From 661c4c13b4a1233ff2ce61aa2abb60c43b91f1f6 Mon Sep 17 00:00:00 2001 From: Dmitry Shibanov Date: Fri, 12 Feb 2021 12:26:52 +0300 Subject: [PATCH 1/3] update docs to notes about maven and gpg --- README.md | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 2cd5af64a..1904450e7 100644 --- a/README.md +++ b/README.md @@ -85,6 +85,23 @@ jobs: ``` ## Publishing using Apache Maven + +### Extra setup for pom.xml: + +According to possible issues with `Inappropriate ioctl for device` or `gpg: signing failed: No such file or directory`, Maven GPG Plugin configuration in pom.xml should contain the following: + +``` + + + + --pinentry-mode + loopback + + +``` +GPG 2.1 requires `--pinentry-mode` to be set to `loopback` in order to pick up `gpg.passphrase` value defined in Maven `settings.xml` + +### Yaml example: ```yaml jobs: build: @@ -164,10 +181,14 @@ The two `settings.xml` files created from the above example look like the follow ``` -***NOTE: The `settings.xml` file is created in the Actions $HOME directory. If you have an existing `settings.xml` file at that location, it will be overwritten. See below for using the `settings-path` to change your `settings.xml` file location.*** +***NOTE: The `settings.xml` file is created in the Actions $HOME/.m2 directory. If you have an existing `settings.xml` file at that location, it will be overwritten. See below for using the `settings-path` to change your `settings.xml` file location.*** + +### GPG If `gpg-private-key` input is provided, the private key will be written to a file in the runner's temp directory, the private key file will be imported into the GPG keychain, and then the file will be promptly removed before proceeding with the rest of the setup process. A cleanup step will remove the imported private key from the GPG keychain after the job completes regardless of the job status. This ensures that the private key is no longer accessible on self-hosted runners and cannot "leak" between jobs (hosted runners are always clean instances). +**GPG key should be imported through: `gpg --armor --export-secret-keys YOUR_ID`** + See the help docs on [Publishing a Package](https://help.github.com/en/github/managing-packages-with-github-packages/configuring-apache-maven-for-use-with-github-packages#publishing-a-package) for more information on the `pom.xml` file. ## Publishing using Gradle From 719bcb4f945a58c97eeb644698d5ffc55025bac8 Mon Sep 17 00:00:00 2001 From: Dmitry Shibanov Date: Fri, 12 Feb 2021 16:16:23 +0300 Subject: [PATCH 2/3] resolve comments --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 1904450e7..ae33eb25b 100644 --- a/README.md +++ b/README.md @@ -88,7 +88,7 @@ jobs: ### Extra setup for pom.xml: -According to possible issues with `Inappropriate ioctl for device` or `gpg: signing failed: No such file or directory`, Maven GPG Plugin configuration in pom.xml should contain the following: +Maven GPG Plugin configuration in pom.xml file should contain the following structure to avoid possible issues like `Inappropriate ioctl for device` or `gpg: signing failed: No such file or directory`: ``` @@ -187,7 +187,7 @@ The two `settings.xml` files created from the above example look like the follow If `gpg-private-key` input is provided, the private key will be written to a file in the runner's temp directory, the private key file will be imported into the GPG keychain, and then the file will be promptly removed before proceeding with the rest of the setup process. A cleanup step will remove the imported private key from the GPG keychain after the job completes regardless of the job status. This ensures that the private key is no longer accessible on self-hosted runners and cannot "leak" between jobs (hosted runners are always clean instances). -**GPG key should be imported through: `gpg --armor --export-secret-keys YOUR_ID`** +**GPG key should be imported by: `gpg --armor --export-secret-keys YOUR_ID`** See the help docs on [Publishing a Package](https://help.github.com/en/github/managing-packages-with-github-packages/configuring-apache-maven-for-use-with-github-packages#publishing-a-package) for more information on the `pom.xml` file. From 4d656d01380096014493a78de2261bc7f1e41e91 Mon Sep 17 00:00:00 2001 From: Dmitry Shibanov Date: Mon, 15 Feb 2021 10:22:04 +0300 Subject: [PATCH 3/3] work on resolving comments --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index ae33eb25b..db93c2317 100644 --- a/README.md +++ b/README.md @@ -88,9 +88,9 @@ jobs: ### Extra setup for pom.xml: -Maven GPG Plugin configuration in pom.xml file should contain the following structure to avoid possible issues like `Inappropriate ioctl for device` or `gpg: signing failed: No such file or directory`: +The Maven GPG Plugin configuration in the pom.xml file should contain the following structure to avoid possible issues like `Inappropriate ioctl for device` or `gpg: signing failed: No such file or directory`: -``` +```xml @@ -99,7 +99,7 @@ Maven GPG Plugin configuration in pom.xml file should contain the following stru ``` -GPG 2.1 requires `--pinentry-mode` to be set to `loopback` in order to pick up `gpg.passphrase` value defined in Maven `settings.xml` +GPG 2.1 requires `--pinentry-mode` to be set to `loopback` in order to pick up the `gpg.passphrase` value defined in Maven `settings.xml`. ### Yaml example: ```yaml