Signed tags create a parse error

[PurpleBooth]

If tags are signed, "versio-prev" will fail to be parsed. This is because the message has content suffixed to it.

git show demo
tag demo
Tagger: Billie Thompson <billie@billiecodes.com>
Date:   Sun Apr 4 10:27:52 2021 +0200

Some Description
-----BEGIN PGP SIGNATURE-----

iQEzBAABCAAdFiEEiegVrQhwReAkZ434EjUjnZLR750FAmBpeIwACgkQEjUjnZLR
751d0AgAn0Vqgclq1TSjN5g6eA6plC+ZenV/rS6bepMN2nGhhVH2hhIhtGm2PZGJ
1A5Y7NMkh0c+OC0HJBSSAgTP+Ku17AkSO58DE/wz7M302N3N19OABaM4i2H/z2T2
qWixWn6o85IkvqINFUzhPTOarl0cU58sbu6vTcuP1Gm4ubY/LOcIrrHaU6GFgkzD
ma8JqVWpWH3c3RjeBWEe7Qhoki5ylxk3f40ItouVpOoU0oq4O772i80AZMoxJE7e
LRY9BJcrKuRWRN1xjmiRbOYZrLj3UYk69yyiEx33tu8q1w1ROCDZH7rKH3+UIo3N
SZLPOVhyPtb/GshwJsqh98L6/A821g==
=KkFK
-----END PGP SIGNATURE-----

A workaround is to use --no-sign when creating the versio-prev tag

[chaaz]

@PurpleBooth I've just released 0.5.0 of Versio -- I'm still seeing what's needed to get gpgme to build on MacOS and Windows, but if you're using Linux, please let me know if this fixes this issue and/or issue #3. Thanks!

[PurpleBooth]

Amazing, I looked through the code and it looks exactly what I need to fix #2 and #3. I am loving this tool by the way, I've used it on 3 or 4 projects now.

On my ubuntu pipelines I am having a problem with the binaries not being linked to the right version of LIBC

versio: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.32' not found (required by versio)

Here's the snippet of the pipeline for context

  version:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout code
      uses: actions/checkout@v2.3.4
      with:
        fetch-depth: 0
    - uses: chaaz/versio-actions/install@v1.1
      name: Install versio
    - name: Check projects
      run: versio check
    - name: Print changes
      run: versio plan
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        GITHUB_USER: ${{ github.actor }}

I can't test it on my laptop as I use a mac and versio isn't compiling, seemingly something to do with gpgme

error: failed to run custom build command for `gpgme-sys v0.9.1`

Caused by:
  process didn't exit successfully: `/var/folders/l2/w_t854k14hjfv0pmgqz3m9qh0000gn/T/cargo-install7Nx2wz/release/build/gpgme-sys-3dd258b6552af2ee/build-script-build` (exit code: 1)
  --- stdout
  cargo:rerun-if-env-changed=GPGME_PREFIX
  cargo:rerun-if-env-changed=GPGME_INCLUDE
  cargo:rerun-if-env-changed=GPGME_LIB_DIR
  cargo:rerun-if-env-changed=GPGME_LIBS
  cargo:rerun-if-env-changed=GPGME_CONFIG

  --- stderr
  running: "sh" "-c" "gpgme-config --version"
  sh: gpgme-config: command not found
  command did not execute successfully, got: exit code: 127
  Error: ()

I think this nails my problem, though this might be a new issue.

[chaaz]

Thanks for your kind words, I always love hearing what people think!

Yeah, the mac and windows builds were causing me some pain. I think I got the mac version worked out if I get the runner to brew install gpgme first. If you use homebrew on your laptop, that might help you. The windows build is still difficult, but I'm working on it.

I had to manually work around some of those problems, and for a while I think I had the versio-install action install a binary that was built on Ubuntu 20.10, with a super recent version of glibc, which is too modern for the current ubuntu-latest runner on GHA; that's probably where the "GLIBC_2.32 not found" error was coming from: I've since corrected that, so hopefully your workflow will work correctly now.

Thanks again for your feedback!

[PurpleBooth]

Adding gpgme with brew worked for me, I could Cargo install! 🎉

$ versio -l local release
   Compiling git-mit v3.99.0 (/Users/billie/Code/git-mit/git-mit)
   Compiling git-mit-install v3.99.0 (/Users/billie/Code/git-mit/git-mit-install)
   Compiling git-mit-relates-to v3.99.0 (/Users/billie/Code/git-mit/git-mit-relates-to)
   Compiling mit-pre-commit v3.99.0 (/Users/billie/Code/git-mit/mit-pre-commit)
   Compiling mit-prepare-commit-msg v3.99.0 (/Users/billie/Code/git-mit/mit-prepare-commit-msg)
   Compiling mit-commit-msg v3.99.0 (/Users/billie/Code/git-mit/mit-commit-msg)
   Compiling git-mit-config v3.99.0 (/Users/billie/Code/git-mit/git-mit-config)
    Finished dev [unoptimized + debuginfo] target(s) in 0.52s
Error: No key found with ID: 89E815AD087045E024678DF81235239D92D1EF9D

$ gpg -k 89E815AD087045E024678DF81235239D92D1EF9D
pub   rsa2048 2020-06-16 [SC] [verfällt: 2022-06-16]
      89E815AD087045E024678DF81235239D92D1EF9D
uid        [ ultimativ ] Billie Thompson <billie@billiecodes.com>
sub   rsa2048 2020-06-16 [E] [verfällt: 2022-06-16]

Not finding the key on mac, seeing the same thing on my pipelines (they sign commits fine normally)

Error: No key found with ID: DDF15B2FB318F207

On my pipelines, no LIBC problem though!

    - name: Import GPG key
      uses: crazy-max/ghaction-import-gpg@v3
      with:
        gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
        passphrase: ${{ secrets.GPG_PASSPHRASE }}
        git-user-signingkey: true
        git-commit-gpgsign: true
        git-tag-gpgsign: true
    - uses: chaaz/versio-actions/install@v1.1
      name: Install versio
    - run: echo ::set-output "name=BUMP::$( versio release --dry-run )"
      id: get_versio_plan
    - name: Generate release
      if: ${{ contains(steps.get_versio_plan.outputs.BUMP, ' -> ') }}
      run: versio release

Here's a snippet of my pipeline that I am using to try this out.

[chaaz]

Yeah, unfortunately versio doesn't yet accept as wide a range of values for user.signingKey as git does. Git will let you use the ID, fingerprint, and I think a couple of other uniquely identifying things, but Versio only knows about the ID. if you use the --keyid-format 0xLONG to most gpg commands, it will output the ID for you in the form 0xTHEKEYID, so you can use THEKEYID as your user.signingKey value. (I think the key ID is also the second half of the fingerprint value, but that doesn't always work for me.)

If your pipeline is finding the key for commits, but not for its tags, then that's weird. The key lookup code for both places is identical (I should actual put it in its own function), so I don't know why it would work for one place and not the other. I'll dig a bit and see if I can figure that out.

As a side note, I see that your pipeline is using a dry-run output to determine if you do an actual run. This is interesting to me, and I wonder what the reasoning is. Do you want to hold off on tagging/commits until you actually have a bump? Is there some file writing that you want to avoid unless necessary? I don't mean to pry, but if there's a good usecase there, it might be something worth incorporating into Versio itself.

[PurpleBooth]

That if in there is because changing the hash of the tar of the tag for the same version of the code causes problems with Homebrew, homebrew makes some assumptions about it never changing.

Looks like versio still can't find the hash

$ versio -l local release
   Compiling mit-commit-msg v3.99.0 (/Users/billie/Code/git-mit/mit-commit-msg)
   Compiling git-mit-relates-to v3.99.0 (/Users/billie/Code/git-mit/git-mit-relates-to)
   Compiling mit-pre-commit v3.99.0 (/Users/billie/Code/git-mit/mit-pre-commit)
   Compiling mit-prepare-commit-msg v3.99.0 (/Users/billie/Code/git-mit/mit-prepare-commit-msg)
   Compiling git-mit v3.99.0 (/Users/billie/Code/git-mit/git-mit)
   Compiling git-mit-install v3.99.0 (/Users/billie/Code/git-mit/git-mit-install)
   Compiling git-mit-config v3.99.0 (/Users/billie/Code/git-mit/git-mit-config)
    Finished dev [unoptimized + debuginfo] target(s) in 0.56s
Error: No key found with ID: 0x1235239D92D1EF9D

$ gpg --keyid-format 0xlong --list-keys 0x1235239D92D1EF9D
pub   rsa2048/0x1235239D92D1EF9D 2020-06-16 [SC] [verfällt: 2022-06-16]
      89E815AD087045E024678DF81235239D92D1EF9D
uid                [ ultimativ ] Billie Thompson <billie@billiecodes.com>
sub   rsa2048/0x9F692C381A24A9AF 2020-06-16 [E] [verfällt: 2022-06-16]

[user]
	name = Billie Thompson
	email = billie@billiecodes.com
	signingkey = 0x1235239D92D1EF9D

[chaaz]

Hmm.. could you try it with just signingkey = 1235239D92D1EF9D. I suspect that it might be fumbling over the 0x formatting.

[PurpleBooth]

Looks like that it worked! 🎉

commit d3c87fca2e6b42030923a8c1386e46485afe05c7 (HEAD -> main, tag: versio-prev, tag: v0.6.1)
gpg: Signatur vom Mi 19 Mai 19:38:35 2021 CEST
gpg:                mittels RSA-Schlüssel 89E815AD087045E024678DF81235239D92D1EF9D
gpg: Korrekte Signatur von "Billie Thompson <billie@billiecodes.com>" [ultimativ]
Author: Versio <github.com/chaaz/versio>
Date:   Wed May 19 19:38:35 2021 +0200

    build(deploy): Versio update versions

[chaaz]

That's great to hear! Thanks for all your great feedback.