From 01a932f3e54000e3898ad447ab86efe5cc8b8e91 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=85=8E=E9=A5=BC=E6=9E=9C=E5=AD=90=E5=8D=B7=E9=B2=A8?= =?UTF-8?q?=E9=B1=BC=E8=BE=A3=E6=A4=92?= Date: Mon, 30 Dec 2024 18:18:04 +0800 Subject: [PATCH] chore: enhance GitHub Actions workflows with GPG key input for signing releases - Added an optional input for GPG private key in release.yml to support signing releases. - Updated the conditional check for GPG key import to utilize the new input, improving flexibility and maintainability. - Ensured that the auto-tag workflow inherits secrets for better security practices. --- .github/workflows/auto-tag.yml | 2 ++ .github/workflows/release.yml | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/auto-tag.yml b/.github/workflows/auto-tag.yml index a449eb3..d048f05 100644 --- a/.github/workflows/auto-tag.yml +++ b/.github/workflows/auto-tag.yml @@ -51,4 +51,6 @@ jobs: needs: auto-tag if: success() uses: ./.github/workflows/release.yml + with: + gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} secrets: inherit diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 95e8b34..b31febb 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -40,9 +40,9 @@ jobs: - name: Import GPG key id: import_gpg uses: crazy-max/ghaction-import-gpg@v6 - if: "${{ secrets.GPG_PRIVATE_KEY != '' }}" + if: inputs.gpg_private_key != '' with: - gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + gpg_private_key: ${{ inputs.gpg_private_key }} passphrase: ${{ secrets.PASSPHRASE }} - name: Run GoReleaser