diff options
author | Jakob Borg <jakob@kastelo.net> | 2023-06-06 12:53:10 +0200 |
---|---|---|
committer | Jakob Borg <jakob@kastelo.net> | 2023-06-06 13:58:44 +0200 |
commit | 88da67d7c3a69b9b51cbb79a739552fee28dc12e (patch) | |
tree | 4e52ca99592b35312b1fabc3306cd8d977ba64ad | |
parent | 1f07e05470a495671d704b107a8ea187297d4f03 (diff) | |
download | syncthing-88da67d7c3a69b9b51cbb79a739552fee28dc12e.tar.gz syncthing-88da67d7c3a69b9b51cbb79a739552fee28dc12e.zip |
build: Generate .asc files for release packages (fixes #8897)
-rw-r--r-- | .github/workflows/build-syncthing.yaml | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/.github/workflows/build-syncthing.yaml b/.github/workflows/build-syncthing.yaml index 5ec8df7cc..7669978eb 100644 --- a/.github/workflows/build-syncthing.yaml +++ b/.github/workflows/build-syncthing.yaml @@ -419,7 +419,7 @@ jobs: path: syncthing-source-*.tar.gz # - # Sign binaries for auto upgrade + # Sign binaries for auto upgrade, generate ASC signature files # sign-for-upgrade: @@ -432,6 +432,7 @@ jobs: - package-linux - package-macos - package-cross + - package-source runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 @@ -460,9 +461,29 @@ jobs: mv packages-*/* packages pushd packages "$GITHUB_WORKSPACE/tools/sign-only" + rm -f "$PRIVATE_KEY" env: STSIGTOOL_PRIVATE_KEY: ${{ secrets.STSIGTOOL_PRIVATE_KEY }} + - name: Create and sign .asc files + run: | + sudo apt update + sudo apt -y install gnupg + + export SIGNING_KEY="$RUNNER_TEMP/gpg-secret.asc" + echo "$GNUPG_SIGNING_KEY_BASE64" | base64 -d > "$SIGNING_KEY" + gpg --import < "$SIGNING_KEY" + + pushd packages + files=(*.tar.gz *.zip) + sha1sum "${files[@]}" | gpg --clearsign > sha1sum.txt.asc + sha256sum "${files[@]}" | gpg --clearsign > sha256sum.txt.asc + gpg --sign --armour --detach syncthing-source-*.tar.gz + popd + rm -f "$SIGNING_KEY" .gnupg + env: + GNUPG_SIGNING_KEY_BASE64: ${{ secrets.GNUPG_SIGNING_KEY_BASE64 }} + - name: Archive artifacts uses: actions/upload-artifact@v3 with: |