From 6e854976031adcffbc7b881906641cf79c78dc1a Mon Sep 17 00:00:00 2001
From: Aaron D Borden <adborden@a14n.net>
Date: Sat, 1 May 2021 20:10:40 -0700
Subject: [PATCH] Manually setup/import gpg key

GH action doesn't support sign-only keys.

[1]: https://github.com/crazy-max/ghaction-import-gpg/issues/58
---
 .github/workflows/release.yml | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 26e5d63..c812ff3 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -11,11 +11,14 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
-      - name: import GPG key
-        id: import_gpg
-        uses: crazy-max/ghaction-import-gpg@v3
-        with:
-          gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
+      - name: import GPG signing key
+        run: |
+          gpg-agent --daemon
+
+          private_key=$(mktemp)
+          echo '${{ secrets.GPG_PRIVATE_KEY }}' > $private_key
+          gpg --import $private_key
+          rm $private_key
       - run: make build sign
       - name: release
         uses: softprops/action-gh-release@v1