNAME: ${{ inputs.nexus-username }}
        MAVEN_CENTRAL_TOKEN: ${{ inputs.nexus-password }}
        MAVEN_GPG_PASSPHRASE: ${{ inputs.gpg-passphrase }}

    - name: Set up JDK 17 for deploy to github packages
      uses: actions/setup-java@v3
      with:
        distribution: "adopt"
        java-version: ${{ inputs.java-version }}
        server-id: github

    - name: Publish to GitHub Packages Apache Maven
      run: mvn deploy -PgithubDeploy
      shell: bash
      env:
        GITHUB_TOKEN: ${{ inputs.github-token }}

link to the code: https://github.com/MathieuSoysal/Java-maven-library-publisher/blob/2-add-automated-tests/action.yaml

The workflow that execute the Action:

name: Test Actions

on: [push]

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3

      - name: Maven Library build and publish
        uses: ./
        with:
          nexus-username: ${{ secrets.NEXUS_USERNAME }}
          nexus-password: ${{ secrets.NEXUS_PASSWORD }}
          gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
          gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }}
          library-version: $GITHUB_RUN_NUMBER
          github-token: ${{ secrets.GITHUB_TOKEN }}
          java-version: 17

Link to the code: https://github.com/MathieuSoysal/Java-maven-library-publisher/blob/2-add-automated-tests/.github/workflows/test-action.yml

Problem

When i’m trying to execute the action I obtain this error:

Getting action download info
Download action repository 'actions/setup-java@v3' (SHA:c3ac5dd0ed8db40fedb61c32fbe677e6b355e94c)
Run ./
Run actions/checkout@v3
Syncing repository: ***/Java-maven-library-publisher
Getting Git version info
Temporarily overriding HOME='/home/runner/work/_temp/45376e45-02aa-4aa5-b536-5f744f7e10d3' before making global git config changes
Adding repository directory to the temporary git global config as a safe directory
/usr/bin/git config --global --add safe.directory /home/runner/work/Java-maven-library-publisher/Java-maven-library-publisher
/usr/bin/git config --local --get remote.origin.url
https://github.com/***/Java-maven-library-publisher
Removing previously created refs, to avoid conflicts
Cleaning the repository
Disabling automatic garbage collection
Setting up auth
Fetching the repository
Determining the checkout info
Checking out the ref
/usr/bin/git log -1 --format='%H'
'0e8da131bf626b218ddccbd08a661c7921dfb8da'
Run actions/setup-java@v3
Installed distributions
Creating settings.xml with server-id: ossrh
Writing to /home/runner/.m2/settings.xml
Importing private gpg key
Error: The process '/usr/bin/gpg' failed with exit code 2

Question

Someone know how we can fix this The process '/usr/bin/gpg' failed with exit code 2 for actions/setup-java@v3 ?

3

Answers


  1. GPG is asking whether you want to continue on with the encryption using an unsigned key. There for the issue is with the signing. In usage from terminal adding these switches would be sufficient:
    --yes and --always-trust

    In our case though, you might want to try adding it as env variable like so:

    env:
        GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
    
    Login or Signup to reply.
  2. actions/setup-java is tricky here:

    gpg-passphrase: description: 'Environment variable name for the GPG private key passphrase. Default is GPG_PASSPHRASE.
    

    So it’s not actual passphrase, it’s env var name that holds it. Very counter intuitive IMO.

    So you need to remove this

    gpg-passphrase: ${{ inputs.gpg-passphrase }}
    

    and add this

    env:
        GPG_PASSPHRASE: ${{ inputs.gpg-passphrase }}
    
    Login or Signup to reply.
  3. Can you make sure GPG private key is in the correct format. The key should be in the ASCII Armored format, which can be done by running the following command:

    gpg --armor --export-secret-keys <key_id> > gpg_key.asc
    

    Once the key is in the correct format, add it as an input variable in the Action and pass it to the action in the workflow.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search