Skip to content

Commit

Permalink
ci: add gpg signing for RPM packages (#4056)
Browse files Browse the repository at this point in the history
  • Loading branch information
afdesk authored Apr 14, 2023
1 parent b608b11 commit ff1c43a
Show file tree
Hide file tree
Showing 4 changed files with 19 additions and 2 deletions.
12 changes: 12 additions & 0 deletions .github/workflows/reusable-release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -75,13 +75,25 @@ jobs:
args: mod -licenses -json -output bom.json
version: ^v1

- name: "save gpg key"
env:
GPG_KEY: ${{ secrets.GPG_KEY }}
run: |
echo "$GPG_KEY" > gpg.key
- name: GoReleaser
uses: goreleaser/goreleaser-action@v4
with:
version: v1.16.2
args: release -f=${{ inputs.goreleaser_config}} ${{ inputs.goreleaser_options}}
env:
GITHUB_TOKEN: ${{ secrets.ORG_REPO_TOKEN }}
NFPM_DEFAULT_RPM_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
GPG_FILE: "gpg.key"

- name: "remove gpg key"
run: |
rm gpg.key
# Push images to registries (only for canary build)
# The custom Dockerfile.canary is necessary
Expand Down
3 changes: 2 additions & 1 deletion .github/workflows/test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -134,4 +134,5 @@ jobs:
with:
version: v1.16.2
args: release --skip-sign --snapshot --clean --skip-publish --timeout 90m

env:
GPG_FILE: "nogpg.key"
3 changes: 2 additions & 1 deletion docs/getting-started/installation.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,9 @@ In this section you will find an aggregation of the different ways to install Tr
[trivy]
name=Trivy repository
baseurl=https://aquasecurity.github.io/trivy-repo/rpm/releases/$RELEASE_VERSION/\$basearch/
gpgcheck=0
gpgcheck=1
enabled=1
gpgkey=https://aquasecurity.github.io/trivy-repo/rpm/public.key
EOF
sudo yum -y update
sudo yum -y install trivy
Expand Down
3 changes: 3 additions & 0 deletions goreleaser.yml
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,9 @@ nfpms:
contents:
- src: contrib/*.tpl
dst: /usr/local/share/trivy/templates
rpm:
signature:
key_file: '{{ .Env.GPG_FILE }}'

archives:
-
Expand Down

0 comments on commit ff1c43a

Please sign in to comment.