No errors but can't sign commits
See original GitHub issueHey! 👋
Thanks for this GitHub Action.
Behaviour
Actual behaviour
I can’t sign commits in GitHub Actions.
Following the README, here’s what I did:
-
export the GPG private key as an ASCII armored version to your clipboard (I’m on Ubuntu 21.04)
gpg --armor --export-secret-key contact@divlo.fr -w0 | xclip
-
Set
GPG_PRIVATE_KEY
in my repo secrets -
Have a workflow file like this:
name: 'Release'
on:
push:
branches: [master, develop]
pull_request:
branches: [master, develop]
jobs:
release:
runs-on: 'ubuntu-latest'
steps:
- uses: 'actions/checkout@v2.3.4'
- name: 'Import GPG key'
uses: 'crazy-max/ghaction-import-gpg@v3.2.0'
with:
gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
git-user-signingkey: true
git-commit-gpgsign: true
-
name: GPG user IDs
run: |
echo "fingerprint: ${{ steps.import_gpg.outputs.fingerprint }}"
echo "keyid: ${{ steps.import_gpg.outputs.keyid }}"
echo "name: ${{ steps.import_gpg.outputs.name }}"
echo "email: ${{ steps.import_gpg.outputs.email }}"
- name: Sign commit and push changes
run: |
printf 'signed commit\n' > bar.txt
git add .
git commit -S -m "chore: this commit should be gpg signed! [skip ci]"
git push
I have created a temporary GitHub repo to try to sign commits, I’ll remove it later (when hopefully it works).
- Repository URL (if public): https://github.com/Divlo/test-release-app
There are lot of commits, because actually I tried everything but nothing seems to work. Latest run : https://github.com/Divlo/test-release-app/runs/3377173175
As you can, the step called GPG user IDs
prints nothing.
And there is no error with Import GPG key
It correctly create bar.txt
and commit the file but the commit is not signed.
I’m using the GPG_PRIVATE_KEY
both locally and for this GitHub Action.
All my commits created and pushed locally are signed but not the ones created with the GitHub Action.
I generated the key with $ gpg --full-generate-key
without passphrase
following https://docs.github.com/en/github/authenticating-to-github/managing-commit-signature-verification/generating-a-new-gpg-key.
I tried to use crazy-max/ghaction-import-gpg@openpgp5
instead of crazy-max/ghaction-import-gpg@v3.2.0
and I’ve got this error: Error: Key block contains multiple keys
But it only contains 1 key, it works locally and with 3.2.0
, there is no error.
I would love to have some help, thanks a lot! 😄
Issue Analytics
- State:
- Created 2 years ago
- Comments:5 (3 by maintainers)
@Divlo You’re welcome! (bonjour de Nancy ^^)
Also the
id
in theImport GPG key
step is missing if you want to use theoutputs
: