Skip to content

fix(release): update-apt-repo artifact download + dynamic GPG fingerprint (closes #96)#97

Merged
levleontiev merged 2 commits intomainfrom
fix/issue-96-apt-repo-fingerprint
Apr 2, 2026
Merged

fix(release): update-apt-repo artifact download + dynamic GPG fingerprint (closes #96)#97
levleontiev merged 2 commits intomainfrom
fix/issue-96-apt-repo-fingerprint

Conversation

@levleontiev
Copy link
Copy Markdown
Contributor

@levleontiev levleontiev commented Apr 2, 2026

Fixes #96

Changes

release.ymlupdate-apt-repo job

  1. Download .deb artifact: replaced actions/upload-artifact with actions/download-artifact@d3f86a1 (same SHA already used in smoke-test-deb and github-release).

  2. Update apt repository: removed hardcoded fingerprint 45160BC066817A6E710F7BA0208922A1DA3B0CEC. The fingerprint is now derived dynamically after import:

    FINGERPRINT=$(gpg --with-colons --list-secret-keys 2>/dev/null | grep '^fpr' | head -1 | cut -d: -f10)
./edge-repo/bin/ci/update_apt_repo.sh "$DEB_FILE" "./apt-repo" "$FINGERPRINT"

    This means rotating GPG_PRIVATE_KEY secret requires no code change.

GPG key

A fresh RSA-4096 key (22DF05A7ACFD667DB9EE51A018BC4FF01C464181, Fairvisor Release <release@fairvisor.com>) has been generated and set as the GPG_PRIVATE_KEY secret in fairvisor/edge.

After merge → tag v0.2.5.

@levleontiev levleontiev merged commit ec970cd into main Apr 2, 2026
11 checks passed
@levleontiev levleontiev deleted the fix/issue-96-apt-repo-fingerprint branch April 2, 2026 18:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

release: update-apt-repo uses upload-artifact and hardcodes GPG fingerprint

1 participant

@levleontiev