Skip to content

gpg: signing failed: No secret key #72

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Open
brazarb opened this issue Jun 27, 2023 · 4 comments
Open

gpg: signing failed: No secret key #72

brazarb opened this issue Jun 27, 2023 · 4 comments

Comments

@brazarb
Copy link

brazarb commented Jun 27, 2023

I've followed the steps using crazy-max/ghaction-import-gpg as the documentation recommended.

However I'm having no luck getting the commitizen-action to sign the commits/tags etc.

name: Bump Version

on:
  push:
    branches:
      - main

jobs:
  build:
    if: "!startsWith(github.event.head_commit.message, 'bump:')"
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0
          token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
      - name: Import GPG key
        id: import_gpg
        uses: crazy-max/ghaction-import-gpg@v5
        with:
          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
          passphrase: ${{ secrets.GPG_PASSPHRASE }}
          trust_level: 5
          git_user_signingkey: true
          git_commit_gpgsign: true
          git_tag_gpgsign: true
          git_config_global: true
      - name: List keys
        run: |
          gpg --list-keys
          echo ${{ steps.import_gpg.outputs.fingerprint }}
          echo ${{ steps.import_gpg.outputs.keyid }}
          git config --global --list
      - name: Create bump and changelog
        uses: commitizen-tools/commitizen-action@master
        with:
          github_token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
          git_name: ${{ steps.import_gpg.outputs.name }}
          git_email: ${{ steps.import_gpg.outputs.email }}
          changelog_increment_filename: VERSION.md
          gpg_sign: false
          debug: true
      - name: Output REVISION
        run: |
          echo ${{ env.REVISION }}
      - name: Release
        uses: softprops/action-gh-release@v1
        with:
          body_path: "VERSION.md"
          tag_name: "v${{ env.REVISION }}"
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Commitizen version: 3.5.2
cz --debug --no-raise 21 bump --yes --gpg-sign --changelog --check-consistency
bump: version 0.0.2 → 0.0.3
tag to create: v0.0.3
increment detected: PATCH

[main 6aee056] bump: version 0.0.2 → 0.0.3
 1 file changed, 13 insertions(+)

error: gpg failed to sign the data:
gpg: directory '/github/home/.gnupg' created
gpg: skipped "brazarb <11[102](https://github.com/org/ClickUpTest/actions/runs/*******/jobs/*********#step:6:103)******+******@users.noreply.github.com>": No secret key
[GNUPG:] INV_SGNR 9 author <*******+******@users.noreply.github.com>
[GNUPG:] FAILURE sign 17
gpg: signing failed: No secret key

error: unable to sign the tag

Traceback (most recent call last):
  File "/usr/local/bin/cz", line 8, in <module>
    sys.exit(main())
  File "/usr/local/lib/python3.8/site-packages/commitizen/cli.py", line 463, in main
    args.func(conf, vars(args))()
  File "/usr/local/lib/python3.8/site-packages/commitizen/commands/bump.py", line 351, in __call__
    raise BumpTagFailedError(c.err)
commitizen.exceptions.BumpTagFailedError: error: gpg failed to sign the data:
gpg: directory '/github/home/.gnupg' created
gpg: skipped "author <******+******@users.noreply.github.com>": No secret key
[GNUPG:] INV_SGNR 9 author <******+******@users.noreply.github.com>
[GNUPG:] FAILURE sign 17
gpg: signing failed: No secret key

error: unable to sign the tag

Checking git config --global --list matches the name, email and signing key.
@brazarb
Copy link
Author

brazarb commented Jun 28, 2023
edited
Loading

Is this the reason #50 (comment)?

If so, any plans on how to solve this?

@Kambi-V
Copy link

Kambi-V commented Jul 17, 2024

@brazarb we're you able to sign off commits, i am using a similar approach to yours and keep getting the same error

@Kambi-V
Copy link

Kambi-V commented Jul 23, 2024

@brazarb you can give this a look, it was of help
https://github.com/adam-grant-hendry/poetry_plugin_constrain/blob/main/.github/workflows/release.yml

@suasuasuasuasua suasuasuasuasua mentioned this issue Dec 19, 2024
Closed
@amilstead
Copy link

amilstead commented Apr 7, 2025
edited
Loading

Also running into this issue. It appears to be because the commitizen action is run in a Docker image using a different version of gpg and in-container configuration path, whereas crazy-max/ghaction-import-gpg is not containerized and configures gpg in the context of a given runner job. Unless commitizen-tools/commitizen-action is able to mount those user/gpg config directories, gpg signing will never work inside this action.

CC: @adam-grant-hendry

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@amilstead @Kambi-V @brazarb