From 5bddcadae346feaf008eb02e80275a596cdb18e1 Mon Sep 17 00:00:00 2001 From: Will Winder Date: Tue, 12 Sep 2023 13:20:31 -0400 Subject: [PATCH] Add gpg signature to checksum file. --- .github/workflows/goreleaser.yml | 8 ++++++++ .goreleaser.yaml | 3 +++ 2 files changed, 11 insertions(+) diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml index 12faa2f2..1446fa5a 100644 --- a/.github/workflows/goreleaser.yml +++ b/.github/workflows/goreleaser.yml @@ -36,6 +36,13 @@ jobs: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Import GPG key + id: import_gpg + uses: crazy-max/ghaction-import-gpg@v6 + with: + gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.PASSPHRASE }} + - uses: goreleaser/goreleaser-action@v4 with: distribution: goreleaser @@ -43,3 +50,4 @@ jobs: args: release --clean env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }} diff --git a/.goreleaser.yaml b/.goreleaser.yaml index b1e4e53d..7a27b316 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -95,6 +95,9 @@ changelog: - '^docs:' - '^test:' +signs: + - artifacts: checksum + release: draft: true header: |