Skip to content

Maven Central Java release will fail: port GPG signing fixes from rodbus #428

Description

@jadamcrain

Problem

The release-maven job in .github/workflows/ci.yml has two bugs that will cause the Java release to Maven Central to fail GPG signing. These were already fixed in rodbus (PRs stepfunc/rodbus#182 and stepfunc/rodbus#183) but never ported back to dnp3.

We need to fix these before the next release.

Bug 1 — wrong GPG action input name (ci.yml:430)

- name: Import PGP key
  uses: crazy-max/ghaction-import-gpg@v7
  with:
    gpg-private-key: ${{ secrets.SFIO_PGP_PRIVATE_KEY }}   # ❌ hyphenated

ghaction-import-gpg@v7 expects gpg_private_key (underscore). With the hyphenated name the input is silently ignored and no key is imported.

Fix:

    gpg_private_key: ${{ secrets.SFIO_PGP_PRIVATE_KEY }}

(Also capture the import step output: add id: import_gpg to the step — needed for Bug 2.)

Bug 2 — no signing key selected (ci.yml:460)

gpg --batch --yes --pinentry-mode loopback --passphrase "..." --armor --detach-sign "$file"

ghaction-import-gpg@v7 does not configure a default signing key, so this fails with "no default secret key". Select the key explicitly by fingerprint:

gpg --batch --yes --pinentry-mode loopback \
  --local-user "${{ steps.import_gpg.outputs.fingerprint }}" \
  --passphrase "${{ secrets.SFIO_PGP_PRIVATE_KEY_PASSPHRASE }}" \
  --armor --detach-sign "$file"

Reference

See the working version in rodbus ci.yml (release-maven job) — the import step uses id: import_gpg + gpg_private_key, and the sign loop uses --local-user "${{ steps.import_gpg.outputs.fingerprint }}".

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions