Use decrypted key for signing/remove import_gpg action as it's not wo…

…rking with the new gpg key due to crazy-max/ghaction-import-gpg#58
hashicorp · May 10, 2021 · 515ae3f · 515ae3f
1 parent 31f6f83
commit 515ae3f
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 7 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -29,18 +29,14 @@ jobs:
       - name: Describe plugin
         id: plugin_describe
         run: echo "::set-output name=api_version::$(go run . describe | jq -r '.api_version')"
-      - name: Import GPG key
-        id: import_gpg
-        uses: hashicorp/ghaction-import-gpg@v2.1.0
-        env:
-          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
-          PASSPHRASE: ${{ secrets.PASSPHRASE }}
+      - name: Import key for archive signing
+        run: echo -e "${{ secrets.GPG_PRIVATE_KEY_DECRYPTED }}" | gpg --import --batch --no-tty
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v2
         with:
           version: latest
           args: release --rm-dist
         env:
-          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
+          GPG_FINGERPRINT: ${{ secrets.GPG_PUBLIC_KEY_ID }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           API_VERSION: ${{ steps.plugin_describe.outputs.api_version }}
diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -67,6 +67,7 @@ signs:
       # if you are using this is in a GitHub action or some other automated pipeline, you
       # need to pass the batch flag to indicate its not interactive.
       - "--batch"
+      - "--no-tty"
       - "--local-user"
       - "{{ .Env.GPG_FINGERPRINT }}"
       - "--output"