Enable signing releases

Edge-Center · Dec 30, 2022 · 2c9eed0 · 2c9eed0
1 parent 22bbdfa
commit 2c9eed0
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 21 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -29,21 +29,21 @@ jobs:
         uses: actions/setup-go@v2
         with:
           go-version: 1.19
-#      -
-#        name: Import GPG key
-#        id: import_gpg
-#        uses: crazy-max/ghaction-import-gpg@v5
-#        with:
-#            # These secrets will need to be configured for the repository:
-#            gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
-#            passphrase: ${{ secrets.PASSPHRASE }}
+      -
+        name: Import GPG key
+        id: import_gpg
+        uses: crazy-max/ghaction-import-gpg@v5
+        with:
+            # These secrets will need to be configured for the repository:
+            gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+            passphrase: ${{ secrets.PASSPHRASE }}
       -
         name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v2.8.1
         with:
           version: latest
           args: release --rm-dist
         env:
-#          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
+          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
 #          # GitHub sets this automatically
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -35,18 +35,18 @@ archives:
 checksum:
   name_template: '{{ .ProjectName }}_{{ .Version }}_SHA256SUMS'
   algorithm: sha256
-#signs:
-#  - artifacts: checksum
-#    args:
-#      # if you are using this in a GitHub action or some other automated pipeline, you
-#      # need to pass the batch flag to indicate its not interactive.
-#      - "--batch"
-#      - "--local-user"
-#      - "{{ .Env.GPG_FINGERPRINT }}" # set this environment variable for your signing key
-#      - "--output"
-#      - "${signature}"
-#      - "--detach-sign"
-#      - "${artifact}"
+signs:
+  - artifacts: checksum
+    args:
+      # if you are using this in a GitHub action or some other automated pipeline, you
+      # need to pass the batch flag to indicate its not interactive.
+      - "--batch"
+      - "--local-user"
+      - "{{ .Env.GPG_FINGERPRINT }}" # set this environment variable for your signing key
+      - "--output"
+      - "${signature}"
+      - "--detach-sign"
+      - "${artifact}"
 release:
   # If you want to manually examine the release before its live, uncomment this line:
   # draft: true