Problem
The release-maven job in .github/workflows/ci.yml has two bugs that will cause the Java release to Maven Central to fail GPG signing. These were already fixed in rodbus (PRs stepfunc/rodbus#182 and stepfunc/rodbus#183) but never ported back to dnp3.
We need to fix these before the next release.
Bug 1 — wrong GPG action input name (ci.yml:430)
- name: Import PGP key
uses: crazy-max/ghaction-import-gpg@v7
with:
gpg-private-key: ${{ secrets.SFIO_PGP_PRIVATE_KEY }} # ❌ hyphenated
ghaction-import-gpg@v7 expects gpg_private_key (underscore). With the hyphenated name the input is silently ignored and no key is imported.
Fix:
gpg_private_key: ${{ secrets.SFIO_PGP_PRIVATE_KEY }}
(Also capture the import step output: add id: import_gpg to the step — needed for Bug 2.)
Bug 2 — no signing key selected (ci.yml:460)
gpg --batch --yes --pinentry-mode loopback --passphrase "..." --armor --detach-sign "$file"
ghaction-import-gpg@v7 does not configure a default signing key, so this fails with "no default secret key". Select the key explicitly by fingerprint:
gpg --batch --yes --pinentry-mode loopback \
--local-user "${{ steps.import_gpg.outputs.fingerprint }}" \
--passphrase "${{ secrets.SFIO_PGP_PRIVATE_KEY_PASSPHRASE }}" \
--armor --detach-sign "$file"
Reference
See the working version in rodbus ci.yml (release-maven job) — the import step uses id: import_gpg + gpg_private_key, and the sign loop uses --local-user "${{ steps.import_gpg.outputs.fingerprint }}".
Problem
The
release-mavenjob in.github/workflows/ci.ymlhas two bugs that will cause the Java release to Maven Central to fail GPG signing. These were already fixed in rodbus (PRs stepfunc/rodbus#182 and stepfunc/rodbus#183) but never ported back to dnp3.We need to fix these before the next release.
Bug 1 — wrong GPG action input name (
ci.yml:430)ghaction-import-gpg@v7expectsgpg_private_key(underscore). With the hyphenated name the input is silently ignored and no key is imported.Fix:
(Also capture the import step output: add
id: import_gpgto the step — needed for Bug 2.)Bug 2 — no signing key selected (
ci.yml:460)ghaction-import-gpg@v7does not configure a default signing key, so this fails with "no default secret key". Select the key explicitly by fingerprint:Reference
See the working version in rodbus
ci.yml(release-mavenjob) — the import step usesid: import_gpg+gpg_private_key, and the sign loop uses--local-user "${{ steps.import_gpg.outputs.fingerprint }}".