Skip to content

Commit 1d5bc9e

Browse files
michaelklishinmichaelklishin
committed
Sign produced artifacts directly with gpg
1 parent 50b3ab6 commit 1d5bc9e

File tree

1 file changed

+12
-0
lines changed

1 file changed

+12
-0
lines changed

.github/workflows/reusable-release-workflow.yml

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -232,6 +232,12 @@ jobs:
232232
SIGNING_KEY=${{ secrets.GPG_SIGNING_KEY_ID }}
233233
cd ..
234234
ls -lha PACKAGES/
235+
for file in PACKAGES; do
236+
if test -f "$file"; then
237+
gpg --default-key "${{ env.GPG_SIGNING_KEY_ID }}" --detach-sign --armor "$file"
238+
end
239+
end
240+
ls -lha PACKAGES/
235241
- name: Build Debian package without GPG signing
236242
if: inputs.gpg_sign_release == false
237243
run: |
@@ -322,6 +328,12 @@ jobs:
322328
SIGNING_KEY="${{ secrets.GPG_SIGNING_KEY_ID }}"
323329
cd ..
324330
ls -lha PACKAGES/
331+
for file in PACKAGES; do
332+
if test -f "$file"; then
333+
gpg --default-key "${{ env.GPG_SIGNING_KEY_ID }}" --detach-sign --armor "$file"
334+
end
335+
end
336+
ls -lha PACKAGES/
325337
- name: Build RPM package without GPG signing
326338
if: inputs.gpg_sign_release == false
327339
run: |

0 commit comments

Comments
 (0)