Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(ci): use debsig-verify #2142

Merged
merged 1 commit into from
Jan 30, 2025
Merged

fix(ci): use debsig-verify #2142

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/workflows/release-draft.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -202,7 +202,7 @@
KEY_ID: EC51E8C4
steps:
- name: Install deps
run: apt update && apt -y install debsigs rpm
run: apt update && apt -y install debsig-verify debsigs rpm

- name: Download artifacts
uses: actions/download-artifact@v4
Expand All @@ -215,16 +215,16 @@
run: printenv PRIVATE_KEY | gpg --import -

- name: Sign DEBs
run: debsigs --sign=origin --default-key="${{ env.KEY_ID }}" *.deb

Check warning on line 218 in .github/workflows/release-draft.yaml

View workflow job for this annotation

GitHub Actions / actionlint 

[actionlint] reported by reviewdog 🐶
shellcheck reported issue in this script: SC2035:info:1:57: Use ./*glob* or -- *glob* so names with dashes won't become options [shellcheck]

Raw Output:
i:.github/workflows/release-draft.yaml:218:9: shellcheck reported issue in this script: SC2035:info:1:57: Use ./*glob* or -- *glob* so names with dashes won't become options [shellcheck]

- name: Check signature DEBs
run: debsigs --verify *.deb
run: debsig-verify *.deb

Check warning on line 221 in .github/workflows/release-draft.yaml

View workflow job for this annotation

GitHub Actions / actionlint 

[actionlint] reported by reviewdog 🐶
shellcheck reported issue in this script: SC2035:info:1:15: Use ./*glob* or -- *glob* so names with dashes won't become options [shellcheck]

Raw Output:
i:.github/workflows/release-draft.yaml:221:9: shellcheck reported issue in this script: SC2035:info:1:15: Use ./*glob* or -- *glob* so names with dashes won't become options [shellcheck]

- name: Sign RPMs
run: rpm --define "_gpg_name ${{ env.KEY_ID }}" --define "_binary_filedigest_algorithm 8" --addsign *.rpm

Check warning on line 224 in .github/workflows/release-draft.yaml

View workflow job for this annotation

GitHub Actions / actionlint 

[actionlint] reported by reviewdog 🐶
shellcheck reported issue in this script: SC2035:info:1:96: Use ./*glob* or -- *glob* so names with dashes won't become options [shellcheck]

Raw Output:
i:.github/workflows/release-draft.yaml:224:9: shellcheck reported issue in this script: SC2035:info:1:96: Use ./*glob* or -- *glob* so names with dashes won't become options [shellcheck]

- name: Check signature RPMs
run: test "$(rpm -qpi *.rpm | awk '/Signature/' | grep -i none | wc -l)" -eq 0

Check warning on line 227 in .github/workflows/release-draft.yaml

View workflow job for this annotation

GitHub Actions / actionlint 

[actionlint] reported by reviewdog 🐶
shellcheck reported issue in this script: SC2035:info:1:18: Use ./*glob* or -- *glob* so names with dashes won't become options [shellcheck]

Raw Output:
i:.github/workflows/release-draft.yaml:227:9: shellcheck reported issue in this script: SC2035:info:1:18: Use ./*glob* or -- *glob* so names with dashes won't become options [shellcheck]

Check failure on line 227 in .github/workflows/release-draft.yaml

View workflow job for this annotation

GitHub Actions / actionlint 

[actionlint] reported by reviewdog 🐶
shellcheck reported issue in this script: SC2126:style:1:46: Consider using 'grep -c' instead of 'grep|wc -l' [shellcheck]

Raw Output:
e:.github/workflows/release-draft.yaml:227:9: shellcheck reported issue in this script: SC2126:style:1:46: Consider using 'grep -c' instead of 'grep|wc -l' [shellcheck]

- name: Upload Signed Packages
uses: actions/upload-artifact@v4
Expand Down