feat: add package signing to fedora packages

ilya-zlobintsev · Feb 25, 2024 · be8dd8c · be8dd8c
1 parent c5ff5b3
commit be8dd8c
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 4 deletions.
diff --git a/.github/workflows/build-packages.yaml b/.github/workflows/build-packages.yaml
@@ -23,13 +23,27 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v3
 
+      - name: Import gpg key
+        run: |
+          echo -n "$GPG_KEY" | base64 -d > /tmp/package-signing-key.gpg
+          echo -n "$GPG_KEY" | base64 -d | gpg --import || true
+        env:
+          GPG_KEY: ${{ secrets.GPG_KEY }}
+
       - name: Install pkger
         run: |
           curl -L -o /usr/local/bin/pkger https://github.com/ilya-zlobintsev/pkger/releases/download/v0.11.1/pkger
           chmod +x /usr/local/bin/pkger
-          
-      - name: Build packages
+
+      - name: Build packages (with signing)
+        if: ${{ contains(matrix.target-os, 'fedora') }}
         run: pkger -t -c .pkger.yml build ${{ matrix.recipe }} -i ${{ matrix.target-os }}
+        env:
+          GPG_KEY_PASSWORD: ${{ secrets.GPG_KEY_PASSWORD }}
+
+      - name: Build packages (without signing)
+        if: ${{ !contains(matrix.target-os, 'fedora') }}
+        run: pkger -t -c .pkger.yml build --no-sign ${{ matrix.recipe }} -i ${{ matrix.target-os }}
 
       - name: Copy release files
         run: |
@@ -52,6 +66,10 @@ jobs:
           done
           popd
 
+      - name: Save gpg key
+        run: |
+          gpg --armor --export > $PWD/release-artifacts/lact.pubkey
+
       - name: Upload artifacts
         uses: actions/upload-artifact@v3
         with:

diff --git a/.pkger.yml b/.pkger.yml
@@ -4,8 +4,8 @@ output_dir: pkg/output
 images_dir: pkg/images
 log_dir: ~
 runtime_uri: ~
-gpg_key: ~
-gpg_name: ~
+gpg_key: /tmp/package-signing-key.gpg
+gpg_name: Ilya Zlobintsev
 ssh: ~
 images:
   - name: debian-12