Skip to content

Commit

Permalink
Merge pull request #1321 from sundowndev/release-gpg-signing
Browse files Browse the repository at this point in the history
Release GPG signing
  • Loading branch information
sundowndev committed Aug 17, 2023
2 parents 30bb981 + a80a33e commit 8dfb5aa
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 0 deletions.
8 changes: 8 additions & 0 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,13 @@ jobs:
with:
go-version: 1.20.6

- name: Import GPG key
id: import_gpg
uses: crazy-max/ghaction-import-gpg@v5
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_PASSPHRASE }}

- name: Building static assets
run: (cd web/client && yarn install --immutable && yarn build)

Expand All @@ -38,6 +45,7 @@ jobs:
args: release --rm-dist
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
docker:
runs-on: ubuntu-latest
if: contains(toJson(github.event.commits), '[action]') == false
Expand Down
4 changes: 4 additions & 0 deletions .goreleaser.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,10 @@ before:
hooks:
- go generate ./...
- go mod download
signs:
- artifacts: checksum
args: ["--batch", "-u", "{{ .Env.GPG_FINGERPRINT }}", "--output", "${signature}", "--detach-sign", "${artifact}"]
signature: "${artifact}.gpg"
builds:
- env:
- CGO_ENABLED=0
Expand Down

0 comments on commit 8dfb5aa

Please sign in to comment.