set gpg

Author: yuzelin

.github/workflows/create-source-release.yml

@@ -26,11 +26,19 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v2
 
+      - name: Setup GPG
+        run: |
+          mkdir -p ~/.gnupg
+          echo "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --batch --import --yes
+          echo "use-agent" >> ~/.gnupg/gpg.conf
+          echo "pinentry-program /usr/bin/pinentry" >> ~/.gnupg/gpg-agent.conf
+          echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf
+
       - name: Create source release
         run: |
           mkdir -p output
           chmod +x tools/releasing/create_source_release.sh
-          OUTPUT_DIR=output tools/releasing/create_source_release.sh          
+          OUTPUT_DIR=output GPG_PASSPHRASE=${{ secrets.GPG_PASSPHRASE }} tools/releasing/create_source_release.sh          
 
       - name: Upload source release
         uses: actions/upload-artifact@v4

tools/releasing/create_source_release.sh

@@ -18,15 +18,21 @@
 #
 
 ##
-## set output directory
+## set build vars
 ##
 OUTPUT_DIR=${OUTPUT_DIR}
+GPG_PASSPHRASE=${GPG_PASSPHRASE}
 
 if [ -z "${OUTPUT_DIR}" ]; then
 	echo "OUTPUT_DIR was not set"
 	exit 1
 fi
 
+if [ -z "${GPG_PASSPHRASE}" ]; then
+	echo "GPG_PASSPHRASE was not set"
+	exit 1
+fi
+
 # fail immediately
 set -o errexit
 set -o nounset
@@ -88,7 +94,7 @@ cp "dist/${WHEEL_FILE_NAME}" "${OUTPUT_DIR}/${WHEEL_FILE_NAME}"
 cd ${OUTPUT_DIR}
 
 # Sign sha the wheel package
-gpg --armor --detach-sig ${WHEEL_FILE_NAME}
+gpg --batch --yes --pinentry-mode loopback --passphrase=GPG_PASSPHRASE --armor --detach-sign --armor ${WHEEL_FILE_NAME}
 $SHASUM ${WHEEL_FILE_NAME} > "${WHEEL_FILE_NAME}.sha512"
 
 rm -rf DEPS_DIR