Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

No releases for v1.9.17 or v1.9.18 tags #1555

Closed
stevedlawrence opened this issue Oct 12, 2023 · 44 comments
Closed

No releases for v1.9.17 or v1.9.18 tags #1555

stevedlawrence opened this issue Oct 12, 2023 · 44 comments
Labels

Comments

@stevedlawrence
Copy link
Contributor

Tags have been created for v1.9.17 and v1.9.18 but no releases have been created, in either the GitHub releases (https://github.com/sbt/sbt-native-packager/releases) or published to the maven repos (https://central.sonatype.com/artifact/com.github.sbt/sbt-native-packager)

It looks like the github actions failed due to a gpg issue with sbt-ci-release:

v1.9.17: https://github.com/sbt/sbt-native-packager/actions/runs/5641807357/job/15280486680

v1.9.18: https://github.com/sbt/sbt-native-packager/actions/runs/5642779942/job/15283307724

@ekrich
Copy link

ekrich commented Jan 10, 2024

Looks like those job logs need to be a gist in the future.

@TheElectronWill
Copy link

What can be done to get the last version of sbt-native-packager for the last version of sbt? Should I add a dependency on the Github repo?

@dwickern
Copy link
Collaborator

@muuki88 do you mind if I tag a new release?

@muuki88
Copy link
Contributor

muuki88 commented Mar 15, 2024

@dwickern please do ❤️❤️

@dwickern
Copy link
Collaborator

@muuki88 I'm trying to figure out the release workflow. It looks like we make a release by pushing a tag like v1.9.19. Unfortunately I don't have permission to push tags.

@muuki88 muuki88 added the bug label Mar 21, 2024
@muuki88
Copy link
Contributor

muuki88 commented Mar 21, 2024

The issue seems to be that the release doesn't work anymore

[info] gpg: no default secret key: No secret key
[info] gpg: signing failed: No secret key
[error] java.lang.RuntimeException: Failure running 'gpg --batch --pinentry-mode loopback --passphrase *** --detach-sign --armor --use-agent --output /home/runner/work/sbt-native-packager/sbt-native-packager/target/scala-2.12/sbt-1.0/sbt-native-packager_2.12_1.0.pom.asc /home/runner/work/sbt-native-packager/sbt-native-packager/target/scala-2.12/sbt-1.0/sbt-native-packager_2.12_1.0.pom'.  Exit code: 2
[error] 	at scala.sys.package$.error(package.scala:30)
[error] 	at com.jsuereth.sbtpgp.CommandLineGpgSigner.sign(PgpSigner.scala:74)
[error] 	at com.jsuereth.sbtpgp.PgpSettings$.$anonfun$signingSettings$2(PgpSettings.scala:151)
[error] 	at scala.collection.TraversableLike.$anonfun$flatMap$1(TraversableLike.scala:293)
[error] 	at scala.collection.immutable.HashMap$HashMap1.foreach(HashMap.scala:400)
[error] 	at scala.collection.immutable.HashMap$HashTrieMap.foreach(HashMap.scala:728)
[error] 	at scala.collection.TraversableLike.flatMap(TraversableLike.scala:293)
[error] 	at scala.collection.TraversableLike.flatMap$(TraversableLike.scala:290)
[error] 	at scala.collection.AbstractTraversable.flatMap(Traversable.scala:108)
[error] 	at com.jsuereth.sbtpgp.PgpSettings$.$anonfun$signingSettings$1(PgpSettings.scala:146)
[error] 	at scala.Function1.$anonfun$compose$1(Function1.scala:49)
[error] 	at sbt.internal.util.$tilde$greater.$anonfun$$u2219$1(TypeFunctions.scala:62)
[error] 	at sbt.std.Transform$$anon$4.work(Transform.scala:68)
[error] 	at sbt.Execute.$anonfun$submit$2(Execute.scala:282)
[error] 	at sbt.internal.util.ErrorHandling$.wideConvert(ErrorHandling.scala:23)
[error] 	at sbt.Execute.work(Execute.scala:291)
[error] 	at sbt.Execute.$anonfun$submit$1(Execute.scala:282)
[error] 	at sbt.ConcurrentRestrictions$$anon$4.$anonfun$submitValid$1(ConcurrentRestrictions.scala:265)
[error] 	at sbt.CompletionService$$anon$2.call(CompletionService.scala:64)
[error] 	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
[error] 	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
[error] 	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
[error] 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
[error] 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
[error] 	at java.lang.Thread.run(Thread.java:748)
[error] (signedArtifacts) Failure running 'gpg --batch --pinentry-mode loopback --passphrase *** --detach-sign --armor --use-agent --output /home/runner/work/sbt-native-packager/sbt-native-packager/target/scala-2.12/sbt-1.0/sbt-native-packager_2.12_1.0.pom.asc /home/runner/work/sbt-native-packager/sbt-native-packager/target/scala-2.12/sbt-1.0/sbt-native-packager_2.12_1.0.pom'.  Exit code: 2
[error] Total time: 26 s, completed Mar 21, 2024 8:11:45 AM

https://github.com/sbt/sbt-native-packager/actions/runs/8371636269/job/22921031611#step:6:1091

@muuki88
Copy link
Contributor

muuki88 commented Mar 21, 2024

I started working on upgrading all dependencies and got stuck by sbt/sbt-ghpages#132

@dwickern you should now have permissions to push tags

@dwickern
Copy link
Collaborator

I think #1566 will unblock the release

@mkurz
Copy link
Member

mkurz commented Mar 22, 2024

Tags are now pushed so this ticket can be closed 👍 (sorry I was wrong, see next comment)

@muuki88 Please look at

I think it fixes the problems you experience.

@mkurz
Copy link
Member

mkurz commented Mar 22, 2024

Sorry, I was wrong... I thought this issue is about pushing the missing tags, but I see that the tags are here but the releases are not:

Sorry!

@ekrich
Copy link

ekrich commented Mar 22, 2024

I have removed tags before and re-added them to force a new publish.

@arashi01
Copy link

@ekrich There still doesn't seem to be any version published after 1.9.16

@ekrich
Copy link

ekrich commented Mar 31, 2024

I didn't mean on this repo. I just meant that the tags can be removed and tagged again if that helps for publishing the versions that didn't "really" get published.

@mkurz
Copy link
Member

mkurz commented Apr 11, 2024

I hope after merging #1566 (which upgrades sbt-ci-release to the latest version) new releases will go through...

@dwickern
Copy link
Collaborator

@dwickern you should now have permissions to push tags

I'm still not able to. @muuki88 if you could push a new tag, we'll see if the release action is working now.

@muuki88
Copy link
Contributor

muuki88 commented Apr 11, 2024

I'll check the permissions 🫠

@muuki88
Copy link
Contributor

muuki88 commented Apr 12, 2024

@dwickern you have maintain writes and should work. There are not tag protection rules

@muuki88
Copy link
Contributor

muuki88 commented Apr 12, 2024

I just pushed v1.10.0 - hope for the best 🙏

@muuki88
Copy link
Contributor

muuki88 commented Apr 12, 2024

https://github.com/sbt/sbt-native-packager/actions/runs/8659945418/job/23746832718

[info] set current project to sbt-native-packager (in build file:/home/runner/work/sbt-native-packager/sbt-native-packager/)
Running ci-release.
  branch=refs/tags/v1.10.0
gpg (GnuPG) 2.2.19
java.lang.RuntimeException: base64: invalid input
	at com.geirsson.PipeFail$PipeFailOps.$hash$bar$bang(PipeFail.scala:28)
	at com.geirsson.CiReleasePlugin$.setupGpg(CiReleasePlugin.scala:96)
	at com.geirsson.CiReleasePlugin$.$anonfun$globalSettings$4(CiReleasePlugin.scala:144)

not entirely as planned 😢

@mkurz
Copy link
Member

mkurz commented Apr 12, 2024

@mkurz
Copy link
Member

mkurz commented Apr 12, 2024

Looks like they are availabe but not correctly encoded?


Run sbt ci-release
  sbt ci-release
  shell: /usr/bin/bash -e {0}
  env:
    CI: true
    JAVA_HOME: /home/runner/.jabba/jdk/[email protected]
    PGP_PASSPHRASE: ***
    PGP_SECRET: ***
    SONATYPE_PASSWORD: ***
    SONATYPE_USERNAME: ***

@mkurz
Copy link
Member

mkurz commented Apr 12, 2024

See https://github.com/sbt/sbt-ci-release?tab=readme-ov-file#secrets and further

PGP_PASSPHRASE: The randomly generated password you used to create a fresh gpg key.

Did you add your own pgp key or did Eugene add one?

@muuki88
Copy link
Contributor

muuki88 commented Apr 12, 2024

@mkurz this one I created for sbt-native-packager only. I'll check it

@mkurz
Copy link
Member

mkurz commented Apr 12, 2024

Hmm yeah I just checked, yours was used for the 1.9.16 release:

$ wget https://repo1.maven.org/maven2/com/github/sbt/sbt-native-packager_2.12_1.0/1.9.16/sbt-native-packager-1.9.16.jar.asc
...

$ wget https://repo1.maven.org/maven2/com/github/sbt/sbt-native-packager_2.12_1.0/1.9.16/sbt-native-packager-1.9.16.jar
...

$ gpg --verify sbt-native-packager-1.9.16.jar.asc sbt-native-packager-1.9.16.jar
gpg: Signature made Mo 20 Feb 2023 18:51:13 CET
gpg:                using RSA key 804B121465E4D6F46817FFB56B36C28F8F2C3E51
gpg: Can't check signature: No public key

$ gpg --keyserver pgp.mit.edu --recv-key 804B121465E4D6F46817FFB56B36C28F8F2C3E51
gpg: key 6B36C28F8F2C3E51: public key "sbt-native-packager ci release bot <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1

@mkurz
Copy link
Member

mkurz commented Apr 12, 2024

@mkurz
Copy link
Member

mkurz commented Apr 12, 2024

@muuki88 Maybe also first try to clean the caches?
https://github.com/sbt/sbt-native-packager/actions/caches

@mkurz
Copy link
Member

mkurz commented Apr 12, 2024

There had to be some change in the environment after the 1.9.16 release, because 1.9.17 started to fail:
https://github.com/sbt/sbt-native-packager/actions/workflows/release.yml
Also there was not related change the publishing in 1.9.17:
v1.9.16...v1.9.17

@mkurz
Copy link
Member

mkurz commented Apr 12, 2024

@muuki88 I am pretty sure you just have to update the PGP_SECRET secret following the docs: https://github.com/sbt/sbt-ci-release?tab=readme-ov-file#secrets

There was an issue: sbt/sbt-ci-release#226

@mkurz
Copy link
Member

mkurz commented Apr 12, 2024

@mkurz
Copy link
Member

mkurz commented Apr 12, 2024

@muuki88 It seems the PGP_SECRET contains an invalid character, I can reproduce the error with:

$ echo "%" | base64 --decode
base64: invalid input

@muuki88
Copy link
Contributor

muuki88 commented Apr 12, 2024

I created anew pgp key and updated the key according to the instructions (thanks for the hint with zsh, I like triple checked this ), but the error remains.

gpg --armor --export-secret-keys 21E544EF6876D582ED5498E9745A8C6ED65E9E2D | base64 | base64 --decode

this does also work.

There had to be some change in the environment after the 1.9.16 release, because 1.9.17 started to fail:

The last PGP key expired last year. Probably this is the reason why things started to fail.

@mkurz
Copy link
Member

mkurz commented Apr 12, 2024

Can you try to use

gpg --armor --export-secret-keys 21E544EF6876D582ED5498E9745A8C6ED65E9E2D | base64 | sed -z 's;\n;;g'

?
It removes all the new lines, this is what I am using (under arch linux)

@muuki88
Copy link
Contributor

muuki88 commented Apr 12, 2024

Running all the commands from the sbt ci plugin works locally for me. This is weird.

It removes all the new lines, this is what I am using (under arch linux)

Yeah... it just did that as well (but without the cool sed magic 😄 )

@mkurz
Copy link
Member

mkurz commented Apr 12, 2024

Are you on Windows, macOS, Linux?

@muuki88
Copy link
Contributor

muuki88 commented Apr 12, 2024

Linux

@mkurz
Copy link
Member

mkurz commented Apr 12, 2024

It's working now!!! https://github.com/sbt/sbt-native-packager/actions/runs/8660949696/job/23749860386
🥳 🥳 🥳 🥳
What did you do in the end? Using sed?

@muuki88
Copy link
Contributor

muuki88 commented Apr 12, 2024

Basically yes 👍 However with this helper 😅 https://plugins.jetbrains.com/plugin/2162-string-manipulation

@mkurz
Copy link
Member

mkurz commented Apr 12, 2024

Next problem:

2024-04-12 10:55:22.857Z error [SonatypeClient] Activity name:close, started:2024-04-12T10:54:12.608Z  - (SonatypeClient.scala:466)
2024-04-12 10:55:22.858Z error [SonatypeClient]     Failed: signature-staging, failureMessage:No public key: Key with id: (745a8c6ed65e9e2d) was not able to be located on <a href="http://pgp.mit.edu:11371/">http://pgp.mit.edu:11371/</a>. Upload your public key and try the operation again.  - (SonatypeClient.scala:384)
2024-04-12 10:55:22.859Z error [Sonatype] [STAGE_FAILURE] Failed to close the repository.  - (Sonatype.scala:440)

You need to submit your key, see screenshot:

@mkurz
Copy link
Member

mkurz commented Apr 12, 2024

Sorry do this:

gpg --keyserver hkp://keyserver.ubuntu.com --send-key 21E544EF6876D582ED5498E9745A8C6ED65E9E2D && \
 gpg --keyserver hkp://pgp.mit.edu --send-key 21E544EF6876D582ED5498E9745A8C6ED65E9E2D && \
 gpg --keyserver hkp://pool.sks-keyservers.net --send-key 21E544EF6876D582ED5498E9745A8C6ED65E9E2D

@muuki88
Copy link
Contributor

muuki88 commented Apr 12, 2024

You are too good to me 😂 Thanks a lot. I'll be out now .

v1.10.3 - three times the charm!

@mkurz
Copy link
Member

mkurz commented Apr 12, 2024

Alright, here we go. 1.10.0 got published (first release since 14 months!)

So... why 1.10.0 and not 1.10.3... That is because sbt-ci-release is using sbt-dynver to detect the latest tag, but if multiple tags point to the same commit then sbt-dynver has a hard time to figure out the correct order. This is a known issue:

Anyway, for us here it does not matter, it's even nicer to have a nice version number now 😉

@dwickern @muuki88 You probably want to publish a GitHub release: https://github.com/sbt/sbt-native-packager/releases

@mkurz
Copy link
Member

mkurz commented Apr 12, 2024

@dwickern @muuki88 After you published the GitHub release, you can close this issue.

Also the publish process failed to push the github pages: https://github.com/sbt/sbt-native-packager/actions/runs/8661198045/job/23750625200

I opened

for that

@muuki88
Copy link
Contributor

muuki88 commented Apr 12, 2024

Thanks a lot for @mkurz and also @dwickern for your time and patience🙏😊🥰🦄✨

@dwickern
Copy link
Collaborator

I set v1.10.0 as the latest release. Thanks everyone for helping to make this happen! 🎉

So... why 1.10.0 and not 1.10.3... That is because sbt-ci-release is using sbt-dynver to detect the latest tag, but if multiple tags point to the same commit then sbt-dynver has a hard time to figure out the correct order. This is a known issue:

In theory, the GH action knows which tag triggered it, so we could pass it as an argument or environment variable to sbt. But it's not a big deal either way.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

7 participants