Publish artifacts on bin tray on a tag push from travis
Closed this issue · 1 comments
tmnd1991 commented
While trying to setup travis to publish artifacts I got the following error:
[error] java.io.IOException: secret key ring doesn't start with secret key tag: tag 0xffffffff
[error] at org.bouncycastle.openpgp.PGPSecretKeyRing.<init>(Unknown Source)
[error] at com.jsuereth.pgp.SecretKeyRing$.load(SecretKeyRing.scala:49)
[error] at com.jsuereth.pgp.SecretKeyRing$.load(SecretKeyRing.scala:45)
[error] at com.jsuereth.pgp.StreamingLoadable.loadFromFile(StreamingLoadable.scala:11)
[error] at com.jsuereth.pgp.StreamingLoadable.loadFromFile$(StreamingLoadable.scala:11)
[error] at com.jsuereth.pgp.SecretKeyRing$.loadFromFile(SecretKeyRing.scala:45)
[error] at com.jsuereth.pgp.PGP$.loadSecretKeyRing(package.scala:31)
[error] at com.jsuereth.pgp.cli.PgpStaticContext.secretKeyRing(context.scala:27)
[error] at com.jsuereth.pgp.cli.PgpStaticContext.secretKeyRing$(context.scala:27)
[error] at com.typesafe.sbt.pgp.SbtPgpStaticContext.secretKeyRing(SbtPgpCommandContext.scala:9)
[error] at com.jsuereth.pgp.cli.DelegatingPgpStaticContext.secretKeyRing(context.scala:34)
[error] at com.jsuereth.pgp.cli.DelegatingPgpStaticContext.secretKeyRing$(context.scala:34)
[error] at com.typesafe.sbt.pgp.SbtPgpCommandContext.secretKeyRing(SbtPgpCommandContext.scala:14)
[error] at com.typesafe.sbt.pgp.BouncyCastlePgpSigner.$anonfun$keyId$1(PgpSigner.scala:37)
[error] at scala.runtime.java8.JFunction0$mcJ$sp.apply(JFunction0$mcJ$sp.java:12)
[error] at scala.Option.getOrElse(Option.scala:121)
[error] at com.typesafe.sbt.pgp.BouncyCastlePgpSigner.<init>(PgpSigner.scala:37)
[error] at com.typesafe.sbt.pgp.PgpSettings$.$anonfun$bcPgpSigner$1(PgpSettings.scala:111)
[error] at scala.Function1.$anonfun$compose$1(Function1.scala:44)
[error] at sbt.internal.util.$tilde$greater.$anonfun$$u2219$1(TypeFunctions.scala:40)
[error] at sbt.std.Transform$$anon$4.work(System.scala:67)
[error] at sbt.Execute.$anonfun$submit$2(Execute.scala:269)
[error] at sbt.internal.util.ErrorHandling$.wideConvert(ErrorHandling.scala:16)
[error] at sbt.Execute.work(Execute.scala:278)
[error] at sbt.Execute.$anonfun$submit$1(Execute.scala:269)
[error] at sbt.ConcurrentRestrictions$$anon$4.$anonfun$submitValid$1(ConcurrentRestrictions.scala:178)
[error] at sbt.CompletionService$$anon$2.call(CompletionService.scala:37)
[error] at java.util.concurrent.FutureTask.run(FutureTask.java:266)
[error] at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
[error] at java.util.concurrent.FutureTask.run(FutureTask.java:266)
[error] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
[error] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
[error] at java.lang.Thread.run(Thread.java:748)
[error] (Global / pgpSigner) java.io.IOException: secret key ring doesn't start with secret key tag: tag 0xffffffff
[error] Total time: 18 s, completed Feb 6, 2019 3:54:53 PM
I could not understand where the problem is coming from exactly but I think that the decrypted private key has some problems being used to sign artifacts on travis side. The same key (unencrypted) works well locally (osx and also on win).
The flow to use a private key inside travis without publishing it into the repository is the following:
- use
travis encrypt-filefrom the cmd line to encrypt the desired file (only 1 file is admitted). This will create a secret that is used to encrypt and decrypt the file, the secret is stored inside travis and is not visible from the build logs. For us, the filerings.asc.tar.encis a tar containingpubring.ascandsecring.ascencrypted bytravis encrypt-file. - Through the
before_installstep of.travis.ymlthe tar file is decrypted torings.asc.tar - Then
rings.asc.taris extracted locally - Then the
*.ascfiles are copied to$HOME/.sbt/gpg/ - finally the commented script did the following in order to trigger publish only on tag push:
if [[ ! -z "$TRAVIS_TAG" ]]; then ./publish.sh; else ./make.sh; fi
tmnd1991 commented
Working!