-
Notifications
You must be signed in to change notification settings - Fork 0
70 lines (56 loc) · 2.06 KB
/
ci_gpg_test.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
name: ci_gpg_test
on:
workflow_dispatch:
# schedule:
# - cron: '30 6 1 * *'
jobs:
release:
runs-on: ubuntu-22.04
strategy:
matrix:
##### EDIT ME #####
EDITION: [xfce]
BRANCH: [stable]
SCOPE: [minimal]
###################
steps:
-
name: Build ISO
env:
EDITION: ${{ matrix.EDITION }}
BRANCH: ${{ matrix.BRANCH }}
SCOPE: ${{ matrix.SCOPE }}
##### EDIT ME #####
KERNEL: "linux510"
CODE_NAME: "Ornara"
VERSION: "test_upload"
###################
run: |
[ "$SCOPE" == "minimal" ] && unset SCOPE
echo "file1" > file1
echo "file2" > file2
echo "file3" > file3
sudo apt-get install paperkey gpg
echo "setup values"
GPG_HOMEDIR="$(mktemp -d -t gnupg.XXX)"
SECRET_KEY_FILE="$GPG_HOMEDIR/secret.key"
PUBLIC_KEY_FILE="$GPG_HOMEDIR/public_key.gpg"
PASSPHRASE_FILE="$GPG_HOMEDIR/passphrase.file"
GPG="gpg --homedir=$GPG_HOMEDIR --no-tty --batch --yes"
echo "unpack public key"
echo "${{ secrets.CI_PUB_KEY }}" | base64 --decode > "$PUBLIC_KEY_FILE"
echo "unpack secret key"
echo "${{ secrets.CI_GPG_SECRET }}" | base64 --decode > "$SECRET_KEY_FILE"
echo "passphrase"
echo "${{ secrets.CI_GPG_PASSPHRASE }}" > "$PASSPHRASE_FILE"
echo "Secrets unpacked..."
paperkey --pubring "$PUBLIC_KEY_FILE" --secrets "$SECRET_KEY_FILE" \
| $GPG --import &>/dev/null
$GPG --pinentry-mode loopback --detach-sign --use-agent -u "${{ secrets.CI_GPG_KEY }}" --passphrase-file "$PASSPHRASE_FILE" file1
ls -lasih
echo "Verifying file"
$GPG --verify file1.sig file1
echo "cleaning up"
find "$GPG_HOMEDIR" -type f -exec shred {} \;
rm -rf "$GPG_HOMEDIR"
echo "script done"