diff options
author | Jakob Borg <jakob@kastelo.net> | 2023-04-28 11:24:41 +0200 |
---|---|---|
committer | Jakob Borg <jakob@kastelo.net> | 2023-04-28 13:03:25 +0200 |
commit | aa01ff5d50d8025d46d2d06715d1a7d17d151207 (patch) | |
tree | e7c305c24d266173d4e3012ba75ee4361054d734 | |
parent | 63503e0c98cd20baf66890faaf0d83c7a3a0ea5b (diff) | |
download | syncthing-aa01ff5d50d8025d46d2d06715d1a7d17d151207.tar.gz syncthing-aa01ff5d50d8025d46d2d06715d1a7d17d151207.zip |
build: Sign for upgrades
-rw-r--r-- | .github/workflows/build-syncthing.yaml | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/.github/workflows/build-syncthing.yaml b/.github/workflows/build-syncthing.yaml index 32745c5da..87c2f199b 100644 --- a/.github/workflows/build-syncthing.yaml +++ b/.github/workflows/build-syncthing.yaml @@ -409,3 +409,53 @@ jobs: with: name: packages-source path: syncthing-source-*.tar.gz + + # + # Sign binaries for auto upgrade + # + + sign-for-upgrade: + name: Sign for upgrade + if: github.event_name == 'push' && (github.ref == 'refs/heads/release' || startsWith(github.ref, 'refs/heads/release-')) + environment: signing + needs: + - package-windows + - package-linux + - package-macos + - package-cross + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - uses: actions/checkout@v3 + with: + repository: syncthing/release-tools + path: tools + fetch-depth: 0 + + - name: Download artifacts + uses: actions/download-artifact@v3 + + - name: Install signing tool + run: | + go install ./cmd/stsigtool + + - name: Sign archives + run: | + export PRIVATE_KEY="$RUNNER_TEMP/privkey.pem" + export PATH="$PATH:$(go env GOPATH)/bin" + echo "$STSIGTOOL_PRIVATE_KEY" | base64 -d > "$PRIVATE_KEY" + mkdir packages + mv packages-*/* packages + pushd packages + "$GITHUB_WORKSPACE/tools/sign-only" + env: + STSIGTOOL_PRIVATE_KEY: ${{ secrets.STSIGTOOL_PRIVATE_KEY }} + + - name: Archive artifacts + uses: actions/upload-artifact@v3 + with: + name: packages-signed + path: packages/* |