From ff46788e03abcce3de218f513f3c2ec4b12a4caf Mon Sep 17 00:00:00 2001
From: skang0601 <skang0601@gmail.com>
Date: Wed, 19 Jan 2022 15:33:37 -0600
Subject: [PATCH] ci: add job for importing GPG private key (#122)

* ci: add job for importing GPG private key
---
 .github/workflows/release.yml | 7 ++++++-
 .goreleaser.yml               | 2 +-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 26a0d7a..e15dd7d 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -25,11 +25,16 @@ jobs:
         key: go-mod
     - name: Login to Docker hub
       run: docker login -u ${{ secrets.DOCKER_HUB_USER }} -p ${{ secrets.DOCKER_HUB_PASSWORD }}
+    - name: Import GPG key
+      id: import_gpg
+      uses: crazy-max/ghaction-import-gpg@v4
+      with:
+        gpg_private_key: ${{ secrets.SIGNING_KEY }}
     - uses: goreleaser/goreleaser-action@v2
       with:
         args: release
-        key: ${{ secrets.SIGNING_KEY }}
       env:
         GITHUB_TOKEN: ${{ secrets.NORWOODJ_ORG_TOKEN }}
+        GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
     - if: always()
       run: rm -f ${HOME}/.docker/config.json
diff --git a/.goreleaser.yml b/.goreleaser.yml
index 9fbde5c..105102f 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -37,7 +37,7 @@ changelog:
 
 signs:
 - artifacts: checksum
-  args: ["-u", "57D120E26D60F11E5BFB0B907A86FD2D954253E2", "--output", "${signature}", "--detach-sign", "${artifact}"]
+  args: ["-u", "{{ .ENV.GPG_FINGERPRINT }}", "--output", "${signature}", "--detach-sign", "${artifact}"]
 
 nfpms:
 - vendor: helm-docs