forgejo: sign RPM before deploying
This commit is contained in:
parent
57cc5b49b3
commit
c850a81498
2 changed files with 17 additions and 2 deletions
|
@ -1,4 +1,4 @@
|
||||||
#!/bin/sh
|
#!/bin/bash
|
||||||
|
|
||||||
# shellcheck disable=SC3040
|
# shellcheck disable=SC3040
|
||||||
set -eu -o pipefail
|
set -eu -o pipefail
|
||||||
|
@ -10,6 +10,20 @@ readonly TARGET_REPO=$CI_RPM_REPO
|
||||||
readonly group="qubes/$QUBES_REL"
|
readonly group="qubes/$QUBES_REL"
|
||||||
readonly rpm=$(find . -name 'qubes-template-*.rpm')
|
readonly rpm=$(find . -name 'qubes-template-*.rpm')
|
||||||
|
|
||||||
|
echo "Signing $rpm"
|
||||||
|
gpg --import <<< $FORGE_REPO_PRIVKEY
|
||||||
|
gpg --export -a > forge-repo.pub
|
||||||
|
rpm --import forge-repo.pub
|
||||||
|
|
||||||
|
cat << EOF > $HOME/.rpmmacros
|
||||||
|
%_signature gpg
|
||||||
|
%_gpg_path $HOME/.gnupg
|
||||||
|
%_gpg_name RPM Registry
|
||||||
|
%_gpgbin /usr/bin/gpg
|
||||||
|
EOF
|
||||||
|
|
||||||
|
rpm --addsign $rpm
|
||||||
|
|
||||||
echo "Sending $rpm to $TARGET_REPO/$group/upload"
|
echo "Sending $rpm to $TARGET_REPO/$group/upload"
|
||||||
curl -s --user $FORGE_REPO_USER:$FORGE_REPO_TOKEN --upload-file $rpm $TARGET_REPO/$group/upload
|
curl -s --user $FORGE_REPO_USER:$FORGE_REPO_TOKEN --upload-file $rpm $TARGET_REPO/$group/upload
|
||||||
|
|
||||||
|
|
|
@ -48,10 +48,11 @@ jobs:
|
||||||
env:
|
env:
|
||||||
CI_RPM_REPO: 'https://ayakael.net/api/packages/forge/rpm'
|
CI_RPM_REPO: 'https://ayakael.net/api/packages/forge/rpm'
|
||||||
FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }}
|
FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }}
|
||||||
|
FORGE_REPO_PRIVKEY: ${{ secrets.FORGE_REPO_PRIVKEY }}
|
||||||
FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }}
|
FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }}
|
||||||
steps:
|
steps:
|
||||||
- name: Setting up environment
|
- name: Setting up environment
|
||||||
run: apk add nodejs curl findutils git gawk
|
run: apk add nodejs curl findutils git gawk bash rpm gpg gpg-agent
|
||||||
- name: Repo pull
|
- name: Repo pull
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v4
|
||||||
- name: Package download
|
- name: Package download
|
||||||
|
|
Loading…
Reference in a new issue