Fix gpg signing #292
Fix gpg signing #292
Conversation
| def keyFile = secretKeyRingFilePath ? Paths.get(secretKeyRingFilePath) : null | ||
| if (keyFile && Files.exists(keyFile) && !Files.isDirectory(keyFile)) { | ||
| def secretKey = new String(Files.readAllBytes(keyFile), "UTF-8") | ||
| useInMemoryPgpKeys(signingKeyId, secretKey, signingPassword) |
There was a problem hiding this comment.
use null value to make the parameter optional, e.g. user set the signing.keyId=, if use empty string here, it will report error like secret key not found, but if use the null value here, it will use the first secret key in the secret file
There was a problem hiding this comment.
I am assuming that the signing failed previously because we need to import the key into the actions runner's GPG keyring. It failed because no key was found on the keyring. Could we try the import as a setup step in the action instead of calling the useInMemoryPgpKeys? I think it just needs a gpg --import keyFile.gpg or something like that.
Have you tried using nektos/act for testing?
| def keyFile = secretKeyRingFilePath ? Paths.get(secretKeyRingFilePath) : null | ||
| if (keyFile && Files.exists(keyFile) && !Files.isDirectory(keyFile)) { | ||
| def secretKey = new String(Files.readAllBytes(keyFile), "UTF-8") | ||
| useInMemoryPgpKeys(signingKeyId, secretKey, signingPassword) |
There was a problem hiding this comment.
I am assuming that the signing failed previously because we need to import the key into the actions runner's GPG keyring. It failed because no key was found on the keyring. Could we try the import as a setup step in the action instead of calling the useInMemoryPgpKeys? I think it just needs a gpg --import keyFile.gpg or something like that.
Have you tried using nektos/act for testing?
The problem is that That's why I'm using
Good to know this, will try it in future, thanks |
|
@ZacBlanco Thanks for your comments, I found another way to cache the passphase which is simpler than this, so I'll close this one. |
useGpgCmd seems never work on both my machine and the action env, not sure why.
So replace it with
useInMemoryPgpKeyswithout using the gpg command, also added 2 checkings to avoid errors when running build/test in dev env(without the gradle.properties, or not set some of the signing related properties)Tested with https://github.com/unix280/tempto/actions/runs/13507065551
Signature can be found in my test repo https://m2.unidevel.cn/#/releases/io/prestodb/tempto/tempto-core/1.54