Skip to content

Commit 875de78

Browse files
committed
sign the release checksum artifact
1 parent fe8eafe commit 875de78

File tree

4 files changed

+22
-2
lines changed

4 files changed

+22
-2
lines changed

.github/workflows/build.yml

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ jobs:
77
steps:
88
- name: Configure git
99
run: git config --global core.autocrlf false
10-
- uses: actions/checkout@v5
10+
- uses: actions/checkout@v6
1111
with:
1212
fetch-depth: 0
1313
- uses: actions/setup-go@v6
@@ -18,9 +18,16 @@ jobs:
1818
with:
1919
install: make tar zip unzip
2020
path-type: inherit
21+
- name: Import GPG key
22+
id: import_gpg
23+
uses: crazy-max/ghaction-import-gpg@v6
24+
with:
25+
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
26+
passphrase: ${{ secrets.GPG_PASSPHRASE }}
2127
- name: Build
2228
env:
2329
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
30+
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
2431
run: msys2 ./ci-release.sh
2532
- name: Archive
2633
uses: actions/upload-artifact@v4

.goreleaser.yml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,3 +38,13 @@ archives:
3838
checksum:
3939
name_template: '{{ .ProjectName }}_v{{ .Version }}_SHA256SUMS'
4040
algorithm: sha256
41+
signs:
42+
- artifacts: checksum
43+
args:
44+
- --batch
45+
- --local-user
46+
- "{{ .Env.GPG_FINGERPRINT }}"
47+
- --output
48+
- ${signature}
49+
- --detach-sign
50+
- ${artifact}

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ Configure your packer template to require a [release version of the plugin](http
1414
packer {
1515
required_plugins {
1616
windows-update = {
17-
version = "0.17.1"
17+
version = "0.17.2"
1818
source = "github.com/rgl/windows-update"
1919
}
2020
}

ci-release.sh

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,9 @@ make update/provisioner.hcl2spec.go
88
git diff --exit-code update/provisioner.hcl2spec.go \
99
|| (echo 'ERROR: You must re-generate update/provisioner.hcl2spec.go and commit the changes.' && exit 1)
1010

11+
# point the msys2 user gpg home to the one managed by the crazy-max/ghaction-import-gpg github action.
12+
ln -s /c/Users/runneradmin/.gnupg ~/.gnupg
13+
1114
# do the release.
1215
if [[ $GITHUB_REF == refs/tags/v* ]]; then
1316
make release

0 commit comments

Comments
 (0)