Unable to decrypt gpg passphrase with org.apache.maven.plugins:maven-gpg-plugin:3.0.1:sign
Question
Introduction
Currently, I'm trying to contribute on a GitHub Action that automatically publishes a java library. The branch where I'm developing: https://github.com/MathieuSoysal/Java-maven-library-publisher/tree/2-add-automated-tests
The yaml code of the Action :
name: Java maven library publisher
author: "Mathieu Soysal (@MathieuSoysal)"
description: "Build automatically Java Maven library and publish it to GitHub Packages and Maven Central."
branding:
icon: "package"
color: "gray-dark"
inputs:
nexus-username:
description: "Nexus username"
required: true
nexus-password:
description: "Nexus password"
required: true
gpg-private-key:
description: "GPG private key"
required: true
gpg-passphrase:
description: "GPG passphrase"
required: true
github-token:
description: "GitHub token"
required: true
# Java version to use
java-version:
description: "Java version to use"
required: true
default: "17"
# Library version
library-version:
description: "Library version"
required: false
default: ""
runs:
using: "composite"
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Set up JDK 17 for deploy to OSSRH
uses: actions/setup-java@v3
with:
distribution: "adopt"
java-version: ${{ inputs.java-version }}
server-id: ossrh
server-username: ${{ inputs.nexus-username }}
server-password: ${{ inputs.nexus-password }}
gpg-private-key: ${{ inputs.gpg-private-key }}
gpg-passphrase: ${{ inputs.gpg-passphrase }}
- name: Build with Maven
run: mvn -B package --file pom.xml
shell: bash
- name: Update package version
if: ${{ inputs.library-version != '' }}
run: mvn versions:set -DnewVersion=${{ inputs.library-version }}
shell: bash
- name: Prepare Maven environnement with Java 17 for deployment to OSSRH
run: export MAVEN_OPTS="--add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.lang.reflect=ALL-UNNAMED --add-opens=java.base/java.text=ALL-UNNAMED --add-opens=java.desktop/java.awt.font=ALL-UNNAMED"
shell: bash
- name: Publish to Apache Maven Central
run: mvn deploy -PossrhDeploy
shell: bash
env:
MAVEN_USERNAME: ${{ inputs.nexus-username }}
MAVEN_CENTRAL_TOKEN: ${{ inputs.nexus-password }}
MAVEN_GPG_PASSPHRASE: ${{ inputs.gpg-passphrase }}
- name: Set up JDK 17 for deploy to github packages
uses: actions/setup-java@v3
with:
distribution: "adopt"
java-version: ${{ inputs.java-version }}
server-id: github
- name: Publish to GitHub Packages Apache Maven
run: mvn deploy -PgithubDeploy
shell: bash
env:
GITHUB_TOKEN: ${{ inputs.github-token }}
link to the code: https://github.com/MathieuSoysal/Java-maven-library-publisher/blob/2-add-automated-tests/action.yaml
The workflow that execute the Action :
name: Test Actions
on: [push]
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Maven Library build and publish
uses: ./
with:
nexus-username: ${{ secrets.NEXUS_USERNAME }}
nexus-password: ${{ secrets.NEXUS_PASSWORD }}
gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }}
library-version: $GITHUB_RUN_NUMBER
github-token: ${{ secrets.GITHUB_TOKEN }}
java-version: 17
Link to the code: https://github.com/MathieuSoysal/Java-maven-library-publisher/blob/2-add-automated-tests/.github/workflows/test-action.yml
Problem
When i'm trying to execute the action I obtain this error:
[INFO] Building jar: /home/runner/work/Java-maven-library-publisher/Java-maven-library-publisher/target/template-6-javadoc.jar
[INFO]
[INFO] --- maven-gpg-plugin:3.0.1:sign (sign-artifacts) @ template ---
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 14.831 s
[INFO] Finished at: 2022-12-24T15:58:31Z
[INFO] ------------------------------------------------------------------------
Error: Failed to execute goal org.apache.maven.plugins:maven-gpg-plugin:3.0.1:sign (sign-artifacts) on project template: Unable to decrypt gpg passphrase: org.sonatype.plexus.components.sec.dispatcher.SecDispatcherException: java.io.FileNotFoundException: /home/runner/.m2/settings-security.xml (No such file or directory) -> [Help 1]
Error:
Error: To see the full stack trace of the errors, re-run Maven with the -e switch.
Error: Re-run Maven using the -X switch to enable full debug logging.
Error:
Error: For more information about the errors and possible solutions, please read the following articles:
Error: [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
Error: Process completed with exit code 1.
Question
Someone know how we can fix this Failed to execute goal org.apache.maven.plugins:maven-gpg-plugin:3.0.1:sign for actions/setup-java@v3 ?
2 answers
solution1
1 ACCPTED 2022-12-28 11:54:46
Problem
Your problem is due to the fact that you have not use your env var for your gpg password, Maven password and maven username in your setup-jave .
Solution to your problem
To fix your problem you to fix your setup-java configuration like that:
- name: Set up JDK 17 for deploy to OSSRH
uses: actions/setup-java@v3
with:
distribution: "adopt"
java-version: ${{ inputs.java-version }}
server-id: ossrh
server-username: MAVEN_USERNAME
server-password: MAVEN_PASSWORD
gpg-private-key: ${{ inputs.gpg-private-key }}
gpg-passphrase: MAVEN_GPG_PASSPHRASE
solution2
0 2022-12-27 07:50:15
Check if this is similar to actions/setup-java issue 91
gpgPassphraseshould be the name of the env var that is going to contain the GPG passphrase and in the release/deploy stages you need to include that formerly mentioned env var in the env section, and set its value (in your case thesecrets.MAVEN_GPG_PASSPHRASE).This is indeed a confusing way to configure this action
Note: the same thread includes:
<configuration>
<!-- Prevent gpg from using pinentry programs -->
<gpgArguments>
<arg>--pinentry-mode</arg>
<arg>loopback</arg>
</gpgArguments>
</configuration>
This configuration seems no longer necessary on maven-gpg-plugin 3.0.1. ( https://issues.apache.org/jira/browse/MGPG-59 )
Double-check your gpg version.
solution3
0 2022-12-27 20:55:41
This error is occurring because the Maven GPG Plugin is trying to sign the artifacts in your project, but it is unable to decrypt the GPG passphrase. This is typically because the passphrase is stored in a file called settings-security.xml in your.m2 directory, but that file does not exist.
There are a few possible solutions to this problem:
Create the settings-security.xml file and provide the necessary GPG passphrase. You can do this by adding a element to your settings.xml file that includes the element with the GPG passphrase. For example:
<settings>
<servers>
<server>
<id>your-gpg-server-id</id>
<passphrase>your-gpg-passphrase</passphrase>
</server>
</servers>
</settings>
If you do not want to sign the artifacts with GPG, you can disable the Maven GPG Plugin by adding the following configuration to your pom.xml file:
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<executions>
<execution>
<id>sign-artifacts</id>
<goals>
<goal>sign</goal>
</goals>
<configuration>
<skip>true</skip>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
If you want to continue signing the artifacts with GPG, but do not want to store the passphrase in a file, you can configure the Maven GPG Plugin to prompt you for the passphrase when it is needed. To do this, add the following configuration to your pom.xml file:
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<configuration>
<useAgent>true</useAgent>
</configuration>
</plugin>
</plugins>
</build>
This will use the GPG agent to prompt you for the passphrase when it is needed. Make sure that the GPG agent is running and that you have the necessary private keys configured.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.