[v4] Failing to import PGP key when updating from v3 to v4

[ryanlambert-wk]

After upgrading to v4, the pgp key configured for our code coverage repo cannot be imported. This doesn't stop uploads from succeeding unless you set fail_ci_if_error: true

Run codecov/codecov-action@v4
==> linux OS detected
https://cli.codecov.io/latest/linux/codecov.SHA256SUM
==> Running version latest
Warning: Codecov: Error importing pgp key
undefined
==> Running version v0.4.6
==> Running command '/runner/_work/_actions/codecov/codecov-action/v4/dist/codecov create-commit'
/runner/_work/_actions/codecov/codecov-action/v4/dist/codecov create-commit -C 084604d6a338b347288b8ff5c1f0bffd229da875
gpg: Signature made Fri Feb  2 14:15:33 2024 UTC
gpg:                using RSA key ...
gpg: Good signature from "Codecov Uploader (Codecov Uploader Verification Key) <security@codecov.io>" [unknown]
gpg: WARNING: Using untrusted key!

==> Uploader SHASUM verified

[rohan-at-sentry]

@thomasrockhu wonder if this is related to #1262

[thomasrockhu]

@rohan-at-sentry I don't believe so, this looks like it breaks earlier in the process

Warning: Codecov: Error importing pgp key

also the ordering is strange... the gpg verification happens before create-commit should happen

[A5rocks]

Hi, this also happened over at https://github.com/python-trio/trio/actions/runs/7865327122/job/21458126980?pr=2951#step:7:12

At least for us, I suspect this is just because we're running a docker container (https://github.com/python-trio/trio/blob/f071c066b21a745376579313a621b2e15fe363f0/.github/workflows/ci.yml#L186) and things differ from the ubuntu runner. This also messes with the setup-python action.

[nmoinvaz]

We are also getting this error across all platforms. We are running self-hosted runners if it helps.

2024-02-29T04:21:28.9082577Z ==> windows OS detected
2024-02-29T04:21:30.6716992Z https://cli.codecov.io/latest/windows/codecov.exe.SHA256SUM
2024-02-29T04:21:31.1063731Z ==> Running version latest
2024-02-29T04:21:31.1132992Z ##[error]Codecov: Error importing pgp key

[rafalwrzeszcz]

Same error here: https://github.com/rafalwrzeszcz-wrzasqpl/pl.wrzasq.commons/actions/runs/8180236032/job/22367854463

[nmoinvaz]

Looks like self-hosted Windows and macOS machines require gpg to be installed.

Windows: choco install gnupg (requires GitHub runner service restart)
macOS: brew install gnupg

[ryanlambert-wk]

Looks like self-hosted Windows and macOS machines require gpg to be installed.

Windows: choco install gnupg (requires GitHub runner service restart) macOS: brew install gnupg

I'll add on to this in case there's a difference between runner environments. I'm using a self-hosted amazonlinux 2 based runner, which has gnupg installed, and I still get Error: Codecov: Error importing pgp key

[MPJHorner]

👍 same error here

[karl-sjogren]

Something very similar started happening for us today. We've been running v4 since early february on Ubuntu a github hosted runner.

info - 2024-03-19 12:00:10,230 -- Process Upload complete
gpg: directory '/home/runner/.gnupg' created
gpg: keybox '/home/runner/.gnupg/pubring.kbx' created
gpg: /home/runner/.gnupg/trustdb.gpg: trustdb created
gpg: key 806BB28AED779869: public key "Codecov Uploader (Codecov Uploader Verification Key) <security@codecov.io>" imported
gpg: Total number processed: 1
gpg:               imported: 1

gpg: Signature made Wed Feb 28 18:01:04 2024 UTC
gpg:                using RSA key 27034E7FDB8[50](https://github.com/xlent-norr/xxxxxx-xxxxx/actions/runs/8342524907/job/22830986264#step:11:51)E0BBC2C62FF806BB28AED779869
gpg: Good signature from "Codecov Uploader (Codecov Uploader Verification Key) <security@codecov.io>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 2703 4E7F DB85 0E0B BC2C  62FF 806B B28A ED77 9869

Error: ENOENT: no such file or directory, open '/home/runner/work/_actions/codecov/codecov-action/v4/dist/codecov'

[parsonsmatt]

I am running into this as well.

[ReenigneArcher]

Same thing, using GitHub hosted runners, macOS-12 and macOS-13. macOS-14 is fine.

brew install gnupg didn't solve it... and which gpg points to /usr/local/bin/gpg before and after installing gnupg, so that makes sense it didn't solve it.

Saw something similar when searching around, but I don't think that's the issue here as it's already installed...
dlang-community/setup-dlang@66261c5

[thomasrockhu-codecov]

This should be fixed now as a result of #1426 in 4.5.0