From 92b29cc8ff38afbea92a8c5be065c65e45c03d39 Mon Sep 17 00:00:00 2001
From: CrazyMax <1951866+crazy-max@users.noreply.github.com>
Date: Sun, 10 May 2020 18:42:15 +0200
Subject: [PATCH] Use template in sign.args (#190)

Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com>
---
 .github/workflows/ci.yaml | 5 +++++
 .goreleaser-signing.yml   | 2 +-
 README.md                 | 6 ++++--
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 3f67d05..7f63e5f 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -72,6 +72,7 @@ jobs:
           go-version: 1.14
       -
         name: Import GPG key
+        id: import_gpg
         uses: crazy-max/ghaction-import-gpg@v1
         env:
           GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY_TEST }}
@@ -82,9 +83,13 @@ jobs:
         with:
           version: latest
           args: -f .goreleaser-signing.yml check --debug
+        env:
+          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
       -
         name: GoReleaser
         uses: ./
         with:
           version: latest
           args: -f .goreleaser-signing.yml release --skip-publish --rm-dist
+        env:
+          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
diff --git a/.goreleaser-signing.yml b/.goreleaser-signing.yml
index 6f8091f..91995cf 100644
--- a/.goreleaser-signing.yml
+++ b/.goreleaser-signing.yml
@@ -37,4 +37,4 @@ checksum:
 signs:
   -
     artifacts: checksum
-    args: ["--batch", "-u", "27571A53B86AF0C799B38BA77D851EB72D73BDA0", "--output", "${signature}", "--detach-sign", "${artifact}"]
+    args: ["--batch", "-u", "{{ .Env.GPG_FINGERPRINT }}", "--output", "${signature}", "--detach-sign", "${artifact}"]
diff --git a/README.md b/README.md
index eb38c5a..98b329a 100644
--- a/README.md
+++ b/README.md
@@ -97,6 +97,7 @@ If [signing is enabled](https://goreleaser.com/customization/#Signing) in your G
 ```yaml
       -
         name: Import GPG key
+        id: import_gpg
         uses: crazy-max/ghaction-import-gpg@v1
         env:
           GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
@@ -109,14 +110,15 @@ If [signing is enabled](https://goreleaser.com/customization/#Signing) in your G
           args: release --rm-dist
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
 ```
 
-And reference the userID in your signing configuration:
+And reference the fingerprint in your signing configuration using the `GPG_FINGERPRINT` environment variable:
 
 ```yaml
 signs:
   - artifacts: checksum
-    args: ["--batch", "-u", "<key id, fingerprint, email, ...>", "--output", "${signature}", "--detach-sign", "${artifact}"]
+    args: ["--batch", "-u", "{{ .Env.GPG_FINGERPRINT }}", "--output", "${signature}", "--detach-sign", "${artifact}"]
 ```
 
 ## Customizing