Give key passphrase to --detach-sign

artichoke · Jan 3, 2021 · 5401d92 · 5401d92
1 parent bf8fb78
commit 5401d92
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/.github/workflows/nightly.yaml b/.github/workflows/nightly.yaml
@@ -192,14 +192,16 @@ jobs:
             cp "artichoke/target/${{ matrix.target }}/release/artichoke.exe" "$staging/"
             cp "artichoke/target/${{ matrix.target }}/release/airb.exe" "$staging/"
             "/c/Program Files/7-Zip/7z.exe" a "$staging.zip" "$staging"
-            gpg --batch --detach-sign --armor --local-user AF57A37CAC061452 --output "$staging.zip.asc" "$staging.zip"
+            echo "${{ secrets.GPG_SIGNING_KEY_PASSPHRASE }}" | gpg --passphrase-fd 0 --batch --detach-sign --armor --local-user AF57A37CAC061452 --output "$staging.zip.asc" "$staging.zip"
+            gpg --batch --verify "$staging.zip.asc" "$staging.zip"
             echo "::set-output name=asset::$staging.zip"
             echo "::set-output name=content_type::application/zip"
           else
             cp "artichoke/target/${{ matrix.target }}/release/artichoke" "$staging/"
             cp "artichoke/target/${{ matrix.target }}/release/airb" "$staging/"
             tar czf "$staging.tar.gz" "$staging"
-            gpg --batch --detach-sign --armor --local-user AF57A37CAC061452 --output "$staging.tar.gz.asc" "$staging.tar.gz"
+            echo "${{ secrets.GPG_SIGNING_KEY_PASSPHRASE }}" | gpg --passphrase-fd 0 --batch --detach-sign --armor --local-user AF57A37CAC061452 --output "$staging.tar.gz.asc" "$staging.tar.gz"
+            gpg --batch --verify "$staging.zip.asc" "$staging.tar.gz"
             echo "::set-output name=asset::$staging.tar.gz"
             echo "::set-output name=content_type::application/gzip"
           fi