feat: enable GPG signing (ENT-12)

netbox-community · May 3, 2024 · 755fb53 · 755fb53
1 parent 844ba5c
commit 755fb53
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 16 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -52,5 +52,7 @@ jobs:
       contents: write
       packages: write
       id-token: write
-    # secrets:
-    #   GPG_KEY_BASE64: ${{ secrets.GPG_KEY_BASE64 }}
+    secrets:
+      CR_KEY: ${{ secrets.GPG_KEY_ID }}
+      GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+      GPG_KEY_BASE64: ${{ secrets.GPG_KEY_BASE64 }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -5,10 +5,16 @@ name: Release
 
 on:
   workflow_call:
-    # secrets:
-    #   GPG_KEY_BASE64:
-    #     required: true
-    #     description: GPG key for signing
+    secrets:
+      GPG_KEY_BASE64:
+        required: true
+        description: GPG key for signing
+      GPG_KEY_ID:
+        required: true
+        description: the GPG key ID for signing
+      GPG_PASSPHRASE:
+        required: true
+        description: passphrase for the signing key
 
 jobs:
   publish:
@@ -29,15 +35,19 @@ jobs:
           git config user.name "$GITHUB_ACTOR"
           git config user.email "[email protected]"
 
-      # - name: Prepare GPG key
-      #   run: |
-      #     gpg_dir=.cr-gpg
-      #     mkdir "$gpg_dir"
-      #     keyring="$gpg_dir/secring.gpg"
-      #     base64 -d <<< "$GPG_KEY_BASE64" > "$keyring"
-      #     echo "CR_KEYRING=$keyring" >> "$GITHUB_ENV"
-      #   env:
-      #     GPG_KEY_BASE64: ${{ secrets.GPG_KEY_BASE64 }}
+      - name: Prepare GPG key
+        run: |
+          gpg_dir=.cr-gpg
+          mkdir "$gpg_dir"
+          keyring="$gpg_dir/secring.gpg"
+          base64 -d <<< "$GPG_KEY_BASE64" > "$keyring"
+          passphrase_file="$gpg_dir/passphrase"
+          echo "$GPG_PASSPHRASE" > "$passphrase_file"
+          echo "CR_PASSPHRASE_FILE=$passphrase_file" >> "$GITHUB_ENV"
+          echo "CR_KEYRING=$keyring" >> "$GITHUB_ENV"
+        env:
+          GPG_KEY_BASE64: "${{ secrets.GPG_KEY_BASE64 }}"
+          GPG_PASSPHRASE: "${{ secrets.GPG_PASSPHRASE }}"
 
       - name: Install Helm
         uses: azure/[email protected]
@@ -50,7 +60,9 @@ jobs:
         with:
           config: config.yaml
         env:
-          CR_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+          CR_KEY: "${{ secrets.GPG_KEY_ID }}"
+          CR_SIGN: true
 
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v3