Add support for signing releases with GoReleaser

joelanford · Jan 17, 2021 · ed6064d · ed6064d
1 parent 7ea9161
commit ed6064d
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 6 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -1,6 +1,9 @@
 name: CI
 
 on:
+  push:
+    branches:
+      - '**'
   pull_request:
     branches: [ main ]
 

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -2,8 +2,10 @@ name: Deploy
 
 on:
   push:
+    branches:
+      - '**'
     tags:
-      - v*
+      - 'v*'
   pull_request:
     branches: [ main ]
 
@@ -17,21 +19,27 @@ jobs:
       with:
         fetch-depth: 0
 
+    - name: Import GPG Key
+      id: import_gpg
+      uses: crazy-max/ghaction-import-gpg@v3
+      with:
+        gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
+        passphrase: ${{ secrets.GPG_PASSPHRASE }}
+
     - name: Install Go
       uses: actions/setup-go@v2
       with:
         go-version: 1.15
 
     - name: Create release
       run: |
-        SNAPSHOT="--snapshot"
         if [[ $GITHUB_REF == refs/tags/* ]]; then
-          SNAPSHOT=""
+          export GORELEASER_ARGS="--rm-dist"
         fi
-        GORELEASER_ARGS="--rm-dist ${SNAPSHOT}" make release
+        make release
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
+        GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
 
   docker:
     name: Docker
@@ -52,6 +60,13 @@ jobs:
           MAJOR_MINOR=${TAG%.*}
           echo ::set-output name=tags::${IMG}:${TAG},${IMG}:${MAJOR_MINOR}
 
+        elif [[ $GITHUB_REF == refs/heads/* ]]; then
+          TAG=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g')
+          if [ "${{ github.event.repository.default_branch }}" = "$TAG" ]; then
+            TAG=edge
+          fi
+          echo ::set-output name=tags::${IMG}:${TAG}
+
         elif [[ $GITHUB_REF == refs/pull/* ]]; then
           TAG=pr-${{ github.event.number }}
           echo ::set-output name=tags::${IMG}:${TAG}
@@ -73,5 +88,5 @@ jobs:
       with:
         context: .
         platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x
-        push: ${{ github.event_name != 'pull_request' }}
+        push: ${{ (github.event_name != 'pull_request' && startsWith(github.ref, 'refs/tags/')) }}
         tags: ${{ steps.prep.outputs.tags }}
diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -45,3 +45,7 @@ archives:
 
 checksum:
   name_template: "checksums.txt"
+
+signs:
+  - artifacts: checksum
+    args: ["--batch", "-u", "{{ .Env.GPG_FINGERPRINT }}", "--output", "${signature}", "--detach-sign", "${artifact}"]