No releases for v1.9.17 or v1.9.18 tags

[stevedlawrence]

Tags have been created for v1.9.17 and v1.9.18 but no releases have been created, in either the GitHub releases (https://github.com/sbt/sbt-native-packager/releases) or published to the maven repos (https://central.sonatype.com/artifact/com.github.sbt/sbt-native-packager)

It looks like the github actions failed due to a gpg issue with sbt-ci-release:

v1.9.17: https://github.com/sbt/sbt-native-packager/actions/runs/5641807357/job/15280486680

v1.9.18: https://github.com/sbt/sbt-native-packager/actions/runs/5642779942/job/15283307724

[ekrich]

Looks like those job logs need to be a gist in the future.

[TheElectronWill]

What can be done to get the last version of sbt-native-packager for the last version of sbt? Should I add a dependency on the Github repo?

[dwickern]

@muuki88 do you mind if I tag a new release?

[muuki88]

@dwickern please do ❤️❤️

[dwickern]

@muuki88 I'm trying to figure out the release workflow. It looks like we make a release by pushing a tag like v1.9.19. Unfortunately I don't have permission to push tags.

[muuki88]

The issue seems to be that the release doesn't work anymore

[info] gpg: no default secret key: No secret key
[info] gpg: signing failed: No secret key
[error] java.lang.RuntimeException: Failure running 'gpg --batch --pinentry-mode loopback --passphrase *** --detach-sign --armor --use-agent --output /home/runner/work/sbt-native-packager/sbt-native-packager/target/scala-2.12/sbt-1.0/sbt-native-packager_2.12_1.0.pom.asc /home/runner/work/sbt-native-packager/sbt-native-packager/target/scala-2.12/sbt-1.0/sbt-native-packager_2.12_1.0.pom'.  Exit code: 2
[error] 	at scala.sys.package$.error(package.scala:30)
[error] 	at com.jsuereth.sbtpgp.CommandLineGpgSigner.sign(PgpSigner.scala:74)
[error] 	at com.jsuereth.sbtpgp.PgpSettings$.$anonfun$signingSettings$2(PgpSettings.scala:151)
[error] 	at scala.collection.TraversableLike.$anonfun$flatMap$1(TraversableLike.scala:293)
[error] 	at scala.collection.immutable.HashMap$HashMap1.foreach(HashMap.scala:400)
[error] 	at scala.collection.immutable.HashMap$HashTrieMap.foreach(HashMap.scala:728)
[error] 	at scala.collection.TraversableLike.flatMap(TraversableLike.scala:293)
[error] 	at scala.collection.TraversableLike.flatMap$(TraversableLike.scala:290)
[error] 	at scala.collection.AbstractTraversable.flatMap(Traversable.scala:108)
[error] 	at com.jsuereth.sbtpgp.PgpSettings$.$anonfun$signingSettings$1(PgpSettings.scala:146)
[error] 	at scala.Function1.$anonfun$compose$1(Function1.scala:49)
[error] 	at sbt.internal.util.$tilde$greater.$anonfun$$u2219$1(TypeFunctions.scala:62)
[error] 	at sbt.std.Transform$$anon$4.work(Transform.scala:68)
[error] 	at sbt.Execute.$anonfun$submit$2(Execute.scala:282)
[error] 	at sbt.internal.util.ErrorHandling$.wideConvert(ErrorHandling.scala:23)
[error] 	at sbt.Execute.work(Execute.scala:291)
[error] 	at sbt.Execute.$anonfun$submit$1(Execute.scala:282)
[error] 	at sbt.ConcurrentRestrictions$$anon$4.$anonfun$submitValid$1(ConcurrentRestrictions.scala:265)
[error] 	at sbt.CompletionService$$anon$2.call(CompletionService.scala:64)
[error] 	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
[error] 	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
[error] 	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
[error] 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
[error] 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
[error] 	at java.lang.Thread.run(Thread.java:748)
[error] (signedArtifacts) Failure running 'gpg --batch --pinentry-mode loopback --passphrase *** --detach-sign --armor --use-agent --output /home/runner/work/sbt-native-packager/sbt-native-packager/target/scala-2.12/sbt-1.0/sbt-native-packager_2.12_1.0.pom.asc /home/runner/work/sbt-native-packager/sbt-native-packager/target/scala-2.12/sbt-1.0/sbt-native-packager_2.12_1.0.pom'.  Exit code: 2
[error] Total time: 26 s, completed Mar 21, 2024 8:11:45 AM

https://github.com/sbt/sbt-native-packager/actions/runs/8371636269/job/22921031611#step:6:1091

[muuki88]

I started working on upgrading all dependencies and got stuck by sbt/sbt-ghpages#132

@dwickern you should now have permissions to push tags

[dwickern]

I think #1566 will unblock the release

[mkurz]

Tags are now pushed so this ticket can be closed 👍 (sorry I was wrong, see next comment)

@muuki88 Please look at

• Upgrade sbt, scala and sbt-ci-release to avoid deprecated repo.scala-sbt.org #1566

I think it fixes the problems you experience.

[mkurz]

Sorry, I was wrong... I thought this issue is about pushing the missing tags, but I see that the tags are here but the releases are not:

• https://repo1.maven.org/maven2/com/github/sbt/sbt-native-packager_2.12_1.0/maven-metadata.xml

Sorry!

[ekrich]

I have removed tags before and re-added them to force a new publish.

[arashi01]

@ekrich There still doesn't seem to be any version published after 1.9.16

[ekrich]

I didn't mean on this repo. I just meant that the tags can be removed and tagged again if that helps for publishing the versions that didn't "really" get published.

[mkurz]

I hope after merging #1566 (which upgrades sbt-ci-release to the latest version) new releases will go through...

[dwickern]

@dwickern you should now have permissions to push tags

I'm still not able to. @muuki88 if you could push a new tag, we'll see if the release action is working now.

[muuki88]

I'll check the permissions 🫠

[muuki88]

@dwickern you have maintain writes and should work. There are not tag protection rules

[muuki88]

I just pushed v1.10.0 - hope for the best 🙏

[muuki88]

https://github.com/sbt/sbt-native-packager/actions/runs/8659945418/job/23746832718

[info] set current project to sbt-native-packager (in build file:/home/runner/work/sbt-native-packager/sbt-native-packager/)
Running ci-release.
  branch=refs/tags/v1.10.0
gpg (GnuPG) 2.2.19
java.lang.RuntimeException: base64: invalid input
	at com.geirsson.PipeFail$PipeFailOps.$hash$bar$bang(PipeFail.scala:28)
	at com.geirsson.CiReleasePlugin$.setupGpg(CiReleasePlugin.scala:96)
	at com.geirsson.CiReleasePlugin$.$anonfun$globalSettings$4(CiReleasePlugin.scala:144)

not entirely as planned 😢

[mkurz]

@muuki88 Did you change the secrets in https://github.com/sbt/sbt-native-packager/settings/secrets/actions?

[mkurz]

Looks like they are availabe but not correctly encoded?

Run sbt ci-release
  sbt ci-release
  shell: /usr/bin/bash -e {0}
  env:
    CI: true
    JAVA_HOME: /home/runner/.jabba/jdk/[email protected]
    PGP_PASSPHRASE: ***
    PGP_SECRET: ***
    SONATYPE_PASSWORD: ***
    SONATYPE_USERNAME: ***

[mkurz]

See https://github.com/sbt/sbt-ci-release?tab=readme-ov-file#secrets and further

PGP_PASSPHRASE: The randomly generated password you used to create a fresh gpg key.

Did you add your own pgp key or did Eugene add one?

[muuki88]

@mkurz this one I created for sbt-native-packager only. I'll check it

[mkurz]

Hmm yeah I just checked, yours was used for the 1.9.16 release:

$ wget https://repo1.maven.org/maven2/com/github/sbt/sbt-native-packager_2.12_1.0/1.9.16/sbt-native-packager-1.9.16.jar.asc
...

$ wget https://repo1.maven.org/maven2/com/github/sbt/sbt-native-packager_2.12_1.0/1.9.16/sbt-native-packager-1.9.16.jar
...

$ gpg --verify sbt-native-packager-1.9.16.jar.asc sbt-native-packager-1.9.16.jar
gpg: Signature made Mo 20 Feb 2023 18:51:13 CET
gpg:                using RSA key 804B121465E4D6F46817FFB56B36C28F8F2C3E51
gpg: Can't check signature: No public key

$ gpg --keyserver pgp.mit.edu --recv-key 804B121465E4D6F46817FFB56B36C28F8F2C3E51
gpg: key 6B36C28F8F2C3E51: public key "sbt-native-packager ci release bot <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1

[mkurz]

This is where it's failing, the setupGpg method:
https://github.com/sbt/sbt-ci-release/blob/v1.5.12/plugin/src/main/scala/com/geirsson/CiReleasePlugin.scala#L85-L97

[mkurz]

@muuki88 Maybe also first try to clean the caches?
https://github.com/sbt/sbt-native-packager/actions/caches

[mkurz]

There had to be some change in the environment after the 1.9.16 release, because 1.9.17 started to fail:
https://github.com/sbt/sbt-native-packager/actions/workflows/release.yml
Also there was not related change the publishing in 1.9.17:
v1.9.16...v1.9.17

[mkurz]

@muuki88 I am pretty sure you just have to update the PGP_SECRET secret following the docs: https://github.com/sbt/sbt-ci-release?tab=readme-ov-file#secrets

There was an issue: sbt/sbt-ci-release#226

[mkurz]

Just be aware of: https://github.com/sbt/sbt-ci-release/pull/230/files

[mkurz]

@muuki88 It seems the PGP_SECRET contains an invalid character, I can reproduce the error with:

$ echo "%" | base64 --decode
base64: invalid input

[muuki88]

I created anew pgp key and updated the key according to the instructions (thanks for the hint with zsh, I like triple checked this ), but the error remains.

gpg --armor --export-secret-keys 21E544EF6876D582ED5498E9745A8C6ED65E9E2D | base64 | base64 --decode

this does also work.

There had to be some change in the environment after the 1.9.16 release, because 1.9.17 started to fail:

The last PGP key expired last year. Probably this is the reason why things started to fail.

[mkurz]

Can you try to use

gpg --armor --export-secret-keys 21E544EF6876D582ED5498E9745A8C6ED65E9E2D | base64 | sed -z 's;\n;;g'

?
It removes all the new lines, this is what I am using (under arch linux)

[muuki88]

Running all the commands from the sbt ci plugin works locally for me. This is weird.

It removes all the new lines, this is what I am using (under arch linux)

Yeah... it just did that as well (but without the cool sed magic 😄 )

[mkurz]

Are you on Windows, macOS, Linux?

[muuki88]

Linux

[mkurz]

It's working now!!! https://github.com/sbt/sbt-native-packager/actions/runs/8660949696/job/23749860386
🥳 🥳 🥳 🥳
What did you do in the end? Using sed?

[muuki88]

Basically yes 👍 However with this helper 😅 https://plugins.jetbrains.com/plugin/2162-string-manipulation

[mkurz]

Next problem:

2024-04-12 10:55:22.857Z error [SonatypeClient] Activity name:close, started:2024-04-12T10:54:12.608Z  - (SonatypeClient.scala:466)
2024-04-12 10:55:22.858Z error [SonatypeClient]     Failed: signature-staging, failureMessage:No public key: Key with id: (745a8c6ed65e9e2d) was not able to be located on <a href="http://pgp.mit.edu:11371/">http://pgp.mit.edu:11371/</a>. Upload your public key and try the operation again.  - (SonatypeClient.scala:384)
2024-04-12 10:55:22.859Z error [Sonatype] [STAGE_FAILURE] Failed to close the repository.  - (Sonatype.scala:440)

You need to submit your key, see screenshot:

• https://github.com/sbt/sbt-ci-release?tab=readme-ov-file#gpg
• https://keyserver.ubuntu.com/#submitKey

[mkurz]

Sorry do this:

gpg --keyserver hkp://keyserver.ubuntu.com --send-key 21E544EF6876D582ED5498E9745A8C6ED65E9E2D && \
 gpg --keyserver hkp://pgp.mit.edu --send-key 21E544EF6876D582ED5498E9745A8C6ED65E9E2D && \
 gpg --keyserver hkp://pool.sks-keyservers.net --send-key 21E544EF6876D582ED5498E9745A8C6ED65E9E2D

[muuki88]

You are too good to me 😂 Thanks a lot. I'll be out now .

v1.10.3 - three times the charm!

[mkurz]

Alright, here we go. 1.10.0 got published (first release since 14 months!)

• https://repo1.maven.org/maven2/com/github/sbt/sbt-native-packager_2.12_1.0/maven-metadata.xml
• https://repo1.maven.org/maven2/com/github/sbt/sbt-native-packager_2.12_1.0/1.10.0/

So... why 1.10.0 and not 1.10.3... That is because sbt-ci-release is using sbt-dynver to detect the latest tag, but if multiple tags point to the same commit then sbt-dynver has a hard time to figure out the correct order. This is a known issue:

• ✨ Select highest tag when there are sibling tags sbt-dynver#279
• will be fixed soon: Selects wrong version if multiple lightweight tags point to the same commit sbt-dynver#238

Anyway, for us here it does not matter, it's even nicer to have a nice version number now 😉

@dwickern @muuki88 You probably want to publish a GitHub release: https://github.com/sbt/sbt-native-packager/releases

[mkurz]

@dwickern @muuki88 After you published the GitHub release, you can close this issue.

Also the publish process failed to push the github pages: https://github.com/sbt/sbt-native-packager/actions/runs/8661198045/job/23750625200

I opened

• sbt ghpagesPushSite failed for the 1.10.0 release #1597

for that

[muuki88]

Thanks a lot for @mkurz and also @dwickern for your time and patience🙏😊🥰🦄✨

[dwickern]

I set v1.10.0 as the latest release. Thanks everyone for helping to make this happen! 🎉

So... why 1.10.0 and not 1.10.3... That is because sbt-ci-release is using sbt-dynver to detect the latest tag, but if multiple tags point to the same commit then sbt-dynver has a hard time to figure out the correct order. This is a known issue:

In theory, the GH action knows which tag triggered it, so we could pass it as an argument or environment variable to sbt. But it's not a big deal either way.