octoleo/syncthing
1
0
Fork 0
mirror of https://github.com/octoleo/syncthing.git synced 2024-12-22 02:48:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

build: sign asc files using ezapt

Browse Source 
And same keys as APT archive
This commit is contained in:
Jakob Borg 2024-12-16 10:14:29 +01:00
parent 811d3752d0
commit fc914f3237
No known key found for this signature in database
1 changed files with 30 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
.github/workflows/build-syncthing.yaml vendored
View File

@ -542,30 +542,43 @@ jobs:
env: env:
STSIGTOOL_PRIVATE_KEY: ${{ secrets.STSIGTOOL_PRIVATE_KEY }} STSIGTOOL_PRIVATE_KEY: ${{ secrets.STSIGTOOL_PRIVATE_KEY }}
- name: Create and sign .asc files - name: Create shasum files
run: | run: |
sudo apt update
sudo apt -y install gnupg
export SIGNING_KEY="$RUNNER_TEMP/gpg-secret.asc"
echo "$GNUPG_SIGNING_KEY_BASE64" | base64 -d > "$SIGNING_KEY"
gpg --import < "$SIGNING_KEY"
pushd packages pushd packages
files=(*.tar.gz *.zip) files=(*.tar.gz *.zip)
sha1sum "${files[@]}" | gpg --clearsign > sha1sum.txt.asc sha1sum "${files[@]}" > sha1sum.txt
sha256sum "${files[@]}" | gpg --clearsign > sha256sum.txt.asc sha256sum "${files[@]}" > sha256sum.txt
gpg --sign --armour --detach syncthing-source-*.tar.gz
popd popd
rm -f "$SIGNING_KEY" .gnupg
version=$(go run build.go version)
echo "VERSION=$version" >> $GITHUB_ENV
- name: Sign shasum files
uses: docker://ghcr.io/kastelo/ezapt:latest
with:
args:
sign
packages/sha1sum.txt packages/sha256sum.txt
env: env:
GNUPG_SIGNING_KEY_BASE64: ${{ secrets.GNUPG_SIGNING_KEY_BASE64 }} EZAPT_KEYRING_BASE64: ${{ secrets.APT_GPG_KEYRING_BASE64 }}
- name: Sign source
uses: docker://ghcr.io/kastelo/ezapt:latest
with:
args:
sign --detach --ascii
packages/syncthing-source-${{ env.VERSION }}.tar.gz
env:
EZAPT_KEYRING_BASE64: ${{ secrets.APT_GPG_KEYRING_BASE64 }}
- name: Archive artifacts - name: Archive artifacts
uses: actions/upload-artifact@v4 uses: actions/upload-artifact@v4
with: with:
name: packages-signed name: packages-signed
path: packages/* path: |
packages/*.tar.gz
packages/*.zip
packages/*.asc
# #
# Debian # Debian
@ -793,19 +806,15 @@ jobs:
with: with:
args: sync objstore:syncthing-apt/dists dists args: sync objstore:syncthing-apt/dists dists
- name: Prepare signing key
run: |
echo "$APT_GPG_KEYRING_BASE64" | base64 -d > keyring.pgp
env:
APT_GPG_KEYRING_BASE64: ${{ secrets.APT_GPG_KEYRING_BASE64 }}
- name: Update archive - name: Update archive
uses: docker://ghcr.io/kastelo/ezapt:latest uses: docker://ghcr.io/kastelo/ezapt:latest
with: with:
args: args:
publish
--add packages --add packages
--dists dists --dists dists
--keyring keyring.pgp env:
EZAPT_KEYRING_BASE64: ${{ secrets.APT_GPG_KEYRING_BASE64 }}
- name: Push archive - name: Push archive
uses: docker://docker.io/rclone/rclone:latest uses: docker://docker.io/rclone/rclone:latest