From aa858ef020683f62ad6b4a5ff7cf1dbd7beda12d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jaspar=20L=C3=B6chte?= Date: Tue, 3 Aug 2021 15:22:16 +0200 Subject: [PATCH] Add signing to workflow ... --- .github/workflows/release-pontos-patch.yml | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release-pontos-patch.yml b/.github/workflows/release-pontos-patch.yml index 8e30aad3..b053654b 100644 --- a/.github/workflows/release-pontos-patch.yml +++ b/.github/workflows/release-pontos-patch.yml @@ -11,6 +11,9 @@ jobs: GITHUB_USER: ${{ secrets.GREENBONE_BOT }} GITHUB_MAIL: ${{ secrets.GREENBONE_BOT_MAIL }} GITHUB_TOKEN: ${{ secrets.GREENBONE_BOT_TOKEN }} + GPG_KEY: ${{ secrets.GPG_KEY }} + GPG_FINGERPRINT: ${{ secrets.GPG_FINGERPRINT }} + GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} name: Release patch with pontos # If the label 'make patch release' is set. If PR is closed because of an merge if: contains( github.event.pull_request.labels.*.name, 'make patch release') && github.event.pull_request.merged == true @@ -35,6 +38,23 @@ jobs: # we always should've checked out the correct branch' run: echo "Current Branch is $GITHUB_BASE_REF" - name: Prepare patch release with pontos - run: poetry run pontos-release prepare --patch + run: | + poetry run pontos-release prepare --patch + echo "VERSION=$(pontos-version show)" >> $GITHUB_ENV - name: Release with pontos run: poetry run pontos-release release + - name: Import key from secrets + run: | + echo -e "${{ env.GPG_KEY }}" >> tmp.file + gpg \ + --pinentry-mode loopback \ + --passphrase ${{ env.GPG_PASSPHRASE }} \ + --import tmp.file + rm tmp.file + - name: Sign with pontos-release sign + run: | + echo "Signing assets for ${{env.VERSION}}" + poetry run pontos-release sign \ + --signing-key ${{ env.GPG_FINGERPRINT }} \ + --passphrase ${{ env.GPG_PASSPHRASE }} \ + --release-version ${{ env.VERSION }}