huoxue1
/
goreleaser-action
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use template in sign.args (#190) 

Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com>
This commit is contained in:
CrazyMax 2020-05-10 18:42:15 +02:00 committed by GitHub
parent 87487e9bbd
commit 92b29cc8ff
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.github/workflows/ci.yaml vendored
View File

@ -72,6 +72,7 @@ jobs:
go-version: 1.14
-
name: Import GPG key
id: import_gpg
uses: crazy-max/ghaction-import-gpg@v1
env:
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY_TEST }}
@ -82,9 +83,13 @@ jobs:
with:
version: latest
args: -f .goreleaser-signing.yml check --debug
env:
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
-
name: GoReleaser
uses: ./
with:
version: latest
args: -f .goreleaser-signing.yml release --skip-publish --rm-dist
env:
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}

2
.goreleaser-signing.yml
View File

@ -37,4 +37,4 @@ checksum:
signs:
-
artifacts: checksum
args: ["--batch", "-u", "27571A53B86AF0C799B38BA77D851EB72D73BDA0", "--output", "${signature}", "--detach-sign", "${artifact}"]
args: ["--batch", "-u", "{{ .Env.GPG_FINGERPRINT }}", "--output", "${signature}", "--detach-sign", "${artifact}"]

6
README.md
View File

@ -97,6 +97,7 @@ If [signing is enabled](https://goreleaser.com/customization/#Signing) in your G
```yaml
-
name: Import GPG key
id: import_gpg
uses: crazy-max/ghaction-import-gpg@v1
env:
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
@ -109,14 +110,15 @@ If [signing is enabled](https://goreleaser.com/customization/#Signing) in your G
args: release --rm-dist
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
```
And reference the userID in your signing configuration:
And reference the fingerprint in your signing configuration using the `GPG_FINGERPRINT` environment variable:
```yaml
signs:
- artifacts: checksum
args: ["--batch", "-u", "<key id, fingerprint, email, ...>", "--output", "${signature}", "--detach-sign", "${artifact}"]
args: ["--batch", "-u", "{{ .Env.GPG_FINGERPRINT }}", "--output", "${signature}", "--detach-sign", "${artifact}"]
```
## Customizing