From 7a3c3c12637cb9da3e37a637ff9490bca69266d2 Mon Sep 17 00:00:00 2001
From: Ryan Scott <rscott@galois.com>
Date: Thu, 19 May 2022 11:35:56 -0400
Subject: [PATCH] CI: Use modern GPG keys

Most of the changes are in GitHub's secret values. The only thing that must
change in the code is the name of the key we search for.

Fixes #1668.
---
 .github/ci.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/ci.sh b/.github/ci.sh
index 815cad43bb..404e10af13 100755
--- a/.github/ci.sh
+++ b/.github/ci.sh
@@ -104,9 +104,11 @@ bundle_files() {
 }
 
 sign() {
+  # This is surrounded with `set +x; ...; set -x` to disable printing out
+  # statements that could leak GPG-related secrets.
   set +x
   gpg --batch --import <(echo "$SIGNING_KEY")
-  fingerprint="$(gpg --list-keys | grep galois -a1 | head -n1 | awk '{$1=$1};1')"
+  fingerprint="$(gpg --list-keys | grep Galois -a1 | head -n1 | awk '{$1=$1};1')"
   echo "$fingerprint:6" | gpg --import-ownertrust
   gpg --yes --no-tty --batch --pinentry-mode loopback --default-key "$fingerprint" --detach-sign -o "$1".sig --passphrase-file <(echo "$SIGNING_PASSPHRASE") "$1"
   set -x