Open ralfkonrad opened 2 months ago
Hello @ralfkonrad, Thank you for creating this issue and we will look into it :)
Hello @ralfkonrad, the issue is arising from changes made in the 3.2.0 version of the Apache Maven GPG Plugin. As for the setup-java in connection with the maven-gpg-plugin, it's functioning as expected. We suggest you to report a bug with the Apache Maven GPG Plugin to address this.
Hello @ralfkonrad, Can you confirm whether the issue has been addressed?
Hello @mahabaleshwars,
thanks for picking this up.
And sorry for the late reply, busy times. Unfortunately, I didn't find the time to address this issue to the Apache Maven GPG Plugin.
Regarding
the issue is arising from changes made in the 3.2.0 version of the Apache Maven GPG Plugin
Do you have more inside here? What exactly is the issue?
Also, I'm not sure if it is really (only) their problem. As I mentioned above, the plugin v3.2.4
works fine on my local machine. So the problem might somehow also be linked to setup-java
, the windows
GitHub runners or the gpg
version used.
For me it is not obvious who is responsible here and what needs to be changed.
Best Ralf
Description: GPG-Signing of maven artifacts fails only on Windows runners using
actions/setup-java@v4
and the updatedmaven-gpg-plugin
v3.2.0-v3.2.4
. However, the previous plugin versionv3.1.0
does not cause any problems for no runner.The error is
gpg: signing failed: Bad passphrase
, see e.g. here.However, the new plugin versions
v3.2.x
work on my local windows 10 machine.The GPG private key and passphrase provided as secrets obviously work for the old plugin on windows and the new one on ubuntu and macOS.
I'm aware that this is perhaps not (only) an error in this action but perhaps in the
maven-gpg-plugin
or in the interaction between them.Task version:
actions/setup-java@v4
Platform:
Runner type:
Repro steps:
Here is a repository test-mvn-gpg-plugin which reproduces the error in this workflow build-and-sign.
Expected behavior: The GPG-signing is successful for all runners.
Actual behavior: The GPG-signing fails for
windows-2019
andwindows-2022
runners.