diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b29812e09..21ecf2272 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -233,7 +233,6 @@ jobs: gpg_private_key: ${{ secrets.MISE_GPG_KEY }} git_user_signingkey: true git_commit_gpgsign: true - - run: mkdir -p ~/.minisign && echo "$MINISIGN_KEY" >~/.minisign/minisign.key - name: cache zipsign id: cache-zipsign uses: actions/cache@v4 @@ -269,6 +268,7 @@ jobs: mise-v*.tar.xz mise-v*.zip merge-multiple: true + - run: echo "$MINISIGN_KEY" >minisign.key - run: ls -R artifacts - run: scripts/release.sh env: diff --git a/scripts/release.sh b/scripts/release.sh index c2392868a..7ef1cb2a7 100755 --- a/scripts/release.sh +++ b/scripts/release.sh @@ -55,7 +55,7 @@ sha256sum ./mise-latest-* >SHASUMS256.txt sha512sum ./mise-latest-* >SHASUMS512.txt gpg --clearsign -u 8B81C9D17413A06D SHASUMS256.asc gpg --clearsign -u 8B81C9D17413A06D SHASUMS512.asc -minisign -Sm SHASUMS256.txt SHA256SUMS512.txt +minisign -Ss "$BASE_DIR/minisign.key" -m SHASUMS256.txt SHA256SUMS512.txt popd pushd "$RELEASE_DIR/$MISE_VERSION" @@ -63,7 +63,7 @@ sha256sum ./* >SHASUMS256.txt sha512sum ./* >SHASUMS512.txt gpg --clearsign -u 8B81C9D17413A06D SHASUMS256.asc gpg --clearsign -u 8B81C9D17413A06D SHASUMS512.asc -minisign -Sm SHASUMS256.txt SHA256SUMS512.txt +minisign -Ss "$BASE_DIR/minisign.key" -m SHASUMS256.txt SHA256SUMS512.txt popd echo "::group::install.sh" @@ -71,7 +71,7 @@ echo "::group::install.sh" chmod +x "$RELEASE_DIR"/install.sh shellcheck "$RELEASE_DIR"/install.sh gpg -u 8B81C9D17413A06D --output "$RELEASE_DIR"/install.sh.sig --sign "$RELEASE_DIR"/install.sh -minisign -Sm "$RELEASE_DIR"/install.sh +minisign -Ss "$BASE_DIR/minisign.key" -m "$RELEASE_DIR"/install.sh cp "$RELEASE_DIR"/{install.sh,install.sh.minisig} "$RELEASE_DIR/$MISE_VERSION" if [[ "$DRY_RUN" != 1 ]]; then