Skip to content
Prerelease

Merge pull request #471 from jiaqiluo/fix-master-6 #9

Sign in to view logs

Merge pull request #471 from jiaqiluo/fix-master-6

Merge pull request #471 from jiaqiluo/fix-master-6 #9

Workflow file for this run

.github/workflows/pre-release.yaml at 3a988df
name: Prerelease
on:
push:
tags:
- 'v[0-9]+.[0-9]+.[0-9]+-rc[0-9]+'
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
steps:
- uses: actions/checkout@v4
- name: build binaries
env:
CROSS: 1
VERSION: ${{ github.ref_name }}
run: |
make build
- name: package
run: |
make package
- name: retrieve GPG Credentials
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/key/credentials passphrase | GPG_PASSPHRASE ;
secret/data/github/repo/${{ github.repository }}/key/credentials key | GPG_KEY
- name: sign SHASUM
env:
GPG_KEY: ${{ env.GPG_KEY }}
GPG_PASSPHRASE: ${{ env.GPG_PASSPHRASE }}
run: |
echo "Importing gpg key"
echo -n "$GPG_KEY" | base64 --decode | gpg --import --batch >/dev/null
# Extract the correct secret subkey fingerprint
GPG_KEY_ID=$(gpg --list-secret-keys --with-colons | awk -F: '/^ssb/ {found=1} found && /^fpr/ {print $10; exit}')
echo "Extracted GPG Key ID: $GPG_KEY_ID"
# Automatically trust the key by creating a trust level entry for the key (ultimate trust)
echo -e "$GPG_KEY_ID:6:" | gpg --import-ownertrust
echo "signing SHASUM file"
VERSION_NO_V=$(echo ${{ github.ref_name }} | sed "s/^[v|V]//")
SHASUM_FILE=dist/artifacts/${{ github.ref_name }}/terraform-provider-rke_"$VERSION_NO_V"_SHA256SUMS
echo "$GPG_PASSPHRASE" | gpg --detach-sig --pinentry-mode loopback --passphrase-fd 0 --default-key "$GPG_KEY_ID" --output "$SHASUM_FILE".sig --sign "$SHASUM_FILE"
- name: GH release
env:
GH_TOKEN: ${{ github.token }}
run: |
gh release create ${{ github.ref_name }} --prerelease --verify-tag --generate-notes ./dist/artifacts/${{ github.ref_name }}/*