Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

No errors but can't sign commits

See original GitHub issue

Hey! 👋

Thanks for this GitHub Action.

Behaviour

Actual behaviour

I can’t sign commits in GitHub Actions.

Following the README, here’s what I did:

export the GPG private key as an ASCII armored version to your clipboard (I’m on Ubuntu 21.04) gpg --armor --export-secret-key contact@divlo.fr -w0 | xclip
Set GPG_PRIVATE_KEY in my repo secrets
Have a workflow file like this:

name: 'Release'

on:
  push:
    branches: [master, develop]
  pull_request:
    branches: [master, develop]

jobs:
  release:
    runs-on: 'ubuntu-latest'
    steps:
      - uses: 'actions/checkout@v2.3.4'

      - name: 'Import GPG key'
        uses: 'crazy-max/ghaction-import-gpg@v3.2.0'
        with:
          gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
          git-user-signingkey: true
          git-commit-gpgsign: true

      -
        name: GPG user IDs
        run: |
          echo "fingerprint: ${{ steps.import_gpg.outputs.fingerprint }}"
          echo "keyid:       ${{ steps.import_gpg.outputs.keyid }}"
          echo "name:        ${{ steps.import_gpg.outputs.name }}"
          echo "email:       ${{ steps.import_gpg.outputs.email }}"

      - name: Sign commit and push changes
        run: |
          printf 'signed commit\n' > bar.txt
          git add .
          git commit -S -m "chore: this commit should be gpg signed! [skip ci]"
          git push

I have created a temporary GitHub repo to try to sign commits, I’ll remove it later (when hopefully it works).

Repository URL (if public): https://github.com/Divlo/test-release-app

There are lot of commits, because actually I tried everything but nothing seems to work. Latest run : https://github.com/Divlo/test-release-app/runs/3377173175

As you can, the step called GPG user IDs prints nothing. And there is no error with Import GPG key It correctly create bar.txt and commit the file but the commit is not signed.

I’m using the GPG_PRIVATE_KEY both locally and for this GitHub Action. All my commits created and pushed locally are signed but not the ones created with the GitHub Action. I generated the key with $ gpg --full-generate-key without passphrase following https://docs.github.com/en/github/authenticating-to-github/managing-commit-signature-verification/generating-a-new-gpg-key.

I tried to use crazy-max/ghaction-import-gpg@openpgp5 instead of crazy-max/ghaction-import-gpg@v3.2.0 and I’ve got this error: Error: Key block contains multiple keys But it only contains 1 key, it works locally and with 3.2.0, there is no error.

I would love to have some help, thanks a lot! 😄

Issue Analytics

State:
Created 2 years ago
Comments:5 (3 by maintainers)

Top GitHub Comments

2reactions

crazy-maxcommented, Sep 1, 2021

@Divlo You’re welcome! (bonjour de Nancy ^^)

1reaction

crazy-maxcommented, Sep 1, 2021

Also the id in the Import GPG key step is missing if you want to use the outputs:

      - name: 'Import GPG key'
        id: import_gpg
        uses: 'crazy-max/ghaction-import-gpg@v3.2.0'
        with:
          gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
          git-user-signingkey: true
          git-commit-gpgsign: true