codecov-circleci-orb
codecov-circleci-orb copied to clipboard
codecov
Validate step doesn't work on the Mac runner
Using the executor macOS: {xcode: 15.1.0} and orb version 4.0.1, I see the following log for the "Validate Codecov Uploader" step:
gpg: directory '/Users/distiller/.gnupg' created
gpg: /Users/distiller/.gnupg/trustdb.gpg: trustdb created
gpg: key 806BB28AED779869: public key "Codecov Uploader (Codecov Uploader Verification Key) <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
Downloading https://cli.codecov.io/latest/macos/codecov.SHA256SUM
gpgv: unknown type of key resource 'trustedkeys.kbx'
gpgv: keyblock resource '/Users/distiller/.gnupg/trustedkeys.kbx': General error
gpgv: Signature made Fri Feb 2 14:15:45 2024 GMT
gpgv: using RSA key 27034E7FDB850E0BBC2C62FF806BB28AED779869
gpgv: Can't check signature: No public key
Exited with code exit status 2
The exact same job works on a Linux executor, with a single difference in the log:
gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/trustedkeys.kbx' created
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 806BB28AED779869: public key "Codecov Uploader (Codecov Uploader Verification Key) <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
Downloading https://cli.codecov.io/latest/linux/codecov.SHA256SUM
gpgv: can't allocate lock for '/root/.gnupg/trustedkeys.kbx'
gpgv: Signature made Fri Feb 2 14:15:33 2024 UTC
gpgv: using RSA key 27034E7FDB850E0BBC2C62FF806BB28AED779869
gpgv: Good signature from "Codecov Uploader (Codecov Uploader Verification Key) <[email protected]>"
codecov: OK
It looks like on Mac, the line "gpg: keybox '/root/.gnupg/trustedkeys.kbx' created" is missing. I can verify that running the gpg command on my personal Mac doesn't create a trustedkeys.kbx file in my ~/.gnupg/ directory, but I don't know enough about gpg to understand why.
@thomasrockhu can you please take a look at this, once you're back in?
I am facing the same error with macOS: {xcode: 15.0.0} and codecov/[email protected] orb.
I also tried codecov/[email protected] and the "Validate Codecov Upload" step passes but I see this concerning warning:
gpg: directory '/Users/distiller/.gnupg' created
gpg: /Users/distiller/.gnupg/trustdb.gpg: trustdb created
gpg: key 806BB28AED779869: public key "Codecov Uploader (Codecov Uploader Verification Key) <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
Downloading https://uploader.codecov.io/latest/macos/codecov.SHA256SUM
gpg: Signature made Thu Oct 19 19:59:54 2023 GMT
gpg: using RSA key 27034E7FDB850E0BBC2C62FF806BB28AED779869
gpg: Good signature from "Codecov Uploader (Codecov Uploader Verification Key) <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 2703 4E7F DB85 0E0B BC2C 62FF 806B B28A ED77 9869
codecov: OK
Do you have any advice on this, all our builds are still failing due to this step 😢
I've been invoking codecov with validate: false everywhere until this is fixed.
- codecov/upload: { validate: false }
It seems mkdir -p ~/.gnupg can help here, like in https://github.com/codecov/codecov-circleci-orb/issues/157#issuecomment-2029036552
