GitHub Actions : How to resolve : "The process '/usr/bin/gpg' failed with exit code 2" problem on actions/setup-java@v3

Question

Introduction

Currently, I'm trying to contribute on a GitHub Action that automatically publishes a java library. The branch where I'm developing: https://github.com/MathieuSoysal/Java-maven-library-publisher/tree/2-add-automated-tests

The yaml code of the Action :

name: Java maven library publisher
author: "Mathieu Soysal (@MathieuSoysal)"
description: "Build automatically Java Maven library and publish it to GitHub Packages and Maven Central."
branding:
  icon: "package"
  color: "gray-dark"

inputs:
  nexus-username:
    description: "Nexus username"
    required: true
  nexus-password:
    description: "Nexus password"
    required: true
  gpg-private-key:
    description: "GPG private key"
    required: true
  gpg-passphrase:
    description: "GPG passphrase"
    required: true
  github-token:
    description: "GitHub token"
    required: true
  # Java version to use
  java-version:
    description: "Java version to use"
    required: true
    default: "17"
  # Library version
  library-version:
    description: "Library version"
    required: false
    default: ""

runs:
  using: "composite"

  steps:
    - name: Checkout
      uses: actions/checkout@v3

    - name: Set up JDK 17 for deploy to OSSRH
      uses: actions/setup-java@v3
      with:
        distribution: "adopt"
        java-version: ${{ inputs.java-version }}
        server-id: ossrh
        server-username: ${{ inputs.nexus-username }}
        server-password: ${{ inputs.nexus-password }}
        gpg-private-key: ${{ inputs.gpg-private-key }}
        gpg-passphrase: ${{ inputs.gpg-passphrase }}

    - name: Build with Maven
      run: mvn -B package --file pom.xml
      shell: bash

    - name: Update package version
      if: ${{ inputs.library-version != '' }}
      run: mvn versions:set -DnewVersion=${{ inputs.library-version }}
      shell: bash

    - name: Prepare Maven environnement with Java 17 for deployment to OSSRH
      run: export MAVEN_OPTS="--add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.lang.reflect=ALL-UNNAMED --add-opens=java.base/java.text=ALL-UNNAMED --add-opens=java.desktop/java.awt.font=ALL-UNNAMED"
      shell: bash

    - name: Publish to Apache Maven Central
      run: mvn deploy -PossrhDeploy
      shell: bash
      env:
        MAVEN_USERNAME: ${{ inputs.nexus-username }}
        MAVEN_CENTRAL_TOKEN: ${{ inputs.nexus-password }}
        MAVEN_GPG_PASSPHRASE: ${{ inputs.gpg-passphrase }}

    - name: Set up JDK 17 for deploy to github packages
      uses: actions/setup-java@v3
      with:
        distribution: "adopt"
        java-version: ${{ inputs.java-version }}
        server-id: github

    - name: Publish to GitHub Packages Apache Maven
      run: mvn deploy -PgithubDeploy
      shell: bash
      env:
        GITHUB_TOKEN: ${{ inputs.github-token }}

link to the code: https://github.com/MathieuSoysal/Java-maven-library-publisher/blob/2-add-automated-tests/action.yaml

The workflow that execute the Action:

name: Test Actions

on: [push]

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3

      - name: Maven Library build and publish
        uses: ./
        with:
          nexus-username: ${{ secrets.NEXUS_USERNAME }}
          nexus-password: ${{ secrets.NEXUS_PASSWORD }}
          gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
          gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }}
          library-version: $GITHUB_RUN_NUMBER
          github-token: ${{ secrets.GITHUB_TOKEN }}
          java-version: 17

Link to the code: https://github.com/MathieuSoysal/Java-maven-library-publisher/blob/2-add-automated-tests/.github/workflows/test-action.yml

Problem

When i'm trying to execute the action I obtain this error:

Getting action download info
Download action repository 'actions/setup-java@v3' (SHA:c3ac5dd0ed8db40fedb61c32fbe677e6b355e94c)
Run ./
Run actions/checkout@v3
Syncing repository: ***/Java-maven-library-publisher
Getting Git version info
Temporarily overriding HOME='/home/runner/work/_temp/45376e45-02aa-4aa5-b536-5f744f7e10d3' before making global git config changes
Adding repository directory to the temporary git global config as a safe directory
/usr/bin/git config --global --add safe.directory /home/runner/work/Java-maven-library-publisher/Java-maven-library-publisher
/usr/bin/git config --local --get remote.origin.url
https://github.com/***/Java-maven-library-publisher
Removing previously created refs, to avoid conflicts
Cleaning the repository
Disabling automatic garbage collection
Setting up auth
Fetching the repository
Determining the checkout info
Checking out the ref
/usr/bin/git log -1 --format='%H'
'0e8da131bf626b218ddccbd08a661c7921dfb8da'
Run actions/setup-java@v3
Installed distributions
Creating settings.xml with server-id: ossrh
Writing to /home/runner/.m2/settings.xml
Importing private gpg key
Error: The process '/usr/bin/gpg' failed with exit code 2

Question

Someone know how we can fix this The process '/usr/bin/gpg' failed with exit code 2 for actions/setup-java@v3 ?

Answer 1

Can you make sure GPG private key is in the correct format. The key should be in the ASCII Armored format, which can be done by running the following command:

gpg --armor --export-secret-keys <key_id> > gpg_key.asc

Once the key is in the correct format, add it as an input variable in the Action and pass it to the action in the workflow.

Answer 2

actions/setup-java is tricky here:

gpg-passphrase: description: 'Environment variable name for the GPG private key passphrase. Default is GPG_PASSPHRASE.

So it's not actual passphrase, it's env var name that holds it. Very counter intuitive IMO.

So you need to remove this

gpg-passphrase: ${{ inputs.gpg-passphrase }}

and add this

env:
    GPG_PASSPHRASE: ${{ inputs.gpg-passphrase }}