From fdcd543fa6bd66e8731adb9eb50984828150ffac Mon Sep 17 00:00:00 2001 From: Se7enZ Date: Mon, 11 Nov 2024 12:44:13 +0100 Subject: [PATCH] build: Sign aggregate release artifact from Github. --- .github/workflows/release.yml | 39 +++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1bf567168509..0637d2e877fa 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -111,3 +111,42 @@ jobs: name: c-lightning-${{ env.version }} pattern: bin-* delete-merged: true + + release: + name: Sign release + needs: + - artifact + env: + version: ${{ needs.check.outputs.version }} + runs-on: ubuntu-24.04 + steps: + - name: Git checkout + uses: actions/checkout@v4 + with: + fetch-tags: true + + - name: Download artifact + uses: actions/download-artifact@v4 + with: + name: c-lightning-${{ env.version }} + path: release/ + + - name: Import GPG keys + uses: crazy-max/ghaction-import-gpg@v6 + with: + gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.GPG_PASSPHRASE }} + + - name: Sign release + run: | + sudo apt-get install -y lowdown + ./configure + # TODO: configure GPG key + tools/build-release.sh --without-zip sign + + - name: Upload signed artifact + uses: actions/upload-artifact + with: + name: c-lightning-${{ env.version }} + overwrite: true + path: release/