actions/cargo-binstall
1
0
Fork 0
mirror of https://github.com/cargo-bins/cargo-binstall.git synced 2025-04-24 14:28:42 +00:00
Code Issues Projects Releases Packages Wiki Activity

Sign our releases (#1347)

Browse source 
* Sign our releases

* Use secrets instead of artifacts

* And the universal

* Apparently we can’t use secrets like that?

* Minor fixes to doc

* Private key requires untrusted comment

* Dogfood one deeper
This commit is contained in:
Félix Saparelli 2023-09-23 20:07:19 +12:00 committed by GitHub
parent 32beba507b
commit ee7fcb3210
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 88 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

19
.github/scripts/ephemeral-sign.sh vendored Executable file
View file

@ -0,0 +1,19 @@
#!/usr/bin/env bash
set -euo pipefail
echo "untrusted comment: rsign encrypted secret key" > minisign.key
cat >> minisign.key <<< "$SIGNING_KEY"
set -x
cargo binstall -y rsign2
ts=$(date --utc --iso-8601=seconds)
git=$(git rev-parse HEAD)
comment="gh=$GITHUB_REPOSITORY git=$git ts=$ts run=$GITHUB_RUN_ID"
for file in "$@"; do
rsign sign -W -s minisign.key -x "$file.sig" -t "$comment" "$file"
done