Skip to content

fix: decode base64 PGP key before signing (KOJAK-35)#19

Merged
endrju19 merged 1 commit intomainfrom
fix/pgp-base64-decode
Apr 7, 2026
Merged

fix: decode base64 PGP key before signing (KOJAK-35)#19
endrju19 merged 1 commit intomainfrom
fix/pgp-base64-decode

Conversation

@endrju19
Copy link
Copy Markdown
Collaborator

@endrju19 endrju19 commented Apr 7, 2026

Summary

  • SML org-level PGP_SECRET is base64-encoded (sbt ci-release convention)
  • vanniktech expects raw ASCII-armored key
  • Added decode step in publish job before publishAndReleaseToMavenCentral
  • Key decoded in memory, written to $GITHUB_ENV, temp file removed

Context

v0.1.0 tag CI failed with: secret key ring doesn't start with secret key tag: tag 0xffffffff

Test plan

  • CI passes on this PR
  • After merge: tag v0.1.1, verify publish job succeeds

@endrju19
fix: decode base64 PGP key before signing
67eb35e 
SML org-level PGP_SECRET is base64-encoded (for sbt ci-release compat).
vanniktech expects raw ASCII-armored key. Decode in workflow step.
@endrju19 endrju19 merged commit 5de68f5 into main Apr 7, 2026
8 checks passed
@endrju19 endrju19 deleted the fix/pgp-base64-decode branch April 7, 2026 13:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@endrju19