Menu
i'm running a GitHub Action workflow and have failing error when try to run maven install. it's required me to sign before i can install maven packages. here my workflow yml file :
name: Github Action
on:
push:
branches:
- master
- release/*
schedule:
- cron: '0 0 * * 0'
jobs:
build:
name: Main
runs-on: ${{ matrix.operating-system }}
strategy:
matrix:
java-version: [1.8]
operating-system: [ubuntu-latest]
steps:
- name: Prepare
uses: actions/checkout@v1
- name: Set Up Java Development Kit
uses: actions/setup-java@v1
with:
java-version: ${{ matrix.java-version }}
- name: Maven build clean, build, test and install
run: |
mvn clean
mvn install
mvn package --file pom.xml
And this is what i get :
gpg: directory '/${HOME}/.gnupg' created
gpg: keybox '/${HOME}/.gnupg/pubring.kbx' created
gpg: no default secret key: No secret key
gpg: signing failed: No secret key
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 22.278 s
[INFO] Finished at: 2019-10-03T06:56:51Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-gpg-plugin:1.6:sign (sign-artifacts) on project core: Exit code: 2 -> [Help 1]
Is there any way to sign our packages with github action workflows?
864
The best solution I've been able to find consists of these steps: Create a branch called mvn-repo to host your maven artifacts. Use the github site-maven-plugin to push your artifacts to github. Configure maven to use your remote mvn-repo as a maven repository.
GitHub Actions usage is free for both public repositories and self-hosted runners. For private repositories, each GitHub account receives a certain amount of free minutes and storage, depending on the product used with the account.
mvn install is the option that is most often used. mvn package is seldom used, only if you're debugging some issue with the maven build process. Note that mvn package will only create a jar file. mvn install will do that and install the jar (and class etc.)
The most common answer you are going to get is to use samuelmeuli/action-maven-publish. There are two issues with this plugin - it writes the secret key file to disk in the home directory, and it does not allow you to customize your Apache Maven command-line to the fullest extent possible.
Instead, you can use GitHub actions secrets and the gpg command-line to install the gpg secret key, using instructions from How to Sign and Release to The Central Repository with GitHub Actions.
125
Another way is use Sign Maven Plugin which is designed to use in CI/CD systems.
All needed configuration can be done by environment variables.
Sign Maven Plugin doesn't use gpg so you don't need any step with gpg initialization.
You should define secrets
In GitHub Action workflow you pass secrets to build:
- name: Maven build clean, build, test and install
run: mvn ...
env:
SIGN_KEY: ${{ secrets.SIGN_KEY }}
SIGN_KEY_ID: ${{ secrets. SIGN_KEY_ID }}
SIGN_KEY_PASS: ${{ secrets. SIGN_KEY_PASS }}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
