From 045b71c38fcb6d40ec41ea8d36c1a98a5dd09ae2 Mon Sep 17 00:00:00 2001
From: Jiaqi Luo <6218999+jiaqiluo@users.noreply.github.com>
Date: Tue, 15 Oct 2024 16:19:27 -0700
Subject: [PATCH] use the first key

---
 .github/workflows/pre-release.yaml | 9 +++++++--
 .github/workflows/release.yaml     | 9 +++++++--
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/pre-release.yaml b/.github/workflows/pre-release.yaml
index 5c32320b..fc4da8f0 100644
--- a/.github/workflows/pre-release.yaml
+++ b/.github/workflows/pre-release.yaml
@@ -38,11 +38,16 @@ jobs:
         run: |
           echo "Importing gpg key"
           echo -n "$GPG_KEY" | base64 --decode | gpg --import --batch >/dev/null
-          # Extract the key ID from the list of secret keys
-          GPG_KEY_ID=$(gpg --list-secret-keys --with-colons | awk -F: '/^fpr/ {print $10}')
+          
+          # Print the list of secret key
+          gpg --list-secret-keys --with-colons
+          # Extract only the first full fingerprint from the list of secret keys
+          GPG_KEY_ID=$(gpg --list-secret-keys --with-colons | awk -F: '/^fpr/ {print $10; exit}')
           echo "Extracted GPG Key ID: $GPG_KEY_ID"
+          
           # Automatically trust the key by creating a trust level entry for the key (ultimate trust)
           echo -e "$GPG_KEY_ID:6:" | gpg --import-ownertrust
+          
           echo "signing SHASUM file"
           VERSION_NO_V=$(echo ${{ github.ref_name }} | sed "s/^[v|V]//")
           SHASUM_FILE=dist/artifacts/${{ github.ref_name }}/terraform-provider-rke_"$VERSION_NO_V"_SHA256SUMS
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 753a45a9..0778de52 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -38,11 +38,16 @@ jobs:
         run: |
           echo "Importing gpg key"
           echo -n "$GPG_KEY" | base64 --decode | gpg --import --batch >/dev/null
-          # Extract the key ID from the list of secret keys
-          GPG_KEY_ID=$(gpg --list-secret-keys --with-colons | awk -F: '/^fpr/ {print $10}')
+          
+          # Print the list of secret key
+          gpg --list-secret-keys --with-colons
+          # Extract only the first full fingerprint from the list of secret keys
+          GPG_KEY_ID=$(gpg --list-secret-keys --with-colons | awk -F: '/^fpr/ {print $10; exit}')
           echo "Extracted GPG Key ID: $GPG_KEY_ID"
+          
           # Automatically trust the key by creating a trust level entry for the key (ultimate trust)
           echo -e "$GPG_KEY_ID:6:" | gpg --import-ownertrust
+          
           echo "signing SHASUM file"
           VERSION_NO_V=$(echo ${{ github.ref_name }} | sed "s/^[v|V]//")
           SHASUM_FILE=dist/artifacts/${{ github.ref_name }}/terraform-provider-rke_"$VERSION_NO_V"_SHA256SUMS