-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Receive GPG key while publishing artifacts #271
Conversation
gpg --batch \ | ||
--passphrase "${GPG_PASSPHRASE}" \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Because we're not using passphrase for this key, the --batch
and --passphrase
options are unnecessary.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
@@ -25,10 +25,10 @@ aliases: | |||
- run: | |||
name: "Import signing key" | |||
command: | | |||
gpg --keyserver keyserver.ubuntu.com \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's worth surfacing that we're specifying the Ubuntu keyserver here to mirror the approach taken by @jodersky. Through testing, I've found that this keyserver was updated more quickly than the default.
Overview
This retrieves an up-to-date copy of the Geotrellis public GPG key during the
cipublish
build stage.We've pushed a new signature to extend the expiration date on the public key that we've uploaded to public keyservers. The CircleCI build will now retrieve the latest copy of the public key, allowing us to renew the key in the future using the same procedure.
Checklist
Testing Instructions
cipublish
.Connects azavea/operations#446