Description:
The documentation of the setup-java action states that for the maven-gpg-plugin the gpgArguments should be configured to be --pinentry-mode loopback in order to "to pick up the gpg.passphrase value defined in Maven settings.xml." and consequently avoid failures of the signing process (this was added with PR #122).
But I just set up a Maven build that includes GPG signing and succeeds even tough the --pinentry-mode loopback arguments in the maven-gpg-plugin are not set.
Therefore I wonder if these arguments are still necessary? Maybe due to updates to GPG or the version used in the GH runners or maybe there is some magic environment configuration in the GH runners themself? I'm neither very familiar with GPG nor with the GitHub Action runners, so I cannot tell.
I just noticed that it worked for me even for several builds without that configuration. Or have I just been lucky and could get the errors mentioned in the document in some day?
Task version:
v2
Platform:
Runner type:
Repro steps:
Set up a usual Maven build that includes gpg signing, but without specifying the --pinentry-mode loopback arguments for the gpg-process like I did here:
https://github.com/axkr/symja_android_library/blob/master/symja_android_library/pom.xml
The GH-workflow used to perform the build is:
https://github.com/axkr/symja_android_library/blob/master/.github/workflows/maven-build-master-and-publish-snapshot.yml
Expected behavior:
Failure of the GPG signing process.
Actual behavior:
Signing completed successfully.
Description:
The documentation of the
setup-javaaction states that for themaven-gpg-pluginthegpgArgumentsshould be configured to be--pinentry-mode loopbackin order to "to pick up thegpg.passphrasevalue defined in Mavensettings.xml." and consequently avoid failures of the signing process (this was added with PR #122).But I just set up a Maven build that includes GPG signing and succeeds even tough the
--pinentry-mode loopbackarguments in themaven-gpg-pluginare not set.Therefore I wonder if these arguments are still necessary? Maybe due to updates to GPG or the version used in the GH runners or maybe there is some magic environment configuration in the GH runners themself? I'm neither very familiar with GPG nor with the GitHub Action runners, so I cannot tell.
I just noticed that it worked for me even for several builds without that configuration. Or have I just been lucky and could get the errors mentioned in the document in some day?
Task version:
v2
Platform:
Runner type:
Repro steps:
Set up a usual Maven build that includes gpg signing, but without specifying the
--pinentry-mode loopbackarguments for the gpg-process like I did here:https://github.com/axkr/symja_android_library/blob/master/symja_android_library/pom.xml
The GH-workflow used to perform the build is:
https://github.com/axkr/symja_android_library/blob/master/.github/workflows/maven-build-master-and-publish-snapshot.yml
Expected behavior:
Failure of the GPG signing process.
Actual behavior:
Signing completed successfully.