From b7c322d47318439e5384c9492ebd3a7eb9fe5061 Mon Sep 17 00:00:00 2001 From: Ajay Bura Date: Tue, 3 May 2022 16:43:16 +0530 Subject: [PATCH] Sign release tarball with PGP key (#392) --- .github/workflows/prod-deploy.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/prod-deploy.yml b/.github/workflows/prod-deploy.yml index a4d6d76..107abbc 100644 --- a/.github/workflows/prod-deploy.yml +++ b/.github/workflows/prod-deploy.yml @@ -25,11 +25,19 @@ jobs: run: echo ::set-output name=tag::${GITHUB_REF#refs/*/} - name: Create tar.gz run: tar -czvf cinny-${{ steps.vars.outputs.tag }}.tar.gz dist + - name: Sign tar.gz + uses: actionhippie/gpgsign@4e28208b142cae93e1582401dcda1cf79e4f72c0 + with: + private_key: ${{ secrets.GNUPG_KEY }} + passphrase: ${{ secrets.GNUPG_PASSPHRASE }} + detach_sign: true + files: cinny-${{ steps.vars.outputs.tag }}.tar.gz - name: Upload tagged release uses: softprops/action-gh-release@1e07f4398721186383de40550babbdf2b84acfc5 with: files: | cinny-${{ steps.vars.outputs.tag }}.tar.gz + cinny-${{ steps.vars.outputs.tag }}.tar.gz.asc push_to_dockerhub: name: Push Docker image to Docker Hub