@@ -20,35 +20,43 @@ jobs:
2020 git config user.name "$GITHUB_ACTOR"
2121 git config user.email "[email protected] " 2222
23- name : Import GPG private key
23+ name : Setup GPG
2424 run : |
25+ # Import the private key
2526 echo "$GPG_PRIVATE_KEY" | gpg --batch --import
26- # Trust the imported key ultimately to avoid trust prompts
27+
28+ # Get key ID
2729 KEY_ID=$(gpg --list-secret-keys --with-colons | grep '^sec' | head -n1 | cut -d':' -f5)
2830 echo "KEY_ID=$KEY_ID" >> $GITHUB_ENV
29- env :
30- GPG_PRIVATE_KEY : ${{ secrets.GPG_PRIVATE_KEY }}
31-
32- - name : Create combined GPG keyring for chart-releaser
33- run : |
34- mkdir -p gpg-keyring
35- gpg --batch --yes --pinentry-mode loopback \
31+
32+ # Trust the key ultimately
33+ echo "$KEY_ID:6:" | gpg --import-ownertrust
34+
35+ # Test signing to ensure key works
36+ echo "test" | gpg --batch --yes --pinentry-mode loopback \
3637 --passphrase "$GPG_PASSPHRASE" \
37- --export-secret-keys "$KEY_ID" > gpg-keyring/combined.gpg
38- gpg --batch --yes \
39- --export " $KEY_ID" >> gpg-keyring/combined.gpg
38+ --armor --detach-sign --local-user "$KEY_ID"
39+
40+ echo "GPG setup complete. Key ID: $KEY_ID"
4041env :
42+ GPG_PRIVATE_KEY : ${{ secrets.GPG_PRIVATE_KEY }}
4143 GPG_PASSPHRASE : ${{ secrets.GPG_PASSPHRASE }}
42-
43- - name : Prepare for Chart Releaser
44+
45+ - name : Create Chart Releaser config
4446 run : |
4547 echo "$GPG_PASSPHRASE" > passphrase.txt
48+ chmod 600 passphrase.txt
49+
4650 cat <<EOF > .cr.yaml
4751 sign: true
4852 key: "$KEY_ID"
49- keyring: "gpg-keyring/combined.gpg"
5053 passphrase-file: "passphrase.txt"
5154 EOF
55+
56+ echo "=== Chart Releaser Config ==="
57+ cat .cr.yaml
58+ echo "=== Available Keys ==="
59+ gpg --list-secret-keys --keyid-format LONG
5260env :
5361 GPG_PASSPHRASE : ${{ secrets.GPG_PASSPHRASE }}
5462
5765 with :
5866 config : .cr.yaml
5967 env :
60- CR_TOKEN : " ${{ secrets.GITHUB_TOKEN }}"
68+ CR_TOKEN : " ${{ secrets.GITHUB_TOKEN }}"
0 commit comments