Search code examples
githubgnupggithub-actionsmaven-deploy-plugin

How to use GPG key in github actions?


I am trying to do a maven deploy via GitHub actions and i am getting the below error:-

gpg: directory '/home/runner/.gnupg' created
gpg: keybox '/home/runner/.gnupg/pubring.kbx' created
gpg: no default secret key: No secret key
gpg: signing failed: No secret key
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  13.272 s
[INFO] Finished at: 2020-04-06T12:18:44Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-gpg-plugin:1.5:sign (sign-artifacts) on project pretty-simple-jar: Exit code: 2 -> [Help 1]

I understand that I need to somehow import my gpg secret key in the virtual runner where the actions workflow is running, but i cannot figure out a way to import my secret key in the virtual runner via the GitHub actions workflow ?

Below is my workflow:-

jobs:
  publish:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Set up Maven Central Repository
        uses: actions/setup-java@v1
        with:
          java-version: 1.8
      - name: Display settings.xml
        run: |
          echo "<settings><servers><server><id>ossrh</id><username>${{ secrets.OSSRH_USERNAME }}</username><password>${{ secrets.OSSRH_TOKEN }}</password></server></servers><profiles><profile><id>ossrh</id><activation><activeByDefault>true</activeByDefault></activation><properties><gpg.keyname>${{ secrets.GPG_KEY_ID }}</gpg.keyname><gpg.passphrase>'${{ secrets.GPG_PASSPHRASE }}'</gpg.passphrase></properties></profile></profiles></settings>" > /home/runner/.m2/settings.xml
          cat /home/runner/.m2/settings.xml
      - name: Build Maven Project
        run: mvn clean install
      - name: Publish to Apache Maven Central
        run: mvn deploy

Solution

  • Thank You everyone for your response. I now use this GitHub actions which makes the process much more simpler:

    Step 1: Extract the secret key

    gpg --list-secret-keys --keyid-format LONG
    gpg --export-secret-keys --armor {your_keyId}
    

    Step 2: Store the extracted GPG key and passphrase as secrets

    step 3: Include this step in your workflow

    - name: Import GPG Key
      uses: crazy-max/ghaction-import-gpg@v1
      env:
         GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
         PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}