From be8dd8cd81982e128532eb695861bba1418d13ff Mon Sep 17 00:00:00 2001 From: Ilya Zlobintsev Date: Sun, 25 Feb 2024 12:19:00 +0200 Subject: [PATCH] feat: add package signing to fedora packages --- .github/workflows/build-packages.yaml | 22 ++++++++++++++++++++-- .pkger.yml | 4 ++-- 2 files changed, 22 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build-packages.yaml b/.github/workflows/build-packages.yaml index 42f24190..4e414d9a 100644 --- a/.github/workflows/build-packages.yaml +++ b/.github/workflows/build-packages.yaml @@ -23,13 +23,27 @@ jobs: - name: Checkout repository uses: actions/checkout@v3 + - name: Import gpg key + run: | + echo -n "$GPG_KEY" | base64 -d > /tmp/package-signing-key.gpg + echo -n "$GPG_KEY" | base64 -d | gpg --import || true + env: + GPG_KEY: ${{ secrets.GPG_KEY }} + - name: Install pkger run: | curl -L -o /usr/local/bin/pkger https://github.com/ilya-zlobintsev/pkger/releases/download/v0.11.1/pkger chmod +x /usr/local/bin/pkger - - - name: Build packages + + - name: Build packages (with signing) + if: ${{ contains(matrix.target-os, 'fedora') }} run: pkger -t -c .pkger.yml build ${{ matrix.recipe }} -i ${{ matrix.target-os }} + env: + GPG_KEY_PASSWORD: ${{ secrets.GPG_KEY_PASSWORD }} + + - name: Build packages (without signing) + if: ${{ !contains(matrix.target-os, 'fedora') }} + run: pkger -t -c .pkger.yml build --no-sign ${{ matrix.recipe }} -i ${{ matrix.target-os }} - name: Copy release files run: | @@ -52,6 +66,10 @@ jobs: done popd + - name: Save gpg key + run: | + gpg --armor --export > $PWD/release-artifacts/lact.pubkey + - name: Upload artifacts uses: actions/upload-artifact@v3 with: diff --git a/.pkger.yml b/.pkger.yml index d2abf64e..594b3ddd 100644 --- a/.pkger.yml +++ b/.pkger.yml @@ -4,8 +4,8 @@ output_dir: pkg/output images_dir: pkg/images log_dir: ~ runtime_uri: ~ -gpg_key: ~ -gpg_name: ~ +gpg_key: /tmp/package-signing-key.gpg +gpg_name: Ilya Zlobintsev ssh: ~ images: - name: debian-12