sign checksums.txt with gpg key (#1581)

a63f64b1 · Ivan Vandot · GitHub · 95a16dc9 · a63f64b1 · a63f64b1
Commit a63f64b1 authored Apr 19, 2021 by Ivan Vandot Committed by GitHub Apr 19, 2021
Show whitespace changes
Inline Side-by-side

Showing with 18 additions and 0 deletions

release.yaml .github/workflows/release.yaml +8 -0

.goreleaser.yml .goreleaser.yml +10 -0

No files found.
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -35,6 +35,12 @@ jobs:
        uses: docker/setup-qemu-action@v1
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
+      - name: Import GPG key
+        run: |
+          echo "$GPG_PRIVATE_KEY" | gpg --import --passphrase "$GPG_PASSPHRASE" --batch --allow-secret-key-import
+        env:
+          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
      - name: Run GoReleaser
        uses: goreleaser/goreleaser-action@v2
        with:
@@ -44,3 +50,5 @@ jobs:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          HOMEBREW_TAP_PAT: ${{ secrets.HOMEBREW_TAP_PAT }}
          SCOOP_PAT: ${{ secrets.SCOOP_PAT }}
+          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+          GPG_FINGERPRINT: ${{ secrets.GPG_FINGERPRINT }}
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -53,6 +53,16 @@ builds:
 snapshot:
  name_template: "{{.Tag}}-snapshot"
+signs:
+  - artifacts: checksum
+    args: [
+    "--pinentry-mode", "loopback",
+    "--passphrase", "{{ .Env.GPG_PASSPHRASE }}",
+    "-u", "{{ .Env.GPG_FINGERPRINT }}",
+    "--output", "${signature}",
+    "--detach-sign", "${artifact}",
+  ]
 archives:
  -
    id: scoop