Trouble with publishing to Sonatype "gpg: no default secret key: No secret key"

[leobenkel]

Hello, I have been using your project for years and everything is wonderful except recently.

For two projects: https://github.com/leobenkel/umlclassdiagram/runs/5167148289?check_suite_focus=true and https://github.com/leobenkel/ZparkIO/runs/4674163615?check_suite_focus=true

I am not able to publish anymore.

With the third one: https://github.com/leobenkel/Soteria/runs/4595934045?check_suite_focus=true it works perfectly well.

All three repos have the exact same values for

PGP_PASSPHRASE
PGP_SECRET
SONATYPE_PASSWORD
SONATYPE_USERNAME

What am I doing wrong ?

When I do gpg -k , I get an expiration date of 2031-12-18 I recently expanded the expiration date. Which made the third of the three repo work again but not the others.

[eed3si9n]

I don't have any answers, but I noticed

[info] gpg: no default secret key: No secret key
[info] gpg: signing failed: No secret key
[error] java.lang.RuntimeException: Failure running 'gpg --batch --pinentry-mode loopback --passphrase *** --detach-sign --armor --use-agent --output /home/runner/work/umlclassdiagram/umlclassdiagram/target/scala-2.12/sbt-1.0/umlclassdiagram-1.0.0.pom.asc /home/runner/work/umlclassdiagram/umlclassdiagram/target/scala-2.12/sbt-1.0/umlclassdiagram-1.0.0.pom'.  Exit code: 2

in the log. There was also a similar report https://github.com/sbt/sbt-ci-release/issues/225.

It is confusing because it does also say

gpg (GnuPG) 2.2.19
gpg: directory '/home/runner/.gnupg' created
gpg: keybox '/home/runner/.gnupg/pubring.kbx' created
gpg: /home/runner/.gnupg/trustdb.gpg: trustdb created
gpg: key 8E544915D44EDDD8: public key "Zparkio Bot <leo.benkel@gmail.com>" imported
gpg: key 8E544915D44EDDD8: secret key imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg:       secret keys read: 1
gpg:   secret keys imported: 1

[leobenkel]

@eed3si9n yes exactly. I am very confused and not sure what to do next haha. Should it be one different private key per library ? that seems really annoying....

[leobenkel]

Or is there a different publishing platform that might be easier instead of sonatype ?

[eed3si9n]

When you query your public key on https://keyserver.ubuntu.com/ does the updated expiration date show up?

[leobenkel]

hmm, i think so ?

[leobenkel]

At least I solved one problem https://issues.sonatype.org/browse/OSSRH-78193

[eed3si9n]

I don't understand the connection here. Are you saying that putting

sonatypeCredentialHost := "oss.sonatype.org"
sonatypeRepository     := "https://oss.sonatype.org/service/local"

somehow resolved your GPG signing of POM files? How is that possible?

[leobenkel]

oh no, i just resolved an other problem i had where i couldnt connect to sonatype.org.

[leobenkel]

well... regenerating the key on gpg worked https://github.com/leobenkel/umlclassdiagram/runs/5203363539?check_suite_focus=true 🤷‍♂️