ryjones
commented
1 month ago @bestbeforetoday the change was to add other repos. Let me dig in.
Open bestbeforetoday opened 1 month ago
ryjones
commented
1 month ago @bestbeforetoday the change was to add other repos. Let me dig in.
bestbeforetoday
commented
1 month ago Actually I see a successful run 2 weeks ago, which I suppose would have been since the change.
ryjones
commented
1 month ago I need to recover these tokens - I'm working on it.
ryjones
commented
1 month ago @bestbeforetoday I've updated them
bestbeforetoday
commented
1 month ago I am still seeing the same error:
[INFO] --- maven-gpg-plugin:3.2.4:sign (sign-artifacts) @ fabric-gateway ---
[INFO] Signer 'gpg' is signing 5 files with key default
gpg: no default secret key: No secret key
gpg: signing failed: No secret keyAs an intermin fix, I added my own credentials as repository-level overrides of these secrets, and publication works fine with them, so there does seem to be an issue with the org-level secrets.
Note that the OSSRH_GPG_SECRET_KEY should be an ASCII-armored private key. With GPG this is exported from the local keyring something like:
gpg --export-secret-key --armor KEY-ID > secret-key.ascThe contents should look something like:
-----BEGIN PGP PRIVATE KEY BLOCK-----
mDMEXzfPyBYJKwYBBAHaRw8BAQdA/pBUfiCdarWpVHzmjfg8mHEQPXGZpea0clIw
/U...etc...
-----END PGP PRIVATE KEY BLOCK-----Strange. Identus is able to use it. I will look into it later today.
ryjones
commented
3 days ago @bestbeforetoday is it working now? https://github.com/hyperledger/fabric-gateway/actions/runs/8685040064/job/23813717831
bestbeforetoday
commented
2 days ago I added my own credentials to override the org-level secrets so publishing would work. I've removed my overrides now so we'll see when the next change goes in.
ryjones
commented
2 days ago thanks. if it doesn't work I don't know what to do - the same credentials are working for Identus
bestbeforetoday
commented
2 days ago Still fails here: https://github.com/hyperledger/fabric-gateway/actions/runs/10737559636/job/29779682539#step:4:178
I don't obviously see where Identus is actually using these secrets to do GPG signing of Maven artifacts. As mentioned above, this was all working for me for a long time. Nothing changed in my build pipelines but a change to the secrets broke the signing. My own credentials (in repository-level secrets) continue to work fine.
GitHub repo: hyperledger/fabric-gateway
The Maven publishing workflow to publish Java artifacts (in this case to GitHub Packages) has recently started failing with the following error:
The workflow uses the
OSSRH_GPG_SECRET_KEYorganization secret as the GPG secret key. Until recently, this has been working fine. The workflow has not changed for a long time. I notice that this secret was last updated 3 weeks ago. Perhaps the updated key is not good, or the format has changed?