search

commitizen-tools / commitizen-action

Commitizen github action to bump and create changelog
MIT License
75 stars 34 forks source link

gpg: signing failed: No secret key #72

Open brazarb opened 1 year ago

brazarb commented 1 year ago

I've followed the steps using crazy-max/ghaction-import-gpg as the documentation recommended.

However I'm having no luck getting the commitizen-action to sign the commits/tags etc.

name: Bump Version

on:
  push:
    branches:
      - main

jobs:
  build:
    if: "!startsWith(github.event.head_commit.message, 'bump:')"
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0
          token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
      - name: Import GPG key
        id: import_gpg
        uses: crazy-max/ghaction-import-gpg@v5
        with:
          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
          passphrase: ${{ secrets.GPG_PASSPHRASE }}
          trust_level: 5
          git_user_signingkey: true
          git_commit_gpgsign: true
          git_tag_gpgsign: true
          git_config_global: true
      - name: List keys
        run: |
          gpg --list-keys
          echo ${{ steps.import_gpg.outputs.fingerprint }}
          echo ${{ steps.import_gpg.outputs.keyid }}
          git config --global --list
      - name: Create bump and changelog
        uses: commitizen-tools/commitizen-action@master
        with:
          github_token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
          git_name: ${{ steps.import_gpg.outputs.name }}
          git_email: ${{ steps.import_gpg.outputs.email }}
          changelog_increment_filename: VERSION.md
          gpg_sign: false
          debug: true
      - name: Output REVISION
        run: |
          echo ${{ env.REVISION }}
      - name: Release
        uses: softprops/action-gh-release@v1
        with:
          body_path: "VERSION.md"
          tag_name: "v${{ env.REVISION }}"
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Commitizen version: 3.5.2
cz --debug --no-raise 21 bump --yes --gpg-sign --changelog --check-consistency
bump: version 0.0.2 → 0.0.3
tag to create: v0.0.3
increment detected: PATCH

[main 6aee056] bump: version 0.0.2 → 0.0.3
 1 file changed, 13 insertions(+)

error: gpg failed to sign the data:
gpg: directory '/github/home/.gnupg' created
gpg: skipped "brazarb <11[102](https://github.com/org/ClickUpTest/actions/runs/*******/jobs/*********#step:6:103)******+******@users.noreply.github.com>": No secret key
[GNUPG:] INV_SGNR 9 author <*******+******@users.noreply.github.com>
[GNUPG:] FAILURE sign 17
gpg: signing failed: No secret key

error: unable to sign the tag

Traceback (most recent call last):
  File "/usr/local/bin/cz", line 8, in <module>
    sys.exit(main())
  File "/usr/local/lib/python3.8/site-packages/commitizen/cli.py", line 463, in main
    args.func(conf, vars(args))()
  File "/usr/local/lib/python3.8/site-packages/commitizen/commands/bump.py", line 351, in __call__
    raise BumpTagFailedError(c.err)
commitizen.exceptions.BumpTagFailedError: error: gpg failed to sign the data:
gpg: directory '/github/home/.gnupg' created
gpg: skipped "author <******+******@users.noreply.github.com>": No secret key
[GNUPG:] INV_SGNR 9 author <******+******@users.noreply.github.com>
[GNUPG:] FAILURE sign 17
gpg: signing failed: No secret key

error: unable to sign the tag

Checking git config --global --list matches the name, email and signing key.

brazarb commented 1 year ago

Is this the reason https://github.com/commitizen-tools/commitizen-action/issues/50#issuecomment-1289884966?

If so, any plans on how to solve this?

Kambi-V commented 3 months ago

@brazarb we're you able to sign off commits, i am using a similar approach to yours and keep getting the same error

Kambi-V commented 3 months ago

@brazarb you can give this a look, it was of help https://github.com/adam-grant-hendry/poetry_plugin_constrain/blob/main/.github/workflows/release.yml