Fix build job to sign rpms for release and nightly builds (#318)

* ammend release job

* update

* use crazy-max/ghaction-import-gpg@openpgp5 version

* revert version

* update public key

* use key id

* ammend release files

* ammend release artefacts for legacy

* update versions for test

.github/workflows/ci-integration-test-legacy.yml

@@ -21,7 +21,7 @@ jobs:
       matrix:
         os: [ubuntu-latest]
         java: [8]
-        cpversion: [5.5.3, 6.0.2, 6.1.0]
+        cpversion: [6.1.2, 6.2.0]
 
     runs-on: ${{ matrix.os }}
 

.github/workflows/ci-integration-test-main.yml

@@ -19,7 +19,7 @@ jobs:
       matrix:
         os: [ubuntu-latest]
         java: [11.0.x]
-        cpversion: [5.5.3, 6.0.2, 6.1.0]
+        cpversion: [6.1.2, 6.2.0]
 
     runs-on: ${{ matrix.os }}
 

.github/workflows/nightly-artifacts-build.yml

@@ -17,14 +17,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
-      - name: Import private GPG key
-        id: import_gpg
-        uses: crazy-max/ghaction-import-gpg@v3
-        with:
-          gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
-          passphrase: ${{ secrets.GPG_PASSPHRASE }}
-      - name: Import public GPG Key
-        run: rpm --import release/keys/public.key
       - uses: docker/setup-buildx-action@v1
       - name: Set up the JDK
         uses: actions/setup-java@v1
@@ -75,19 +67,29 @@ jobs:
           restore-keys: ${{ runner.os }}-m2
       - name: Build with Maven
         run: mvn -B package --file pom.xml
+      - name: Import private GPG key
+        id: import_gpg
+        uses: crazy-max/ghaction-import-gpg@v4
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.GPG_PASSPHRASE }}
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+      - name: Import public GPG Key
+        run: rpm --import release/keys/public.key
       - name: Build the rpm
         run: mvn rpm:rpm
       - name: Sign rpm
         run: |
-          rpm --define "_gpg_name $GPG_KEY_NAME" --addsign target/rpm/julie-ops/RPMS/noarch/*.rpm
+          rpm --define "_gpg_name ${{ steps.import_gpg.outputs.keyid }}" --addsign target/rpm/julie-ops/RPMS/noarch/*.rpm
           rpm --checksig target/rpm/julie-ops/RPMS/noarch/*.rpm
         env:
           GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
           GPG_KEY_NAME: ${{ steps.import_gpg.outputs.email }}
       - name: Sign deb
         run: |
           sudo apt-get install dpkg-sig -y
-          dpkg-sig -k $GPG_KEY_NAME --sign builder $FILE target/*.deb
+          dpkg-sig -k ${{ steps.import_gpg.outputs.keyid }} --sign builder $FILE target/*.deb
         env:
           GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
           GPG_KEY_NAME: ${{ steps.import_gpg.outputs.email }}

.github/workflows/release-artifacts-build-legacy.yml

@@ -22,8 +22,29 @@ jobs:
           restore-keys: ${{ runner.os }}-m2
       - name: Build with Maven
         run: mvn -B package --file pom.xml
+      - name: Import private GPG key
+          id: import_gpg
+          uses: crazy-max/ghaction-import-gpg@v4
+          with:
+            gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+            passphrase: ${{ secrets.GPG_PASSPHRASE }}
+            git_user_signingkey: true
+            git_commit_gpgsign: true
+            - name: Import public GPG Key
+              run: rpm --import release/keys/public.key
       - name: Build the rpm
         run: mvn rpm:rpm
+      - name: Sign rpm
+          run: |
+            rpm --define "_gpg_name ${{ steps.import_gpg.outputs.keyid }}" --addsign target/rpm/julie-ops/RPMS/noarch/*.rpm
+            rpm --checksig target/rpm/julie-ops/RPMS/noarch/*.rpm
+      - name: Sign deb
+          run: |
+            sudo apt-get install dpkg-sig -y
+            dpkg-sig -k ${{ steps.import_gpg.outputs.keyid }} --sign builder $FILE target/*.deb
+          env:
+            GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+            GPG_KEY_NAME: ${{ steps.import_gpg.outputs.email }}
       - uses: actions/upload-artifact@v2
         with:
           name: RPM package

.github/workflows/release-artifacts-build.yml

@@ -12,10 +12,12 @@ jobs:
       - uses: actions/checkout@v2
       - name: Import private GPG key
         id: import_gpg
-        uses: crazy-max/ghaction-import-gpg@v3
+        uses: crazy-max/ghaction-import-gpg@v4
         with:
-          gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
           passphrase: ${{ secrets.GPG_PASSPHRASE }}
+          git_user_signingkey: true
+          git_commit_gpgsign: true
       - name: Import public GPG Key
         run: rpm --import release/keys/public.key
       - name: Set up the JDK
@@ -34,15 +36,15 @@ jobs:
         run: mvn rpm:rpm
       - name: Sign rpm
         run: |
-          rpm --define "_gpg_name $GPG_KEY_NAME" --addsign target/rpm/julie-ops/RPMS/noarch/*.rpm
+          rpm --define "_gpg_name ${{ steps.import_gpg.outputs.keyid }}" --addsign target/rpm/julie-ops/RPMS/noarch/*.rpm
           rpm --checksig target/rpm/julie-ops/RPMS/noarch/*.rpm
         env:
           GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
           GPG_KEY_NAME: ${{ steps.import_gpg.outputs.email }}
       - name: Sign deb
         run: |
           sudo apt-get install dpkg-sig -y
-          dpkg-sig -k $GPG_KEY_NAME --sign builder $FILE target/*.deb
+          dpkg-sig -k ${{ steps.import_gpg.outputs.keyid }} --sign builder $FILE target/*.deb
         env:
           GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
           GPG_KEY_NAME: ${{ steps.import_gpg.outputs.email }}

release/keys/public.key

@@ -1,19 +1,52 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 
-mQENBF8q4tcBCADUXVN8G0smSfgHz7EmgN2Ou69kFjMfvP2t7Yncj6X1xS1YlurB
-IfQ5rRw9ZVX5mvbqyQ9/GNrqFK23sdxrusiWImewDBzHRQLnXPmqaukjZJ8eM+s7
-UTktAYlvkHsVnX5xDp7FTZF6Vrfz76b44NjeBk0cjTSRIXPpnLW+Ok67qgSC3lFW
-AnKGw465UR0Y5pffcum7Dbi0wjgQspLhlptCja2wNl/vdCM7OW6svQuhLEx3Jft7
-o7s+Fu7ijiwaX6KucR8zY4Zkf/R+s4ieI3/erlWH0nBM8CgxZ2xTfuy1ZBUJpJeM
-kGC4ZkgF2gHJuIvvrdqo/pVwLIlAN3WUR5bJABEBAAG0Q0thZmthIFRvcG9sb2d5
-IEJ1aWxkZXIgcmVsZWFzZSBtYW5hZ2VyIDxwZXJlLnVyYm9uK2thZmthQGdtYWls
-LmNvbT6JAVQEEwEIAD4WIQRK1j1naDqX0UkkfsM5NBZpYTTokgUCXyri1wIbAwUJ
-A8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRA5NBZpYTTokhEpCACBZDB5
-2TxB2FI+fg8RzoxxGu8Ft8BiLX227gi2+ACGGH9OBoZ9FhdYP0GCGr0ewXIgzdtW
-z6XOLf2t6ZxfAvqY2W9YaCch9j+niSjkbphOtMndxJ7zydXBxzWdx4sUHnfdV4vn
-FbyjjA1QClTuAVtoZGnd9fsUp96H7KBMB2LuQK7JhtJ2xS5SXh4st1dO/RqvM+6y
-N91Olrae7gyZuzktWlVBZ+6jtRyJy7vG/YmkLtw8Nfu0tJL4/CUvBUaTPiKDJyXr
-p9cNxQdvbs4dX5QuGWU59m3avAmNg0F1qcEOtIrVuzgJhanZZ74EN7e5ko/0wuOt
-aIKV/zo6WAGFiB0I
-=4uCQ
+mQINBGE7aq4BEADWXfhdysFn4ohnBTgfuPIlzHKhS9RsqlGWZL1in1S9TeY0dfYG
+/UPn1DzIZtLzCcwgpILbqju2LZDvxGdYjZ37Jrukxw++7GbGyIL/bDrdqy0Zao86
+QoVh3HtlbXph9NHrPYIv1PmObdXsKRLSHE2S8c1jsp9oLg/A/hzlN4IIk2oX6+ZB
+LHcByJS9rXBd35wWibGa//K1Wtq369aT/Ix3CBi3MTBeIUZN2d+tcwfFz+WiJ6cv
+1ogAgNiiLWTcMdcAX4Oy6LTlG3fi7ls5zICwELZ7QSHQ6RTH/p7tQvFbWt0XrL92
+k1Jh9fygXMNAcwIDaGhWBWFS5rXA0lIRtEiOPgTMx6aL0s3IHt8pwFqZBzeEp7Rf
+Pl23avm/m7GG3W9Vq4QNcpoXEzOfhelipgMKJneuH/vJPCZo+ENuPtVfEXZeVcQn
+nyEZtPjj33kN43yU+QNGBRkJVB3EL8n6aJMqna2x92aR7WTpMosSRLsr0cG/cyp2
+ZIQvTIZBpxb35qAMJgsb7Ln/eomGyN/bxOZTsy0AFDpU/synB5adh0Yt6dHJQZ+M
+4QQX23Mxk8o6+qzV/XNiZ/CUFVtXEidfGDNpZzLmqYfzP/W1RoRDlQkkrYtIxg81
+nBTdrFBK0JV3dW+T8M3FqwoR03L/e7tuE2RZUYbrusiczJ6aL5GYDwcwAwARAQAB
+tDJKdWxpZU9wcyBncGcga2V5IHNpZ24gPHBlcmUudXJib24ra2Fma2FAZ21haWwu
+Y29tPokCUgQTAQgAPBYhBKQnGKQEhjEgjyK2234u9IIF2KTYBQJhO2quAhsDBQsJ
+CAcCAyICAQYVCgkICwIEFgIDAQIeBwIXgAAKCRB+LvSCBdik2KMED/0V1v+ms3w7
+ZdTJqvpuesfWysDBdFeBnK+m2AYV9DluG9Rf8RidZdLpYtVYoIFBYtmZg55vZwmM
+GuDLeH/h5rFgJ1T5AcugEjWhfPewlGBLnxwBJBNPVaom4uqIp+6m3Zit5estcWe0
+vXD8XQCdzpvyePjlIvPjKzvIRvOUJ1QqAUw5+6sClxNFqgiUUg3H0igFz5JHG+MM
+/gjvXW7BsAhTJzmXxzO4IuEKmx4PFkoweRs+JzZnYRrnPAxPW5tEFVmtkKVbIo+J
+iC1sgeHVht6u1XDzAysk9hFFb1TS017Mg8e8VEFBXyWDu+VrSa40b+uuRK9wug5q
+50GDiYsT9h/OxOQCTLPQ5SOjlriQVx+50CUBK9t1ZRw9HGe/DJhcqxE+LhslcHbm
+mAMRIhF6QBoaSfgww58HuhoWISXjFzTLCFV4RArVhpymfyLooFcT+WsusdM09Ax8
+33CASRC8ptNrriim2kzT/b5oVBqAT31JEGQkdAb7aGzIKJFDiWCu5s5+tPTDk5a4
+215+YpOIsxRhIxm1st1436Fh+RQlKbbT4wUCuWDpOmzMhWxWXhR7dVkWFCn1VIXz
+9v8XPwGOHAvfz6u63/88BA/rDYD9a+oimj9TWFS2aEs6XSBDDDDbeRkaiPQsDomL
+CtMfEVZ/67RXY+8S45HmdL/KiAcGu+8zmrkCDQRhO2quARAAzTKcsDqvrxztpcR0
+6B1VupU7z9iWFwaFxUklr/61sl35RHTdx8+e1ZMCPVDyMPFWW4VF/slM3X0x5DMd
+Rf1mREFc0zL2mTzfiFPLXjA2CIZ+de8IVb09PoQEfJv6p9GajpCroHPO9/8MYGNi
+xEW38uLAiP45GYdzgzCkV3imWQDM/THnSvBY3MIwzTLsWr5i3FEdanyLQ7U5iND1
+cKbMWwo+6V+QUL8FfMJVP6qnnFPiaRmStKTnXCo7LiGkVfbuQ3/44IuhFtChT9t1
+5I3bMfVp0swB2H7v1WjOsKLHhNw0lmi6CUamY0c7CYxs1ybfaRBUuYExTYp0YMqD
+nsMwQQbXhk3pljWt+ElRdZERpeYQOK3HkBbNfYTgI6aR59zob8iZ4QGw3vZiH/MS
++j7Dyw3S/2KTIG1DGpbTot67fTexZvLa735peIuZp9Z8ln5TIS8BJVOhDIofgH2m
+OR4eorYPZpNfLBfXoDuK5bsqu7NMhHYiOk3Zbm07P1jZUn0r7d9+g+Kx9GXB7w7l
+DJ7M9qWgrSoV3lC6cLquspIJFJp23KVYy2M+zoKiKxsa4FD8XRADvsClTfJQEIUO
+r3f6bdI2463hx/6Mb09m75vJGlCZv48gUO1jUPcVAGqz+Gklp0bEcmvjieAWjzye
+fmQSUuIb8QbvZze30rP3yhWUNv0AEQEAAYkCNgQYAQgAIBYhBKQnGKQEhjEgjyK2
+234u9IIF2KTYBQJhO2quAhsMAAoJEH4u9IIF2KTY4ZoP/0ZoOuPuzn1mF7xeuU+A
+h8Y//9aYg2LnfFY6rl8MQ6kIue2KiPgGzChIQQIFlNsF89RSmS+Re3eS2MF7hbea
+q6Faf9J1QAhqUlyqy+28J6VBVJHFqtyNIbbEC0nPU4TI8BDMhNDe5/BaWtECc1Ew
+eJjNGEI5FHA9S+fvkVG8YCPdf3l32rLMeX5TOdsMJ11qSh3uV6AEgJ270OpLyCF1
+BOpvMCgMDJNYtnV+Mu+PHKva8SHWiCGDv+2hK2QpP21Y2ts8QTWkncfPR8DZnzG/
+z8lRT/aPsUMhTmL8hUm3WgtKeI8ZgHHT+kb1Xt6c4ukP3OMsfoFBD/EkPsAqHnWW
+b7l6TrgGA4J/SJadEzKZ3YQ3IeAlA4zQ/UWy+xQO1z6oHhoNPXkhGkWSiQ488/qx
+QYUcJEVofmbo88KwwQ1/VrnPbTC94z8P1EpN+ZnYELsohaSGEWob8Jg9a5bzmBgV
+BHEWkAuvfB/iRR2q6i+K4dfOA6zxkeMBwbMZhjrjdQ9Z1m9AmGBmIWP5pg8EfIOG
+1jTgvdWVobp+w2qSADQeI+PWz7ZHZUzXYk1+esVkzQCjV4pzR4+23nOwEoDPCgyf
+FgrSDuBNkk2qzvYUoQD++m0FJDwrCmFdQ6Ig/PBerIyX8luCyMQ+FU8tb0faRAyC
+CRNminCORZgJISzle5IG4NSu
+=2myt
 -----END PGP PUBLIC KEY BLOCK-----