ci: Use custom action to import gpg key

e-breuninger · Jan 23, 2024 · 21957e1 · 21957e1
1 parent 42f34a5
commit 21957e1
Showing 1 changed file with 7 additions and 9 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -14,14 +14,18 @@ jobs:
       id-token: write  # to enable use of OIDC for npm provenance
     runs-on: ubuntu-latest
     container:
-      image: node:lts-alpine3.17
+      image: node:lts-alpine3.19
     env:
       NPM_CACHE_DIR: ~/.cache/npm
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     if: ${{ github.event.workflow_run.conclusion == 'success' }}
     steps:
       - name: Install job dependencies
-        run: apk add tar git
+        run: apk add tar git gpg gpg-agent
+      - name: Import GPG key
+        run: |
+          echo -n "${{ secrets.GPG_PRIVATE_KEY }}" > key.gpg
+          echo "${{ secrets.PASSPHRASE }}" | gpg --batch --yes --passphrase-fd 0 --import key.gpg
       - uses: actions/cache@v4
         with:
           path: ~/.cache
@@ -46,18 +50,12 @@ jobs:
         uses: actions/setup-go@v5
         with:
           go-version: stable
-      - name: Import GPG key
-        id: import_gpg
-        uses: paultyng/[email protected]
-        env:
-          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
-          PASSPHRASE: ${{ secrets.PASSPHRASE }}
       - name: Run GoReleaser
         uses: goreleaser/[email protected]
         with:
           version: latest
           args: release --clean
         env:
-          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
+          GPG_FINGERPRINT: ${{ secrets.FINGERPRINT }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           GPG_PASSWORD: ${{ secrets.PASSPHRASE }}