qubes-builder-alpine/.forgejo/bin/deploy.sh

#!/bin/bash

# shellcheck disable=SC3040
set -eu -o pipefail

readonly REPOS="backports user"
readonly QUBES_REL=$( echo $GITHUB_REF_NAME | awk -F '-' '{print $2}')
readonly TARGET_REPO=$CI_RPM_REPO

readonly group="qubes/$QUBES_REL"
readonly rpm=$(find . -name 'qubes-template-*.rpm')

echo "Signing $rpm"
gpg --import <<< $FORGE_REPO_PRIVKEY
gpg --export -a > forge-repo.pub
rpm --import forge-repo.pub

cat << EOF > $HOME/.rpmmacros
%_signature gpg
%_gpg_path $HOME/.gnupg
%_gpg_name RPM Registry
%_gpgbin /usr/bin/gpg
EOF

rpm --addsign $rpm

echo "Sending $rpm to $TARGET_REPO/$group/upload"
curl -s --user $FORGE_REPO_USER:$FORGE_REPO_TOKEN --upload-file $rpm $TARGET_REPO/$group/upload