From 515ae3f48b725a88f4803a60ba186da209fca458 Mon Sep 17 00:00:00 2001 From: Sarah Date: Mon, 10 May 2021 12:53:34 +0100 Subject: [PATCH] Use decrypted key for signing/remove import_gpg action as it's not working with the new gpg key due to https://github.com/crazy-max/ghaction-import-gpg/issues/58 --- .github/workflows/release.yml | 10 +++------- .goreleaser.yml | 1 + 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d58acd5..47977e9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -29,18 +29,14 @@ jobs: - name: Describe plugin id: plugin_describe run: echo "::set-output name=api_version::$(go run . describe | jq -r '.api_version')" - - name: Import GPG key - id: import_gpg - uses: hashicorp/ghaction-import-gpg@v2.1.0 - env: - GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} - PASSPHRASE: ${{ secrets.PASSPHRASE }} + - name: Import key for archive signing + run: echo -e "${{ secrets.GPG_PRIVATE_KEY_DECRYPTED }}" | gpg --import --batch --no-tty - name: Run GoReleaser uses: goreleaser/goreleaser-action@v2 with: version: latest args: release --rm-dist env: - GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }} + GPG_FINGERPRINT: ${{ secrets.GPG_PUBLIC_KEY_ID }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} API_VERSION: ${{ steps.plugin_describe.outputs.api_version }} diff --git a/.goreleaser.yml b/.goreleaser.yml index 3a99aa8..1a610dd 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -67,6 +67,7 @@ signs: # if you are using this is in a GitHub action or some other automated pipeline, you # need to pass the batch flag to indicate its not interactive. - "--batch" + - "--no-tty" - "--local-user" - "{{ .Env.GPG_FINGERPRINT }}" - "--output"