add signing key import to ci

AnyMindGroup · Jul 7, 2024 · bdb79d6 · bdb79d6
1 parent 417a3e8
commit bdb79d6
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -44,6 +44,21 @@ jobs:
         distribution: temurin
         java-version: 21
         cache: sbt
+    - name: Import signing key
+      if: env.PGP_SECRET != '' && env.PGP_PASSPHRASE == ''
+      env:
+        PGP_SECRET: ${{ secrets.PGP_SECRET }}
+        PGP_PASSPHRASE: ${{ secrets.PGP_PASSPHRASE }}
+      run: echo $PGP_SECRET | base64 -d -i - | gpg --import
+    - name: Import signing key and strip passphrase
+      if: env.PGP_SECRET != '' && env.PGP_PASSPHRASE != ''
+      env:
+        PGP_SECRET: ${{ secrets.PGP_SECRET }}
+        PGP_PASSPHRASE: ${{ secrets.PGP_PASSPHRASE }}
+      run: |
+        echo "$PGP_SECRET" | base64 -d -i - > /tmp/signing-key.gpg
+        echo "$PGP_PASSPHRASE" | gpg --pinentry-mode loopback --passphrase-fd 0 --import /tmp/signing-key.gpg
+        (echo "$PGP_PASSPHRASE"; echo; echo) | gpg --command-fd 0 --pinentry-mode loopback --change-passphrase $(gpg --list-secret-keys --with-colons 2> /dev/null | grep '^sec:' | cut --delimiter ':' --fields 5 | tail -n 1)
     - name: Release
       run: sbt '++2.12 publishSigned; sonatypeCentralRelease'
       env: