fix: move gpg to file

Signed-off-by: Mateusz Urbanek <[email protected]>
anza-labs · Oct 31, 2024 · 030fcfe · 030fcfe
1 parent 9c8539a
commit 030fcfe
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 8 deletions.
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -23,14 +23,10 @@ jobs:
             ffb60bb8-8422-4d3b-95a1-b20700fb5232 > GPG_PASSPHRASE
       - name: Prepare GPG key
         run: |
-          gpg_dir=.cr-gpg
-          mkdir "$gpg_dir"
-          keyring="$gpg_dir/secring.gpg"
-          base64 -d <<< "$GPG_KEYRING_BASE64" > "$keyring"
-          passphrase_file="$gpg_dir/passphrase"
-          echo "$GPG_PASSPHRASE" > "$passphrase_file"
-          echo "CR_PASSPHRASE_FILE=$passphrase_file" >> "$GITHUB_ENV"
-          echo "CR_KEYRING=$keyring" >> "$GITHUB_ENV"
+          ./hack/gpg.sh \
+            "${GPG_KEYRING_BASE64}" \
+            "${GPG_PASSPHRASE}" \
+            "${GITHUB_ENV}"
       - uses: azure/setup-helm@v4
         with:
           token: ${{ secrets.GITHUB_TOKEN }}

diff --git a/hack/gpg.sh b/hack/gpg.sh
@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+
+set -eou
+
+GPG_KEYRING_BASE64="$1"
+GPG_PASSPHRASE="$2"
+GITHUB_ENV="$3"
+
+gpg_dir=.cr-gpg
+rm -rf "$gpg_dir"
+mkdir "$gpg_dir"
+keyring="$gpg_dir/secring.gpg"
+base64 -d <<< "${GPG_KEYRING_BASE64:?Keyring not set or empty}" > "$keyring"
+passphrase_file="$gpg_dir/passphrase"
+echo -n "${GPG_PASSPHRASE:?Passphrase not set or empty}" > "$passphrase_file"
+echo "CR_PASSPHRASE_FILE=$passphrase_file" >> "$GITHUB_ENV"
+echo "CR_KEYRING=$keyring" >> "$GITHUB_ENV"