Update the mkinitcpio post hook to only sign the kernel/UKI which is currently being built instead of all the files in the sbctl database #39

	name: Build and upload binaries
	on:
	release:
	types: [published]
	push:
	pull_request:
	permissions:
	contents: read
	jobs:
	build:
	name: Build binaries
	runs-on: ubuntu-latest
	environment: "Build, sign, release binaries"
	strategy:
	matrix:
	include:
	- {GOOS: linux, GOARCH: amd64}
	- {GOOS: linux, GOARCH: arm, GOARM: 6}
	- {GOOS: linux, GOARCH: arm64}
	steps:
	- name: Install Go
	uses: actions/setup-go@v2
	with:
	go-version: 1.x
	- name: Checkout repository
	uses: actions/checkout@v2
	with:
	fetch-depth: 0
	- name: Build binary
	run: \|
	cp LICENSE "$RUNNER_TEMP/LICENSE"
	echo -e "\n---\n" >> "$RUNNER_TEMP/LICENSE"
	curl -L "https://go.dev/LICENSE?m=text" >> "$RUNNER_TEMP/LICENSE"
	VERSION="$(git describe --tags 2> /dev/null \|\| echo "WIP")"
	DIR="$(mktemp -d)"
	mkdir "$DIR/sbctl"
	cp "$RUNNER_TEMP/LICENSE" "$DIR/sbctl"
	go build -o "$DIR/sbctl" -trimpath ./cmd/...
	tar -cvzf "sbctl-$VERSION-$GOOS-$GOARCH.tar.gz" -C "$DIR" sbctl
	env:
	CGO_ENABLED: 0
	GOOS: ${{ matrix.GOOS }}
	GOARCH: ${{ matrix.GOARCH }}
	GOARM: ${{ matrix.GOARM }}
	- name: Upload workflow artifacts
	uses: actions/upload-artifact@v2
	with:
	name: sbctl-binaries
	path: sbctl-*
	upload:
	name: Upload release binaries
	if: github.event_name == 'release'
	needs: build
	permissions:
	contents: write
	runs-on: ubuntu-latest
	steps:
	- name: Download workflow artifacts
	uses: actions/download-artifact@v2
	with:
	name: sbctl-binaries
	- name: Upload release artifacts
	run: gh release upload "$GITHUB_REF_NAME" sbctl-*
	env:
	GH_REPO: ${{ github.repository }}
	GH_TOKEN: ${{ github.token }}

Provide feedback