Add a note in the readme how to export a gpg key

[davideicardi]

This action can automatically configure gpg key if we set:

        gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
        gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase

But it is not clear for me what MAVEN_GPG_PRIVATE_KEY secret should contain. I have generated a gpg key in my local machine but how should I export it to be valid?
Maybe we can add a note in the readme?

thanks

[davideicardi]

Maybe we should export it using:

gpg --armor --export-secret-keys YOUR_ID

Right?

Can we just add something similar in the readme?

[ludans]

Maybe we should export it using:

gpg --armor --export-secret-keys YOUR_ID

Right?

Can we just add something similar in the readme?

this helped, thanks

[royi-frontegg]

This actually fixed a 2 day nerve wracking spiral of coding
How come this is not part of the docs?

[galderz]

Wow, this helped in a massive way! There's so many different ways to do all this gpg business, with plenty of guides out there having outdated info, e.g. https://terribletester.com/publishing-to-maven-central-and-github-packages-with-github-actions and https://zambrovski.medium.com/foss-ci-cd-with-github-actions-c65c37236c19. The big issue is that you go to the official guide (https://docs.github.com/en/free-pro-team@latest/actions/guides/publishing-java-packages-with-maven) and has no info whatsoever on the gpg requirements, so you end up trying to lookup things and you find outdated info.

To be more precise, one of those outdated external guides said to do:

gpg --export-secret-keys A1B2C3D4 | base64

I had my GPG key as a result of doing that, but then the GH action failed with no info whatsoever:

creating settings.xml with server-id: ossrh; environment variables: username=$MAVEN_USERNAME, *** and gpg-passphrase=$GPG_PASSPHRASE
writing /home/runner/.m2/settings.xml
importing private key
Error: The process '/usr/bin/gpg' failed with exit code 2

Why did it fail? No idea... and then I somehow came across this issue and exporting it with the command above meant it then at least went pass that stage...

But we're not out of the woods, then you get:

[INFO] --- maven-gpg-plugin:1.6:sign (sign-artifacts) @ qollider ---
[INFO] Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.20/plexus-utils-3.0.20.jar
[INFO] Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.20/plexus-utils-3.0.20.jar (243 kB at 8.7 MB/s)
gpg: signing failed: Inappropriate ioctl for device
gpg: signing failed: Inappropriate ioctl for device

This has been noted several times, like in #83, but yet again, no trace of this in the official guide... :(

[dmitry-shibanov]

Hello, everyone. I'm closing this issue, because documentation was updated in terms of this pull request. If you have any concerns feel free to reopen the issue.

[pgerhard]

The updated documentation reads

GPG key should be imported by: gpg --armor --export-secret-keys YOUR_ID

Is this correct? Based on the provided command I would have expected it to read

GPG key should be exported by: gpg --armor --export-secret-keys YOUR_ID