From 32a30afaebd148f12fa481acd89912634fb8f389 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=85=8E=E9=A5=BC=E6=9E=9C=E5=AD=90=E5=8D=B7=E9=B2=A8?= =?UTF-8?q?=E9=B1=BC=E8=BE=A3=E6=A4=92?= Date: Mon, 30 Dec 2024 18:35:17 +0800 Subject: [PATCH] chore: enhance GoReleaser and GitHub Actions workflows for GPG signing - Added GPG signing configuration in .goreleaser.yml to support artifact signing for all artifacts. - Updated release.yml to enforce GPG signing by setting global Git configuration options for signing commits and tags. - Improved the signing process by utilizing the GPG fingerprint from environment variables, enhancing security and flexibility. --- .github/workflows/release.yml | 4 ++++ .goreleaser.yml | 21 ++++++++++++--------- 2 files changed, 16 insertions(+), 9 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1a7bf1c..aee0535 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -43,6 +43,10 @@ jobs: with: gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} passphrase: ${{ secrets.PASSPHRASE }} + git_config_global: true + git_user_signingkey: true + git_commit_gpgsign: true + git_tag_gpgsign: true - name: Run GoReleaser uses: goreleaser/goreleaser-action@v4 diff --git a/.goreleaser.yml b/.goreleaser.yml index 690aaf4..90bee67 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -42,6 +42,18 @@ checksum: name_template: 'checksums.txt' algorithm: sha256 +signs: + - cmd: gpg + args: + - "--batch" + - "--local-user" + - "{{ .Env.GPG_FINGERPRINT }}" + - "--output" + - "${signature}" + - "--detach-sign" + - "${artifact}" + artifacts: all + changelog: sort: asc use: github @@ -95,12 +107,3 @@ release: snapshot: name_template: "{{ incpatch .Version }}-next" - -signs: - - cmd: gpg - args: - - "--output" - - "${signature}" - - "--detach-sign" - - "${artifact}" - artifacts: checksum