Artifact signing (#2)

This commit is contained in:
Gavin Cabbage 2019-09-26 08:17:18 -04:00 committed by CrazyMax
parent bb450e4e69
commit be0c56834b
4 changed files with 38 additions and 0 deletions

View File

@ -37,6 +37,7 @@ jobs:
with:
version: latest
args: release --rm-dist
key: ${{ secrets.YOUR_PRIVATE_KEY }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
```
@ -51,6 +52,20 @@ Following inputs can be used as `step.with` keys
|---------------|---------|-----------|------------------------------------------|
| `version` | String | `latest` | GoReleaser version. Example: `v0.117.0` |
| `args` | String | | Arguments to pass to GoReleaser |
| `key` | String | | Private key to import
### Signing
If signing is enabled in your GoReleaser configuration, populate the `key` input with your private key
and reference the key in your signing configuration, e.g.
```
signs:
- artifacts: checksum
args: ["--batch", "-u", "<key id, fingerprint, email, ...>", "--output", "${signature}", "--detach-sign", "${artifact}"]
```
This feature is currently only compatible when using the default `gpg` command and a private key without a passphrase.
## 🤝 How can I help ?

View File

@ -12,6 +12,8 @@ inputs:
default: 'latest'
args:
description: 'Arguments to pass to GoReleaser'
key:
description: 'Private key to import'
runs:
using: 'node12'

View File

@ -19,11 +19,13 @@ Object.defineProperty(exports, "__esModule", { value: true });
const installer = __importStar(require("./installer"));
const core = __importStar(require("@actions/core"));
const exec = __importStar(require("@actions/exec"));
const fs = __importStar(require("fs"));
function run(silent) {
return __awaiter(this, void 0, void 0, function* () {
try {
const version = core.getInput('version') || 'latest';
const args = core.getInput('args');
const key = core.getInput('key');
const goreleaser = yield installer.getGoReleaser(version);
let snapshot = '';
if (!process.env.GITHUB_REF ||
@ -36,6 +38,14 @@ function run(silent) {
else {
console.log(`${process.env.GITHUB_REF.split('/')[2]} tag found`);
}
if (key) {
console.log('🔑 Importing signing key...');
let path = `${process.env.HOME}/key.asc`;
fs.writeFileSync(path, key, { mode: 0o600 });
yield exec.exec('gpg', ['--import', path], {
silent: silent
});
}
console.log('🏃 Running GoReleaser...');
yield exec.exec(`${goreleaser} ${args}${snapshot}`, undefined, {
silent: silent

View File

@ -1,11 +1,13 @@
import * as installer from './installer';
import * as core from '@actions/core';
import * as exec from '@actions/exec';
import * as fs from 'fs';
export async function run(silent?: boolean) {
try {
const version = core.getInput('version') || 'latest';
const args = core.getInput('args');
const key = core.getInput('key');
const goreleaser = await installer.getGoReleaser(version);
let snapshot = '';
@ -21,6 +23,15 @@ export async function run(silent?: boolean) {
console.log(`${process.env.GITHUB_REF!.split('/')[2]} tag found`);
}
if (key) {
console.log('🔑 Importing signing key...');
let path = `${process.env.HOME}/key.asc`;
fs.writeFileSync(path, key, {mode: 0o600})
await exec.exec('gpg', ['--import', path], {
silent: silent
})
}
console.log('🏃 Running GoReleaser...');
await exec.exec(`${goreleaser} ${args}${snapshot}`, undefined, {
silent: silent