Skip to content

Commit

Permalink
Merge pull request #1356 from GaloisInc/ci-improvements
Browse files Browse the repository at this point in the history
CI: Improve signing and tag workflows
  • Loading branch information
RyanGlScott authored May 19, 2022
2 parents bdaa8a8 + e630fbe commit 34bd329
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 6 deletions.
6 changes: 5 additions & 1 deletion .github/ci.sh
Original file line number Diff line number Diff line change
Expand Up @@ -109,10 +109,14 @@ bundle_files() {
}

sign() {
# This is surrounded with `set +x; ...; set -x` to disable printing out
# statements that could leak GPG-related secrets.
set +x
gpg --batch --import <(echo "$SIGNING_KEY")
fingerprint="$(gpg --list-keys | grep galois -a1 | head -n1 | awk '{$1=$1};1')"
fingerprint="$(gpg --list-keys | grep Galois -a1 | head -n1 | awk '{$1=$1};1')"
echo "$fingerprint:6" | gpg --import-ownertrust
gpg --yes --no-tty --batch --pinentry-mode loopback --default-key "$fingerprint" --detach-sign -o "$1".sig --passphrase-file <(echo "$SIGNING_PASSPHRASE") "$1"
set -x
}

zip_dist() {
Expand Down
9 changes: 4 additions & 5 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
name: Cryptol
on:
push:
tags: ["?[0-9]+.[0-9]+(.[0-9]+)?"]
tags: ["[0-9]+.[0-9]+(.[0-9]+)?"]
branches: [master, "release-**"]
pull_request:
schedule:
Expand Down Expand Up @@ -158,7 +158,7 @@ jobs:
- if: runner.os == 'Windows'
run: .github/wix.ps1

- if: needs.config.outputs.release == 'true' && runner.os == 'Windows'
- if: runner.os == 'Windows'
shell: bash
env:
SIGNING_PASSPHRASE: ${{ secrets.SIGNING_PASSPHRASE }}
Expand All @@ -181,8 +181,7 @@ jobs:
env:
OS_TAG: ${{ matrix.os }}

- if: needs.config.outputs.release == 'true'
shell: bash
- shell: bash
env:
SIGNING_PASSPHRASE: ${{ secrets.SIGNING_PASSPHRASE }}
SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
Expand Down Expand Up @@ -312,7 +311,7 @@ jobs:
build-push-image:
runs-on: ubuntu-20.04
needs: [config]
if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' || needs.config.outputs.release == 'true'
strategy:
fail-fast: false
matrix:
Expand Down

0 comments on commit 34bd329

Please sign in to comment.