-
Notifications
You must be signed in to change notification settings - Fork 2.7k
47 lines (42 loc) · 1.84 KB
/
signing.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
name: Release Signing
on:
workflow_dispatch:
inputs:
environment:
required: true
type: environment
version:
required: true
jobs:
release-gpg-test:
runs-on: ubuntu-latest
environment:
name: ${{ inputs.environment }}
steps:
- name: Import GPG
id: import_gpg
uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4
with:
gpg_private_key: ${{ secrets.GPG_RELEASE_KEY }}
passphrase: ${{ secrets.GPG_PASSPHRASE }}
- name: Downloading the release
run: |
wget https://github.com/yarnpkg/yarn/releases/download/v${{ inputs.version }}/yarn-v${{ inputs.version }}.tar.gz
wget https://github.com/yarnpkg/yarn/releases/download/v${{ inputs.version }}/yarn-${{ inputs.version }}.js
wget https://github.com/yarnpkg/yarn/releases/download/v${{ inputs.version }}/yarn-legacy-${{ inputs.version }}.js
- name: GPG sign file
run: |
gpg -u ${{ vars.GPG_RELEASE_KEY_ID }} --armor --output yarn-v${{ inputs.version }}.tar.gz.asc --detach-sign yarn-v${{ inputs.version }}.tar.gz
gpg -u ${{ vars.GPG_RELEASE_KEY_ID }} --armor --output yarn-${{ inputs.version }}.js.asc --detach-sign yarn-${{ inputs.version }}.js
gpg -u ${{ vars.GPG_RELEASE_KEY_ID }} --armor --output yarn-legacy-${{ inputs.version }}.js.asc --detach-sign yarn-legacy-${{ inputs.version }}.js
- name: Store signature as artifact
uses: actions/upload-artifact@v3
with:
name: signed
path: |
yarn-v${{ inputs.version }}.tar.gz
yarn-v${{ inputs.version }}.tar.gz.asc
yarn-v${{ inputs.version }}.js
yarn-v${{ inputs.version }}.js.asc
yarn-legacy-${{ inputs.version }}.js
yarn-legacy-${{ inputs.version }}.js.asc