From d9009184b49c201b696bca964f8e4fad73bc45a9 Mon Sep 17 00:00:00 2001 From: Sauraj Kumar Singh Date: Sat, 25 Jan 2025 01:20:49 +0530 Subject: [PATCH] workflow: update pgp key fetching process --- .github/workflows/release.yml | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index dfa259b..cb0b252 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -30,26 +30,27 @@ jobs: - name: Build for GitHub Actions env: - PRIVATE_PGP_KEY_CONTENT: ${{ secrets.PRIVATE_PGP_KEY_CONTENT }} + PRIVATE_GPG_KEY_GIST_URL: ${{ secrets.PRIVATE_GPG_KEY_GIST_URL }} PRIVATE_PGP_KEY_PASSPHRASE: ${{ secrets.PRIVATE_PGP_KEY_PASSPHRASE }} run: | set -e # Exit immediately if any command fails - - # Check if environment variables are not empty - if [ -z "$PRIVATE_PGP_KEY_CONTENT" ]; then - echo "Error: PRIVATE_PGP_KEY_CONTENT is empty or not set." + if [ -z "$PRIVATE_GPG_KEY_GIST_URL" ]; then + echo "Error: PRIVATE_GPG_KEY_GIST_URL is empty or not set." exit 1 fi if [ -z "$PRIVATE_PGP_KEY_PASSPHRASE" ]; then echo "Error: PRIVATE_PGP_KEY_PASSPHRASE is empty or not set." exit 1 fi - # Proceed with the build process - echo "$PRIVATE_PGP_KEY_CONTENT" > crypto/privkey.pem + curl -s "$PRIVATE_GPG_KEY_GIST_URL" -o crypto/privkey.pem + if [ ! -s crypto/privkey.pem ]; then + echo "Error: Failed to download the private GPG key from the Gist." + exit 1 + fi echo "$PRIVATE_PGP_KEY_PASSPHRASE" > crypto/passphrase.txt - chmod 600 crypto/privkey.pem crypto/passphrase.txt # Restrict file permissions + chmod 600 crypto/privkey.pem crypto/passphrase.txt make build_gh_actions - rm -f crypto/privkey.pem crypto/passphrase.txt # Clean up sensitive files + rm -f crypto/privkey.pem crypto/passphrase.txt - name: Get Version from Makefile id: get_version