Skip to content
This repository was archived by the owner on Jul 2, 2026. It is now read-only.

Commit 406d727

Browse files
authored
Fix release GitHub action (#126)
sbt-ci-release's setupGpg runs echo $PGP_SECRET | base64 --decode | gpg --import so it expects PGP_SECRET to be a base64-encoded blob. The existing GitHub PGP_SECRET secret instead holds the raw armored PGP key — the format Gradle's useInMemoryPgpKeys consumed before the SBT migration. The first release attempt after the migration therefore failed with java.lang.RuntimeException: base64: invalid input at com.geirsson.CiReleasePlugin$.setupGpg(CiReleasePlugin.scala:95) Re-encode the armored key to base64 inline in the workflow so the GitHub secret can stay in its current form (kept compatible with any other consumers) and the encoded value never lands in logs, files or GITHUB_ENV — it lives only in the publish step's shell process.
1 parent 30fa67e commit 406d727

1 file changed

Lines changed: 7 additions & 2 deletions

File tree

.github/workflows/release.yml

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -17,9 +17,14 @@ jobs:
1717
cache: 'sbt'
1818
- uses: sbt/setup-sbt@v1
1919
- name: Publish ${{ github.ref }}
20-
run: sbt ci-release
2120
env:
2221
SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
2322
SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
24-
PGP_SECRET: ${{ secrets.PGP_SECRET }}
23+
# The secret stores the armored PGP key (the format Gradle's
24+
# useInMemoryPgpKeys consumed). sbt-ci-release expects a base64
25+
# blob, so re-encode it inline before invoking sbt.
26+
PGP_SECRET_ARMORED: ${{ secrets.PGP_SECRET }}
2527
PGP_PASSPHRASE: ${{ secrets.PGP_PASSPHRASE }}
28+
run: |
29+
export PGP_SECRET="$(printf '%s' "$PGP_SECRET_ARMORED" | base64 -w0)"
30+
sbt ci-release

0 commit comments

Comments
 (0)