Home > Enterprise >  Unable to decrypt gpg passphrase with org.apache.maven.plugins:maven-gpg-plugin:3.0.1:sign
Unable to decrypt gpg passphrase with org.apache.maven.plugins:maven-gpg-plugin:3.0.1:sign

Time:12-29

Introduction

Currently, I'm trying to contribute on a GitHub Action that automatically publishes a java library. The branch where I'm developing: https://github.com/MathieuSoysal/Java-maven-library-publisher/tree/2-add-automated-tests

The yaml code of the Action :

name: Java maven library publisher
author: "Mathieu Soysal (@MathieuSoysal)"
description: "Build automatically Java Maven library and publish it to GitHub Packages and Maven Central."
branding:
  icon: "package"
  color: "gray-dark"

inputs:
  nexus-username:
    description: "Nexus username"
    required: true
  nexus-password:
    description: "Nexus password"
    required: true
  gpg-private-key:
    description: "GPG private key"
    required: true
  gpg-passphrase:
    description: "GPG passphrase"
    required: true
  github-token:
    description: "GitHub token"
    required: true
  # Java version to use
  java-version:
    description: "Java version to use"
    required: true
    default: "17"
  # Library version
  library-version:
    description: "Library version"
    required: false
    default: ""

runs:
  using: "composite"

  steps:
    - name: Checkout
      uses: actions/checkout@v3

    - name: Set up JDK 17 for deploy to OSSRH
      uses: actions/setup-java@v3
      with:
        distribution: "adopt"
        java-version: ${{ inputs.java-version }}
        server-id: ossrh
        server-username: ${{ inputs.nexus-username }}
        server-password: ${{ inputs.nexus-password }}
        gpg-private-key: ${{ inputs.gpg-private-key }}
        gpg-passphrase: ${{ inputs.gpg-passphrase }}

    - name: Build with Maven
      run: mvn -B package --file pom.xml
      shell: bash

    - name: Update package version
      if: ${{ inputs.library-version != '' }}
      run: mvn versions:set -DnewVersion=${{ inputs.library-version }}
      shell: bash

    - name: Prepare Maven environnement with Java 17 for deployment to OSSRH
      run: export MAVEN_OPTS="--add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.lang.reflect=ALL-UNNAMED --add-opens=java.base/java.text=ALL-UNNAMED --add-opens=java.desktop/java.awt.font=ALL-UNNAMED"
      shell: bash

    - name: Publish to Apache Maven Central
      run: mvn deploy -PossrhDeploy
      shell: bash
      env:
        MAVEN_USERNAME: ${{ inputs.nexus-username }}
        MAVEN_CENTRAL_TOKEN: ${{ inputs.nexus-password }}
        MAVEN_GPG_PASSPHRASE: ${{ inputs.gpg-passphrase }}

    - name: Set up JDK 17 for deploy to github packages
      uses: actions/setup-java@v3
      with:
        distribution: "adopt"
        java-version: ${{ inputs.java-version }}
        server-id: github

    - name: Publish to GitHub Packages Apache Maven
      run: mvn deploy -PgithubDeploy
      shell: bash
      env:
        GITHUB_TOKEN: ${{ inputs.github-token }}

link to the code: https://github.com/MathieuSoysal/Java-maven-library-publisher/blob/2-add-automated-tests/action.yaml

The workflow that execute the Action:

name: Test Actions

on: [push]

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3

      - name: Maven Library build and publish
        uses: ./
        with:
          nexus-username: ${{ secrets.NEXUS_USERNAME }}
          nexus-password: ${{ secrets.NEXUS_PASSWORD }}
          gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
          gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }}
          library-version: $GITHUB_RUN_NUMBER
          github-token: ${{ secrets.GITHUB_TOKEN }}
          java-version: 17

Link to the code: https://github.com/MathieuSoysal/Java-maven-library-publisher/blob/2-add-automated-tests/.github/workflows/test-action.yml

Problem

When i'm trying to execute the action I obtain this error:

[INFO] Building jar: /home/runner/work/Java-maven-library-publisher/Java-maven-library-publisher/target/template-6-javadoc.jar
[INFO] 
[INFO] --- maven-gpg-plugin:3.0.1:sign (sign-artifacts) @ template ---
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  14.831 s
[INFO] Finished at: 2022-12-24T15:58:31Z
[INFO] ------------------------------------------------------------------------
Error:  Failed to execute goal org.apache.maven.plugins:maven-gpg-plugin:3.0.1:sign (sign-artifacts) on project template: Unable to decrypt gpg passphrase: org.sonatype.plexus.components.sec.dispatcher.SecDispatcherException: java.io.FileNotFoundException: /home/runner/.m2/settings-security.xml (No such file or directory) -> [Help 1]
Error:  
Error:  To see the full stack trace of the errors, re-run Maven with the -e switch.
Error:  Re-run Maven using the -X switch to enable full debug logging.
Error:  
Error:  For more information about the errors and possible solutions, please read the following articles:
Error:  [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
Error: Process completed with exit code 1.

Question

Someone know how we can fix this Failed to execute goal org.apache.maven.plugins:maven-gpg-plugin:3.0.1:sign for actions/setup-java@v3 ?

CodePudding user response:

Problem

Your problem is due to the fact that you have not use your env var for your gpg password, Maven password and maven username in your setup-jave.

Solution to your problem

To fix your problem you to fix your setup-java configuration like that :

    - name: Set up JDK 17 for deploy to OSSRH
      uses: actions/setup-java@v3
      with:
        distribution: "adopt"
        java-version: ${{ inputs.java-version }}
        server-id: ossrh
        server-username: MAVEN_USERNAME
        server-password: MAVEN_PASSWORD
        gpg-private-key: ${{ inputs.gpg-private-key }}
        gpg-passphrase: MAVEN_GPG_PASSPHRASE

CodePudding user response:

Check if this is similar to actions/setup-java issue 91

gpgPassphrase should be the name of the env var that is going to contain the GPG passphrase and in the release/deploy stages you need to include that formerly mentioned env var in the env section, and set its value (in your case the secrets.MAVEN_GPG_PASSPHRASE).

This is indeed a confusing way to configure this action

Note: the same thread includes:

            <configuration>
              <!-- Prevent gpg from using pinentry programs -->
              <gpgArguments>
                <arg>--pinentry-mode</arg>
                <arg>loopback</arg>
              </gpgArguments>
            </configuration>

This configuration seems no longer necessary on maven-gpg-plugin 3.0.1. (https://issues.apache.org/jira/browse/MGPG-59)

Double-check your gpg version.

  • Related