i'm running a GitHub Action workflow and have failing error when try to run maven install. it's required me to sign before i can install maven packages. here my workflow yml file :
name: Github Action
on:
push:
branches:
- master
- release/*
schedule:
- cron: '0 0 * * 0'
jobs:
build:
name: Main
runs-on: ${{ matrix.operating-system }}
strategy:
matrix:
java-version: [1.8]
operating-system: [ubuntu-latest]
steps:
- name: Prepare
uses: actions/checkout@v1
- name: Set Up Java Development Kit
uses: actions/setup-java@v1
with:
java-version: ${{ matrix.java-version }}
- name: Maven build clean, build, test and install
run: |
mvn clean
mvn install
mvn package --file pom.xml
And this is what i get :
gpg: directory '/${HOME}/.gnupg' created
gpg: keybox '/${HOME}/.gnupg/pubring.kbx' created
gpg: no default secret key: No secret key
gpg: signing failed: No secret key
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 22.278 s
[INFO] Finished at: 2019-10-03T06:56:51Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-gpg-plugin:1.6:sign (sign-artifacts) on project core: Exit code: 2 -> [Help 1]
Is there any way to sign our packages with github action workflows?
The most common answer you are going to get is to use samuelmeuli/action-maven-publish. There are two issues with this plugin - it writes the secret key file to disk in the home directory, and it does not allow you to customize your Apache Maven command-line to the fullest extent possible.
Instead, you can use GitHub actions secrets and the gpg command-line to install the gpg secret key, using instructions from How to Sign and Release to The Central Repository with GitHub Actions.