GH workflows for build + sign + release

adborden · May 2, 2021 · 21ac33d · 21ac33d
1 parent 7c26391
commit 21ac33d
Show file tree

Hide file tree

Showing 4 changed files with 44 additions and 2 deletions.
diff --git a/.github/workflows/commit.yml b/.github/workflows/commit.yml
@@ -0,0 +1,12 @@
+---
+name: commit
+on:
+  push:
+
+jobs:
+  build:
+    name: build
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - run: make build
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,25 @@
+---
+name: release
+on:
+  push:
+    tags:
+      - v*
+
+jobs:
+  release:
+    name: release
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: import GPG key
+        id: import_gpg
+        uses: crazy-max/ghaction-import-gpg@v3
+        with:
+          gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
+      - run: make build sign
+      - name: release
+        uses: softprops/action-gh-release@v1
+        with:
+          draft: true
+          files: |
+            build/*
diff --git a/Makefile b/Makefile
@@ -1,10 +1,13 @@
 build:
 	packer build -var build_id=$(shell git rev-parse HEAD) example.pkr.hcl
+
+
+sign:
 	gpg --detach-sign build/SHA256SUMS.txt
 	gpg --detach-sign build/manifest.json
 
 clean:
 	rm -rf build
 
 
-.PHONY: build clean
+.PHONY: build clean sign
diff --git a/README.md b/README.md
@@ -4,7 +4,9 @@ Example showing how to sign and publish packer artifacts.
 
 Example shows two builds (each producing a single text file). Using
 post-processors, we compress each artifact, record checksums and a manifest, and
-then sign the resulting files.
+then sign the resulting files. The artifacts, checksum, and manifest are uploaded
+as a GitHub release.
+
 
 ## Usage