mirror of
https://github.com/cargo-bins/cargo-binstall.git
synced 2025-04-22 13:38:43 +00:00
ee7fcb3210
* Sign our releases * Use secrets instead of artifacts * And the universal * Apparently we can’t use secrets like that? * Minor fixes to doc * Private key requires untrusted comment * Dogfood one deeper
19 lines
410 B
Bash
Executable file
19 lines
410 B
Bash
Executable file
#!/usr/bin/env bash
|
|
|
|
set -euo pipefail
|
|
|
|
echo "untrusted comment: rsign encrypted secret key" > minisign.key
|
|
cat >> minisign.key <<< "$SIGNING_KEY"
|
|
|
|
set -x
|
|
|
|
cargo binstall -y rsign2
|
|
|
|
ts=$(date --utc --iso-8601=seconds)
|
|
git=$(git rev-parse HEAD)
|
|
comment="gh=$GITHUB_REPOSITORY git=$git ts=$ts run=$GITHUB_RUN_ID"
|
|
|
|
for file in "$@"; do
|
|
rsign sign -W -s minisign.key -x "$file.sig" -t "$comment" "$file"
|
|
done
|
|
|