From 8284ea2c53d7cb523ebae792fabb74b1bb886817 Mon Sep 17 00:00:00 2001
From: Wilken Rivera <dev@wilkenrivera.com>
Date: Tue, 31 Oct 2023 14:45:41 -0400
Subject: [PATCH] Remove HashiCorp specific GPG signing from release

---
 .github/workflows/release.yml | 14 ++++++++------
 .goreleaser.yml               | 14 +++++++++-----
 2 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 0ec531d5..dac8f1ab 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -48,16 +48,18 @@ jobs:
       - name: Describe plugin
         id: plugin_describe
         run: echo "api_version=$(go run . describe | jq -r '.api_version')" >> "$GITHUB_OUTPUT"
-      - name: Install signore
-        uses: hashicorp/setup-signore-package@v1
+      - name: Import GPG key
+        id: import_gpg
+        uses: crazy-max/ghaction-import-gpg@111c56156bcc6918c056dbef52164cfa583dc549 # v5.2.0
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.GPG_PASSPHRASE }}
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@f82d6c1c344bcacabba2c841718984797f664a6b # v4.2.0
         with:
           version: latest
-          args: release --clean --timeout 120m
+          args: release --rm-dist --timeout 120m 
         env:
+          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           API_VERSION: ${{ steps.plugin_describe.outputs.api_version }}
-          SIGNORE_CLIENT_ID: ${{ secrets.SIGNORE_CLIENT_ID }}
-          SIGNORE_CLIENT_SECRET: ${{ secrets.SIGNORE_CLIENT_SECRET }}
-          SIGNORE_SIGNER: ${{ secrets.SIGNORE_SIGNER }}
diff --git a/.goreleaser.yml b/.goreleaser.yml
index f9dbc171..5d4a0dd2 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -91,10 +91,14 @@ checksum:
   name_template: '{{ .ProjectName }}_v{{ .Version }}_SHA256SUMS'
   algorithm: sha256
 signs:
-  - cmd: signore
-    args: ["sign", "--dearmor", "--file", "${artifact}", "--out", "${signature}"]
-    artifacts: checksum
-    signature: ${artifact}.sig
-
+- artifacts: checksum
+  args:
+  - “--batch”
+  - “--local-user”
+  - “{{ .Env.GPG_FINGERPRINT  }}”
+  - “--output”
+  - “${signature}”
+  - “--detach-sign”
+  - “${artifact}”
 changelog:
   use: github-native