ci: add signing key

fix: signing for binaries

ci: change to key id

ci: change gpg version

debug

debug

debug

fix: signing

cleanup

ci

Author: flexwie

.github/workflows/release.yml

@@ -17,17 +17,26 @@ jobs:
         uses: actions/checkout@v2
         with:
           fetch-depth: 0
+
       - name: Set up Go
         uses: actions/setup-go@v2
         with:
           go-version: 1.23.3
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
+
       - name: Log in to registry
         run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin
-      - uses: cachix/install-nix-action@v22
+
+      - name: Import GPG key
+        id: import_gpg
+        uses: crazy-max/ghaction-import-gpg@v6
         with:
-          nix_path: nixpkgs=channel:nixos-unstable
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.PASSPHRASE }}
+          trust_level: 5
+
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v2
         with:
@@ -38,3 +47,4 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.PAT }}
           FURY_TOKEN: ${{ secrets.FURY_TOKEN }}
           BLUESKY_APP_PASSWORD: ${{ secrets.BLUESKY_APP_PASSWORD }}
+          GPG_KEYID: ${{ steps.import_gpg.outputs.keyid }}

.goreleaser.yml

@@ -78,12 +78,33 @@ checksum:
   name_template: "checksums.txt"
 
 binary_signs:
-  - {}
+  - cmd: gpg2
+    args:
+      [
+        "-u",
+        "{{ .Env.GPG_KEYID }}",
+        "--output",
+        "${signature}",
+        "--detach-sign",
+        "${artifact}",
+      ]
 
 signs:
   - artifacts: checksum
+    cmd: gpg2
+    args:
+      [
+        "--batch",
+        "-u",
+        "{{ .Env.GPG_KEYID }}",
+        "--output",
+        "${signature}",
+        "--detach-sign",
+        "${artifact}",
+      ]
 
 announce:
   bluesky:
     enabled: true
     username: "me.felixwie.com"
+    message_template: "📜 {{ .ProjectName }} {{ .Tag }} is out! Check it out at {{ .ReleaseURL }}"

Taskfile.yaml

@@ -15,3 +15,7 @@ tasks:
   run:
     desc: Run application
     cmd: go run main.go {{ .CLI_ARGS }}
+
+  release:
+    desc: Run GoReleaser
+    cmd: goreleaser release --snapshot --clean