search

actions / setup-java

Set up your GitHub Actions workflow with a specific version of Java
MIT License
1.47k stars 708 forks source link

GPG-Signing of maven artifacts fails on Windows runners with `actions/setup-java@v4` and `maven-gpg-plugin` `v3.2.4` #629

Open ralfkonrad opened 2 months ago

ralfkonrad commented 2 months ago

Description: GPG-Signing of maven artifacts fails only on Windows runners using actions/setup-java@v4 and the updated maven-gpg-plugin v3.2.0-v3.2.4. However, the previous plugin version v3.1.0 does not cause any problems for no runner.

The error is gpg: signing failed: Bad passphrase, see e.g. here.

However, the new plugin versions v3.2.x work on my local windows 10 machine.

The GPG private key and passphrase provided as secrets obviously work for the old plugin on windows and the new one on ubuntu and macOS.

I'm aware that this is perhaps not (only) an error in this action but perhaps in the maven-gpg-plugin or in the interaction between them.

Task version: actions/setup-java@v4

Platform:

Runner type:

Repro steps:
Here is a repository test-mvn-gpg-plugin which reproduces the error in this workflow build-and-sign.

Expected behavior: The GPG-signing is successful for all runners.

Actual behavior: The GPG-signing fails for windows-2019 and windows-2022 runners.

aparnajyothi-y commented 2 months ago

Hello @ralfkonrad, Thank you for creating this issue and we will look into it :)

mahabaleshwars commented 1 month ago

Hello @ralfkonrad, the issue is arising from changes made in the 3.2.0 version of the Apache Maven GPG Plugin. As for the setup-java in connection with the maven-gpg-plugin, it's functioning as expected. We suggest you to report a bug with the Apache Maven GPG Plugin to address this.

mahabaleshwars commented 1 month ago

Hello @ralfkonrad, Can you confirm whether the issue has been addressed?

ralfkonrad commented 1 month ago

Hello @mahabaleshwars,

thanks for picking this up.

And sorry for the late reply, busy times. Unfortunately, I didn't find the time to address this issue to the Apache Maven GPG Plugin.

Regarding

the issue is arising from changes made in the 3.2.0 version of the Apache Maven GPG Plugin

Do you have more inside here? What exactly is the issue?

Also, I'm not sure if it is really (only) their problem. As I mentioned above, the plugin v3.2.4 works fine on my local machine. So the problem might somehow also be linked to setup-java, the windows GitHub runners or the gpg version used.

For me it is not obvious who is responsible here and what needs to be changed.

Best Ralf