Skip to content

Commit

Permalink
Use decrypted key for signing/remove import_gpg action as it's not wo…
Browse files Browse the repository at this point in the history
…rking with the new gpg key due to crazy-max/ghaction-import-gpg#58
  • Loading branch information
sarahethompson committed May 10, 2021
1 parent 31f6f83 commit 515ae3f
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 7 deletions.
10 changes: 3 additions & 7 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,18 +29,14 @@ jobs:
- name: Describe plugin
id: plugin_describe
run: echo "::set-output name=api_version::$(go run . describe | jq -r '.api_version')"
- name: Import GPG key
id: import_gpg
uses: hashicorp/ghaction-import-gpg@v2.1.0
env:
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
PASSPHRASE: ${{ secrets.PASSPHRASE }}
- name: Import key for archive signing
run: echo -e "${{ secrets.GPG_PRIVATE_KEY_DECRYPTED }}" | gpg --import --batch --no-tty
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v2
with:
version: latest
args: release --rm-dist
env:
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
GPG_FINGERPRINT: ${{ secrets.GPG_PUBLIC_KEY_ID }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
API_VERSION: ${{ steps.plugin_describe.outputs.api_version }}
1 change: 1 addition & 0 deletions .goreleaser.yml
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,7 @@ signs:
# if you are using this is in a GitHub action or some other automated pipeline, you
# need to pass the batch flag to indicate its not interactive.
- "--batch"
- "--no-tty"
- "--local-user"
- "{{ .Env.GPG_FINGERPRINT }}"
- "--output"
Expand Down

0 comments on commit 515ae3f

Please sign in to comment.