Sign the release (#86)

* Sign the release * Update release-candidate.yml * Update codeql.yml * Update dependency-review.yml
fatihtokus · Aug 1, 2024 · 9b32759 · 9b32759
1 parent 973cd78
commit 9b32759
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 4 deletions.
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -9,7 +9,7 @@
 # the `language` matrix defined below to confirm you have the correct set of
 # supported CodeQL languages.
 #
-name: "CodeQL"
+name: CodeQL
 
 on:
   push:

diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -6,7 +6,7 @@
 # PRs introducing known-vulnerable packages will be blocked from merging.
 #
 # Source repository: https://github.com/actions/dependency-review-action
-name: 'Dependency Review'
+name: Dependency Review
 on: [pull_request]
 
 permissions:

diff --git a/.github/workflows/release-candidate.yml b/.github/workflows/release-candidate.yml
@@ -1,4 +1,4 @@
-name: Release
+name: Release-Candidate
 
 on:
   push:

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -45,7 +45,7 @@ jobs:
           # copy js files
           cat
           {
-          # copy report file except the last 4 lines
+          # copy report file except for the last 4 lines
           head -n -4 'src/frontend-app/dist/src/assets/app-template.html'
           echo ''
           cat 'src/frontend-app/dist/app.js'
@@ -58,9 +58,32 @@ jobs:
           cat "$reportTemplate"
       - name: Compress
         run: tar -zcvf scan2html.tar.gz scan2html.sh "$reportTemplate" LICENSE plugin.yaml
+
+      - name: Install GPG
+        run: sudo apt-get install -y gnupg
+
+      - name: Configure GPG
+        run: |
+          mkdir -p ~/.gnupg
+          chmod 700 ~/.gnupg
+          echo "use-agent" > ~/.gnupg/gpg.conf
+          echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf
+
+      - name: Import GPG key
+        run: |
+          echo "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --batch --yes --import
+        env:
+          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+
+      - name: Sign the release file
+        run: |
+          gpg --batch --yes --pinentry-mode loopback --passphrase "${{ secrets.GPG_PASSPHRASE }}" --armor --detach-sign scan2html.tar.gz
+        env:
+          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
 
       - name: Release
         uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
         with:
           files: |
             scan2html.tar.gz
+            scan2html.tar.gz.asc