ci: Use custom action to import gpg key

e-breuninger · Jan 23, 2024 · 070c457 · 070c457
1 parent 197699a
commit 070c457
Showing 1 changed file with 6 additions and 8 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -14,14 +14,14 @@ jobs:
       id-token: write  # to enable use of OIDC for npm provenance
     runs-on: ubuntu-latest
     container:
-      image: node:lts-alpine3.17
+      image: node:lts-alpine3.19
     env:
       NPM_CACHE_DIR: ~/.cache/npm
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     if: ${{ github.event.workflow_run.conclusion == 'success' }}
     steps:
       - name: Install job dependencies
-        run: apk add tar git
+        run: apk add tar git gpg gpg-agent
       - uses: actions/cache@v4
         with:
           path: ~/.cache
@@ -47,16 +47,14 @@ jobs:
         with:
           go-version: stable
       - name: Import GPG key
-        id: import_gpg
-        uses: paultyng/[email protected]
-        env:
-          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
-          PASSPHRASE: ${{ secrets.PASSPHRASE }}
+        run: |
+          echo ${{ secrets.GPG_PRIVATE_KEY }} | base64 -d > key.gpg
+          echo ${{ secrets.PASSPHRASE }} | gpg --batch --yes --passphrase-fd 0 --import key.gpg
       - name: Run GoReleaser
         uses: goreleaser/[email protected]
         with:
           version: latest
           args: release --rm-dist
         env:
-          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
+          GPG_FINGERPRINT: ${{ secret.FINGERPRINT }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}