Skip to content

gpg: signing failed: No secret key #72

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
brazarb opened this issue Jun 27, 2023 · 4 comments
Open

gpg: signing failed: No secret key #72

brazarb opened this issue Jun 27, 2023 · 4 comments

Comments

@brazarb
Copy link

brazarb commented Jun 27, 2023

I've followed the steps using crazy-max/ghaction-import-gpg as the documentation recommended.

However I'm having no luck getting the commitizen-action to sign the commits/tags etc.

name: Bump Version

on:
  push:
    branches:
      - main

jobs:
  build:
    if: "!startsWith(github.event.head_commit.message, 'bump:')"
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0
          token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
      - name: Import GPG key
        id: import_gpg
        uses: crazy-max/ghaction-import-gpg@v5
        with:
          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
          passphrase: ${{ secrets.GPG_PASSPHRASE }}
          trust_level: 5
          git_user_signingkey: true
          git_commit_gpgsign: true
          git_tag_gpgsign: true
          git_config_global: true
      - name: List keys
        run: |
          gpg --list-keys
          echo ${{ steps.import_gpg.outputs.fingerprint }}
          echo ${{ steps.import_gpg.outputs.keyid }}
          git config --global --list
      - name: Create bump and changelog
        uses: commitizen-tools/commitizen-action@master
        with:
          github_token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
          git_name: ${{ steps.import_gpg.outputs.name }}
          git_email: ${{ steps.import_gpg.outputs.email }}
          changelog_increment_filename: VERSION.md
          gpg_sign: false
          debug: true
      - name: Output REVISION
        run: |
          echo ${{ env.REVISION }}
      - name: Release
        uses: softprops/action-gh-release@v1
        with:
          body_path: "VERSION.md"
          tag_name: "v${{ env.REVISION }}"
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Commitizen version: 3.5.2
cz --debug --no-raise 21 bump --yes --gpg-sign --changelog --check-consistency
bump: version 0.0.2 → 0.0.3
tag to create: v0.0.3
increment detected: PATCH

[main 6aee056] bump: version 0.0.2 → 0.0.3
 1 file changed, 13 insertions(+)

error: gpg failed to sign the data:
gpg: directory '/github/home/.gnupg' created
gpg: skipped "brazarb <11[102](https://github.com/org/ClickUpTest/actions/runs/*******/jobs/*********#step:6:103)******+******@users.noreply.github.com>": No secret key
[GNUPG:] INV_SGNR 9 author <*******+******@users.noreply.github.com>
[GNUPG:] FAILURE sign 17
gpg: signing failed: No secret key

error: unable to sign the tag

Traceback (most recent call last):
  File "/usr/local/bin/cz", line 8, in <module>
    sys.exit(main())
  File "/usr/local/lib/python3.8/site-packages/commitizen/cli.py", line 463, in main
    args.func(conf, vars(args))()
  File "/usr/local/lib/python3.8/site-packages/commitizen/commands/bump.py", line 351, in __call__
    raise BumpTagFailedError(c.err)
commitizen.exceptions.BumpTagFailedError: error: gpg failed to sign the data:
gpg: directory '/github/home/.gnupg' created
gpg: skipped "author <******+******@users.noreply.github.com>": No secret key
[GNUPG:] INV_SGNR 9 author <******+******@users.noreply.github.com>
[GNUPG:] FAILURE sign 17
gpg: signing failed: No secret key

error: unable to sign the tag

Checking git config --global --list matches the name, email and signing key.
@brazarb
Copy link
Author

brazarb commented Jun 28, 2023
edited
Loading

Is this the reason #50 (comment)?

If so, any plans on how to solve this?

@Kambi-V
Copy link

Kambi-V commented Jul 17, 2024

@brazarb we're you able to sign off commits, i am using a similar approach to yours and keep getting the same error

@Kambi-V
Copy link

Kambi-V commented Jul 23, 2024

@brazarb you can give this a look, it was of help
https://github.com/adam-grant-hendry/poetry_plugin_constrain/blob/main/.github/workflows/release.yml

@suasuasuasuasua suasuasuasuasua mentioned this issue Dec 19, 2024
Closed
@amilstead
Copy link

amilstead commented Apr 7, 2025
edited
Loading

Also running into this issue. It appears to be because the commitizen action is run in a Docker image using a different version of gpg and in-container configuration path, whereas crazy-max/ghaction-import-gpg is not containerized and configures gpg in the context of a given runner job. Unless commitizen-tools/commitizen-action is able to mount those user/gpg config directories, gpg signing will never work inside this action.

CC: @adam-grant-hendry

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@amilstead @Kambi-V @brazarb