From 60601e1dafb465ecfb6b3fcdf4d685dea3102783 Mon Sep 17 00:00:00 2001 From: Peter Kurfer Date: Wed, 7 Feb 2024 12:27:26 +0100 Subject: [PATCH] chore: sign Linux packages --- .github/workflows/release.yaml | 12 +++++++++-- .github/workflows/validate.yaml | 12 +++++++++-- .gitignore | 1 + .goreleaser.yaml | 35 ++++++++++++++++++++++++++++++--- INSTALL.md | 4 +++- go.sum | 2 -- 6 files changed, 56 insertions(+), 10 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 1c308b7..70b7ef5 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,4 +1,4 @@ -name: Go build +name: Release on: push: tags: @@ -54,6 +54,11 @@ jobs: run: | gotestsum --format pkgname -- -covermode=atomic ./... + - name: Prepare GPG setup + run: | + mkdir -p $GITHUB_WORKSPACE/.gnupg + echo "${{ secrets.GPG_SIGNING_KEY }}" | base64 -d > $GITHUB_WORKSPACE/.gnupg/gpg.key + - name: Release uses: goreleaser/goreleaser-action@v5 with: @@ -64,6 +69,9 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GH_TAP_PAT: ${{ secrets.GH_TAP_PAT }} GH_WINGET_PAT: ${{ secrets.GH_WINGET_PAT }} + NFPM_GIT_AGE_PASSPHRASE: ${{ secrets.NFPM_GIT_AGE_PASSPHRASE }} + UPLOAD_RPM_SECRET: ${{ secrets.UPLOAD_RPM_SECRET }} + UPLOAD_DEB_SECRET: ${{ secrets.UPLOAD_DEB_SECRET }} - name: Setup Pages uses: actions/configure-pages@v4 @@ -71,7 +79,7 @@ jobs: - name: Upload artifact uses: actions/upload-pages-artifact@v3 with: - path: 'docs/' + path: 'out/html/' - name: Deploy to GitHub Pages id: deployment uses: actions/deploy-pages@v4 \ No newline at end of file diff --git a/.github/workflows/validate.yaml b/.github/workflows/validate.yaml index 63042fa..a2e738d 100644 --- a/.github/workflows/validate.yaml +++ b/.github/workflows/validate.yaml @@ -1,4 +1,4 @@ -name: Go build +name: Validate on: push: branches: @@ -58,10 +58,18 @@ jobs: run: curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin if: ${{ !contains(matrix.os, 'windows') }} + - name: Prepare GPG setup + run: | + mkdir -p $GITHUB_WORKSPACE/.gnupg + echo "${{ secrets.GPG_SIGNING_KEY }}" | base64 -d > $GITHUB_WORKSPACE/.gnupg/gpg.key + if: ${{ !contains(matrix.os, 'windows') }} + - name: Snapshot release uses: goreleaser/goreleaser-action@v5 if: ${{ !contains(matrix.os, 'windows') }} with: distribution: goreleaser version: latest - args: release --clean --snapshot \ No newline at end of file + args: release --clean --snapshot + env: + NFPM_GIT_AGE_PASSPHRASE: ${{ secrets.NFPM_GIT_AGE_PASSPHRASE }} \ No newline at end of file diff --git a/.gitignore b/.gitignore index f99ac26..7e80031 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ out/ dist/ docs/*.1* docs/*.html +.gnupg/ \ No newline at end of file diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 02a878e..ee96627 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -3,6 +3,7 @@ version: 1 before: hooks: - go mod tidy -go=1.21 + - rm -rf out/man - mkdir -p out/man - mkdir -p out/html - asciidoctor -a reproducible -b manpage -o out/man/git-age.1 docs/git-age.adoc @@ -55,12 +56,12 @@ checksum: name_template: "checksums.txt" nfpms: - - package_name: git-age + - id: git_age + package_name: git-age homepage: https://github.com/prskr/git-age maintainer: Peter Kurfer license: MIT formats: - - apk - deb - rpm dependencies: @@ -71,6 +72,13 @@ nfpms: - src: LICENSE dst: /usr/share/licenses/git-age/LICENSE + rpm: + signature: + key_file: "{{ .Env.GITHUB_WORKSPACE }}/.gnupg/gpg.key" + deb: + signature: + key_file: "{{ .Env.GITHUB_WORKSPACE }}/.gnupg/gpg.key" + brews: - name: git-age homepage: https://github.com/prskr/git-age @@ -131,4 +139,25 @@ winget: base: owner: microsoft name: winget-pkgs - branch: master \ No newline at end of file + branch: master + +uploads: + - name: RPM + method: PUT + target: https://code.icb4dc0.de/api/packages/prskr/rpm/upload + exts: + - rpm + username: prskr + checksum: false + signature: false + custom_artifact_name: true + + - name: DEB + method: PUT + target: https://code.icb4dc0.de/api/packages/prskr/debian/pool/bookworm/main/upload + exts: + - deb + username: prskr + checksum: false + signature: false + custom_artifact_name: true \ No newline at end of file diff --git a/INSTALL.md b/INSTALL.md index 93cf4e6..e8f0efc 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -36,7 +36,7 @@ brew install git-age #### DNF ```bash -dnf config-manager --add-repo https://code.icb4dc0.de/api/packages/prskr/rpm.repo +dnf config-manager --nogpgcheck --add-repo https://code.icb4dc0.de/api/packages/prskr/rpm.repo dnf install git-age ``` @@ -56,6 +56,8 @@ sudo curl https://code.icb4dc0.de/api/packages/prskr/debian/repository.key -o /e # distribution is currently only bookworm - but should work for other debian based distributions as well echo "deb https://code.icb4dc0.de/api/packages/prskr/debian bookworm main" | sudo tee -a /etc/apt/sources.list.d/forgejo.list +sudo curl https://code.icb4dc0.de/api/packages/prskr/debian/repository.key -o /etc/apt/trusted.gpg.d/forgejo-prskr.asc + sudo apt update sudo apt install git-age diff --git a/go.sum b/go.sum index 2deccfb..868d7ad 100644 --- a/go.sum +++ b/go.sum @@ -98,8 +98,6 @@ golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc= golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= -golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.15.0 h1:SernR4v+D55NyBH2QiEQrlBAnj1ECL6AGrA5+dPaMY8= golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=