Skip to content

Use envOrDefault for GPG_PRIVATE_KEY_FILE environment variable #1409

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 17, 2025
Merged

Use envOrDefault for GPG_PRIVATE_KEY_FILE environment variable #1409

merged 1 commit into from
Apr 17, 2025

Conversation

hslatman
Copy link
Member

@hslatman hslatman commented Apr 16, 2025
edited
Loading

By using envOrDefault an issue is prevented in evaluating the template before a release is created. By setting the default value to ENV_VAR_GPG_PRIVATE_KEY_FILE_NOT_SET, this value is then shown in the error message at signing time.

The reason for changing this is so that it becomes possible to create local, unsigned (Linux package) releases when creating a release as follows:

goreleaser release --snapshot --clean --skip sign,after

Before the change (see #1404):

...
• linux packages
  ⨯ release failed after 6m39s               error=template: failed to apply "{{ .Env.GPG_PRIVATE_KEY_FILE }}": map has no entry for key "GPG_PRIVATE_KEY_FILE"

After (skipping sign):

...
  • linux packages
    • creating                                       package=step-cli format=deb arch=arm64v8.0 file=dist/step-cli_0.28.6~next-1_arm64.deb
    • creating                                       package=step-cli format=rpm arch=arm64v8.0 file=dist/step-cli-0.28.6~next-1.aarch64.rpm
    • creating                                       package=step-cli format=rpm arch=amd64v1 file=dist/step-cli-0.28.6~next-1.x86_64.rpm
    • creating                                       package=step-cli format=deb arch=amd64v1 file=dist/step-cli_0.28.6~next-1_amd64.deb
    • creating                                       package=step-cli format=rpm arch=amd64v1 file=dist/step-cli_amd64.rpm
    • creating                                       package=step-cli format=deb arch=arm64v8.0 file=dist/step-cli_arm64.deb
    • creating                                       package=step-cli format=rpm arch=arm64v8.0 file=dist/step-cli_arm64.rpm
    • creating                                       package=step-cli format=deb arch=amd64v1 file=dist/step-cli_amd64.deb
...
  • storing artifacts metadata
  • release succeeded after 27s
  • thanks for using GoReleaser Pro!

After (not skipping sign):

...
  • linux packages
    • creating                                       package=step-cli format=deb arch=arm64v8.0 file=dist/step-cli_0.28.6~next-1_arm64.deb
    • creating                                       package=step-cli format=deb arch=amd64v1 file=dist/step-cli_0.28.6~next-1_amd64.deb
    • creating                                       package=step-cli format=rpm arch=amd64v1 file=dist/step-cli-0.28.6~next-1.x86_64.rpm
    • creating                                       package=step-cli format=rpm arch=arm64v8.0 file=dist/step-cli-0.28.6~next-1.aarch64.rpm
  ⨯ release failed after 25s                 error=nfpm failed for step-cli-0.28.6~next-1.x86_64.rpm: failed to create signatures: call to signer failed: signing error: reading PGP key file: open ENV_VAR_GPG_PRIVATE_KEY_FILE_NOT_SET: no such file or directory

Note that it's still necessary to skip after, because that runs a script to upload artifacts to GCP.

Currently GoReleaser Pro is required when performing goreleaser release (as opposed to goreleaser build), because it's (currently) not possible to skip after in OSS when using a Pro config (and not skipping it results in a failure to push to GCP when gcloud is not available, or not authenticated):

  • your configuration specifies  pro: true
    explanation=
    │ Your configuration is for GoReleaser Pro.
    │ You are currently using GoReleaser OSS, so all the Pro-only features will be ignored.
    │ Use GoReleaser Pro to enable all the features.
  ⨯ release failed after 0s                  error=--skip=after is not allowed. Valid options for skip are [announce, archive, aur, aur-source, before, chocolatey, docker, homebrew, ko, nfpm, nix, notarize, publish, sbom, scoop, sign, snapcraft, validate, winget]

@hslatman
Use envOrDefault for GPG_PRIVATE_KEY_FILE environment variable
c60d625 
By using `envOrDefault` an issue is prevented in evaluating the
template before a release is created. By setting the default value
to `ENV_VAR_GPG_PRIVATE_KEY_FILE_NOT_SET`, this value is then shown
in the error message at signing time.

The reason for changing this is so that it becomes possible to
create local, unsigned releases when creating a release as follows:

 `goreleaser release --snapshot --clean --skip sign,after`
@hslatman hslatman marked this pull request as ready for review April 16, 2025 11:21
@github-actions github-actions bot added the needs triage Waiting for discussion / prioritization by team label Apr 16, 2025
@hslatman hslatman mentioned this pull request Apr 16, 2025
Open
@hslatman hslatman requested review from jdoss and tashian April 16, 2025 11:32
@hslatman hslatman added this to the v0.28.7 milestone Apr 16, 2025
@hslatman hslatman merged commit 1bf3d3b into master Apr 17, 2025
17 checks passed
@hslatman hslatman deleted the herman/goreleaser-improvements branch April 17, 2025 15:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tashian tashian tashian approved these changes

@jdoss jdoss Awaiting requested review from jdoss

Assignees
No one assigned
Labels
needs triage Waiting for discussion / prioritization by team
Projects
None yet
Milestone
v0.28.7
Development

Successfully merging this pull request may close these issues.
2 participants
@hslatman @tashian