GPG Import fails for seemingly unknown reasons

[pathurs]

Expected behaviour

The GPG should be imported

Actual behaviour

The GPG Import throws incorrect email (I've confirmed it's correct), and if I don't set the email and uses the one in the private key, it fails to sign the commits, using semantic-release.

Configuration

• Repository URL (if public): https://github.com/Colonise/Config
• Build URL (if public): https://github.com/Colonise/Config/actions

name: Node.js CI

on:
  push:
    branches:
      - master
  pull_request:
    branches:
      - master

env:
  CI: true
  CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }}
  COLONISE_PACKAGE_NAME: ${{ secrets.COLONISE_PACKAGE_NAME }}
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
  GIT_AUTHOR_NAME: ${{ secrets.GIT_NAME }}
  GIT_AUTHOR_EMAIL: ${{ secrets.GIT_EMAIL }}
  GIT_COMMITTER_NAME: ${{ secrets.GIT_NAME }}
  GIT_COMMITTER_EMAIL: ${{ secrets.GIT_EMAIL }}

jobs:
  lint:
    name: Lint
    runs-on: ubuntu-latest

    steps:
    - name: Checkout Repository
      uses: actions/checkout@v2.3.3

    - name: Setup Node.js
      uses: actions/setup-node@v2.1.2
      with:
        node-version: 14

    - name: Install dependencies
      run: |
        # Run NPM Clean Install
        npm ci

    - name: Run Linters
      run: |
        # Run NPM lint script
        npm run lint

  build:
    name: Build
    needs: [lint]
    runs-on: ubuntu-latest

    strategy:
      matrix:
        node-version: [12.x, 13.x, 14.x]

    steps:
    - name: Checkout Repository
      uses: actions/checkout@v2.3.3

    - name: Setup Node.js
      uses: actions/setup-node@v2.1.2
      with:
        node-version: ${{ matrix.node-version }}

    - name: Install dependencies
      run: |
        # Run NPM Clean Install
        npm ci

    - name: Run Build
      run: |
        # Run NPM build script
        npm run build

  test:
    name: Test
    needs: [lint, build]
    runs-on: ubuntu-latest

    strategy:
      matrix:
        node-version: [12.x, 13.x, 14.x]

    steps:
    - name: Checkout Repository
      uses: actions/checkout@v2.3.3

    - name: Setup Node.js with ${{ matrix.node-version }}
      uses: actions/setup-node@v2.1.2
      with:
        node-version: ${{ matrix.node-version }}

    - name: Install dependencies
      run: |
        # Run NPM Clean Install
        npm ci

    - name: Run Unit Tests
      run: |
        # Run NPM test script
        npm run test

  coverage:
    name: Test Coverage
    needs: [lint, build, test]
    runs-on: ubuntu-latest

    steps:
    - name: Checkout Repository
      uses: actions/checkout@v2.3.3

    - name: Setup Node.js
      uses: actions/setup-node@v2.1.2
      with:
        node-version: 14

    - name: Install dependencies
      run: |
        # Run NPM Clean Install
        npm ci

    - name: Run Test Coverage and Code Climate
      uses: paambaati/codeclimate-action@v2.7.4
      with:
        coverageCommand: npm run coverage
        debug: true

  release:
    name: Release
    needs: [lint, build, test]
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v2.3.3

      - name: Setup Node.js
        uses: actions/setup-node@v2.1.2
        with:
          node-version: 14

      - name: Install dependencies
        run: npm ci

      - name: Run Build
        run: npm run distribute

      - name: Zip Build
        run: zip -r build.zip ./distribute/

      - name: Import GPG key
        uses: crazy-max/ghaction-import-gpg@v3.0.1
        with:
          gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
          passphrase: ${{ secrets.GPG_PASSPHRASE }}
          git-committer-name: ${{ secrets.GIT_NAME }}
          git-committer-email: ${{ secrets.GIT_EMAIL }}
          git-user-signingkey: true
          git-commit-gpgsign: true
          git-tag-gpgsign: true
          git-push-gpgsign: true

      - name: Run Semantic Release
        run: npx semantic-release

Logs

logs_180.zip

[pathurs]

I've solved the GPG problems (incorrect passphrase, silly me), but the email mismatch still baffles me.

[crazy-max]

@pathurs

but the email mismatch still baffles me.

Looks like email matches:

Otherwise the action would failed before 💎 Sign.

[pathurs]

@crazy-max Sorry for the confusion, I had been committing a few times to try and resolve the issue.

You can see in this run it has the git-committer stuff set, but it then complains about the mismatch. You can also see that my email is correct, since github is removing the email from the logs.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[razor-x]

@pathurs Did you ever find a solution? I am getting

Error: Committer email does not match GPG key user address

But this was all working fine on v2. I know the email has to be correct. Here is the diff of my upgrade

[pathurs]

@razor-x No, I just ended up trusting the automatically retrieved email. I assume there must be a a bug.

@crazy-max

[crazy-max]

@razor-x @pathurs I will take a look thanks for your feedback

[Xunnamius]

I also encountered this issue and found the problem. PR fix incoming 🚀

Verified working in my pipeline using uses: Xunnamius/ghaction-import-gpg@v3.0.2-pr.2 instead of uses: crazy-max/ghaction-import-gpg@v3