diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0ec531d5..f8ffed3e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -48,16 +48,18 @@ jobs: - name: Describe plugin id: plugin_describe run: echo "api_version=$(go run . describe | jq -r '.api_version')" >> "$GITHUB_OUTPUT" - - name: Install signore - uses: hashicorp/setup-signore-package@v1 + - name: Import GPG key + id: import_gpg + uses: crazy-max/ghaction-import-gpg@111c56156bcc6918c056dbef52164cfa583dc549 # v5.2.0 + with: + gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.GPG_PASSPHRASE }} - name: Run GoReleaser uses: goreleaser/goreleaser-action@f82d6c1c344bcacabba2c841718984797f664a6b # v4.2.0 with: version: latest args: release --clean --timeout 120m env: + GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} API_VERSION: ${{ steps.plugin_describe.outputs.api_version }} - SIGNORE_CLIENT_ID: ${{ secrets.SIGNORE_CLIENT_ID }} - SIGNORE_CLIENT_SECRET: ${{ secrets.SIGNORE_CLIENT_SECRET }} - SIGNORE_SIGNER: ${{ secrets.SIGNORE_SIGNER }} diff --git a/.goreleaser.yml b/.goreleaser.yml index f9dbc171..259569df 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -91,10 +91,16 @@ checksum: name_template: '{{ .ProjectName }}_v{{ .Version }}_SHA256SUMS' algorithm: sha256 signs: - - cmd: signore - args: ["sign", "--dearmor", "--file", "${artifact}", "--out", "${signature}"] - artifacts: checksum - signature: ${artifact}.sig - + - artifacts: checksum + args: + # if you are using this is in a GitHub action or some other automated pipeline, you + # need to pass the batch flag to indicate its not interactive. + - "--batch" + - "--local-user" + - "{{ .Env.GPG_FINGERPRINT }}" + - "--output" + - "${signature}" + - "--detach-sign" + - "${artifact}" changelog: use: github-native