gpg key imported but not trusted

[Jeff-Tian]

Description:
Set up gpg correctly, but in the mvn deploy step failed with message:

gpg: no default secret key: No secret key
[GNUPG:] FAILURE sign 17
gpg: signing failed: No secret key

Task version:
uses: actions/setup-java@v4

Platform:

• Ubuntu
• macOS
• Windows

Runner type:

• Hosted
• Self-hosted

Repro steps:
Repro link: https://github.com/Jeff-Tian/keycloak-services-social-weixin/actions/runs/10439001430/job/28907013626

Expected behavior:
Deploy success

Actual behavior:
Failed.

** Extra Info:**

After many runs with different debugging command, now it seems that the key imported but not trusted.

[priya-kinthali]

Hello @Jeff-Tian 👋,
Thank you for reporting this. We will investigate the issue and get back to you as soon as we have updates.

[Jeff-Tian]

Thanks @priya-kinthali for the reply! But never mind, now it's succeeded. I fount this one: #100 (comment), and tried using the gpg --armor --export-secret-keys xxx, and updated the secrets then it succeeded.

Although I don't understand why the so many previous runs were failed during the mvn deploy step. The difference is that I used the value of gpg --armor export xxxx instead the gpg --armor export-secert-keys xxxx. The tricky part is both of them work in the setup-java step, ideally it should failed in that step instead of failing afterwards.

[mahabaleshwars]

Hello @Jeff-Tian,

It appears that the issue has been resolved.

The difference between these commands is that gpg --armor export exports a public key in ASCII-armored format, whereas gpg --armor export-secret-keys exports a secret/private key in ASCII-armored format.
You will need to provide the secret key and passphrase for GPG to work.

Please feel free to reach out to us if you encounter any other issues.

[Jeff-Tian]

Thank you @mahabaleshwars !