Publish artifacts on bin tray on a tag push from travis
Closed this issue · 1 comments
tmnd1991 commented
While trying to setup travis to publish artifacts I got the following error:
[error] java.io.IOException: secret key ring doesn't start with secret key tag: tag 0xffffffff
[error] at org.bouncycastle.openpgp.PGPSecretKeyRing.<init>(Unknown Source)
[error] at com.jsuereth.pgp.SecretKeyRing$.load(SecretKeyRing.scala:49)
[error] at com.jsuereth.pgp.SecretKeyRing$.load(SecretKeyRing.scala:45)
[error] at com.jsuereth.pgp.StreamingLoadable.loadFromFile(StreamingLoadable.scala:11)
[error] at com.jsuereth.pgp.StreamingLoadable.loadFromFile$(StreamingLoadable.scala:11)
[error] at com.jsuereth.pgp.SecretKeyRing$.loadFromFile(SecretKeyRing.scala:45)
[error] at com.jsuereth.pgp.PGP$.loadSecretKeyRing(package.scala:31)
[error] at com.jsuereth.pgp.cli.PgpStaticContext.secretKeyRing(context.scala:27)
[error] at com.jsuereth.pgp.cli.PgpStaticContext.secretKeyRing$(context.scala:27)
[error] at com.typesafe.sbt.pgp.SbtPgpStaticContext.secretKeyRing(SbtPgpCommandContext.scala:9)
[error] at com.jsuereth.pgp.cli.DelegatingPgpStaticContext.secretKeyRing(context.scala:34)
[error] at com.jsuereth.pgp.cli.DelegatingPgpStaticContext.secretKeyRing$(context.scala:34)
[error] at com.typesafe.sbt.pgp.SbtPgpCommandContext.secretKeyRing(SbtPgpCommandContext.scala:14)
[error] at com.typesafe.sbt.pgp.BouncyCastlePgpSigner.$anonfun$keyId$1(PgpSigner.scala:37)
[error] at scala.runtime.java8.JFunction0$mcJ$sp.apply(JFunction0$mcJ$sp.java:12)
[error] at scala.Option.getOrElse(Option.scala:121)
[error] at com.typesafe.sbt.pgp.BouncyCastlePgpSigner.<init>(PgpSigner.scala:37)
[error] at com.typesafe.sbt.pgp.PgpSettings$.$anonfun$bcPgpSigner$1(PgpSettings.scala:111)
[error] at scala.Function1.$anonfun$compose$1(Function1.scala:44)
[error] at sbt.internal.util.$tilde$greater.$anonfun$$u2219$1(TypeFunctions.scala:40)
[error] at sbt.std.Transform$$anon$4.work(System.scala:67)
[error] at sbt.Execute.$anonfun$submit$2(Execute.scala:269)
[error] at sbt.internal.util.ErrorHandling$.wideConvert(ErrorHandling.scala:16)
[error] at sbt.Execute.work(Execute.scala:278)
[error] at sbt.Execute.$anonfun$submit$1(Execute.scala:269)
[error] at sbt.ConcurrentRestrictions$$anon$4.$anonfun$submitValid$1(ConcurrentRestrictions.scala:178)
[error] at sbt.CompletionService$$anon$2.call(CompletionService.scala:37)
[error] at java.util.concurrent.FutureTask.run(FutureTask.java:266)
[error] at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
[error] at java.util.concurrent.FutureTask.run(FutureTask.java:266)
[error] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
[error] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
[error] at java.lang.Thread.run(Thread.java:748)
[error] (Global / pgpSigner) java.io.IOException: secret key ring doesn't start with secret key tag: tag 0xffffffff
[error] Total time: 18 s, completed Feb 6, 2019 3:54:53 PM
I could not understand where the problem is coming from exactly but I think that the decrypted private key has some problems being used to sign artifacts on travis side. The same key (unencrypted) works well locally (osx and also on win).
The flow to use a private key inside travis without publishing it into the repository is the following:
- use
travis encrypt-file
from the cmd line to encrypt the desired file (only 1 file is admitted). This will create a secret that is used to encrypt and decrypt the file, the secret is stored inside travis and is not visible from the build logs. For us, the filerings.asc.tar.enc
is a tar containingpubring.asc
andsecring.asc
encrypted bytravis encrypt-file
. - Through the
before_install
step of.travis.yml
the tar file is decrypted torings.asc.tar
- Then
rings.asc.tar
is extracted locally - Then the
*.asc
files are copied to$HOME/.sbt/gpg/
- finally the commented script did the following in order to trigger publish only on tag push:
if [[ ! -z "$TRAVIS_TAG" ]]; then ./publish.sh; else ./make.sh; fi
tmnd1991 commented
Working!