Skip to content

Commit

Permalink
CI: Always sign binary artifacts, not just for releases
Browse files Browse the repository at this point in the history 
Fixes #1669.
  • Loading branch information
@RyanGlScott
RyanGlScott committed May 19, 2022
1 parent 305d728 commit 34ced4e
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 2 deletions.
2 changes: 2 additions & 0 deletions .github/ci.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,10 +104,12 @@ bundle_files() {
}

sign() {
set +x
gpg --batch --import <(echo "$SIGNING_KEY")
fingerprint="$(gpg --list-keys | grep galois -a1 | head -n1 | awk '{$1=$1};1')"
echo "$fingerprint:6" | gpg --import-ownertrust
gpg --yes --no-tty --batch --pinentry-mode loopback --default-key "$fingerprint" --detach-sign -o "$1".sig --passphrase-file <(echo "$SIGNING_PASSPHRASE") "$1"
set -x
}

zip_dist() {
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -156,14 +156,14 @@ jobs:
- shell: bash
run: .github/ci.sh zip_dist_with_solvers $NAME-with-solvers

- if: matrix.ghc == '8.10.7' && needs.config.outputs.release == 'true'
- if: matrix.ghc == '8.10.7'
shell: bash
env:
SIGNING_PASSPHRASE: ${{ secrets.SIGNING_PASSPHRASE }}
SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
run: .github/ci.sh sign $NAME.tar.gz

- if: matrix.ghc == '8.10.7' && needs.config.outputs.release == 'true'
- if: matrix.ghc == '8.10.7'
shell: bash
env:
SIGNING_PASSPHRASE: ${{ secrets.SIGNING_PASSPHRASE }}
Expand Down

0 comments on commit 34ced4e

Please sign in to comment.