kodev-org
/
vikunja
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(ci): sign RPM packages with GPG via nfpm 

Add GPG signing configuration to nfpm.yaml for rpm packages. The
os-package job now sets up GPG and exports the key for nfpm to use
during package creation.
This commit is contained in:
kolaente 2026-04-14 15:46:04 +02:00
parent 4d8c37f8ff
commit f6ec5d8e96
No known key found for this signature in database
GPG Key ID: F40E70337AB24C9B
2 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
.github/workflows/release.yml vendored
View File

@ -176,6 +176,16 @@ jobs:
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7
with:
name: mage_bin
- name: GPG setup
if: matrix.package == 'rpm'
uses: kolaente/action-gpg@main
with:
gpg-passphrase: "${{ secrets.RELEASE_GPG_PASSPHRASE }}"
gpg-sign-key: "${{ secrets.RELEASE_GPG_SIGN_KEY }}"
- name: Export GPG key for nfpm
if: matrix.package == 'rpm'
run: |
gpg --export-secret-keys --armor 7D061A4AA61436B40713D42EFF054DACD908493A > /tmp/nfpm-signing-key.gpg
- name: Prepare
env:
RELEASE_VERSION: ${{ steps.ghd.outputs.describe }}
@ -193,6 +203,9 @@ jobs:
packager: ${{ matrix.package }}
target: ./dist/os-packages/vikunja-${{ github.ref_type == 'tag' && steps.ghd.outputs.describe || 'unstable' }}-${{ matrix.arch.pkg }}.${{ matrix.package }}
config: ./nfpm.yaml
env:
NFPM_GPG_KEY_FILE: ${{ (matrix.package == 'rpm') && '/tmp/nfpm-signing-key.gpg' || '' }}
NFPM_PASSPHRASE: ${{ (matrix.package == 'rpm') && secrets.RELEASE_GPG_PASSPHRASE || '' }}
- name: Upload
uses: kolaente/s3-action@main
with:

3
nfpm.yaml
View File

@ -10,6 +10,9 @@ priority: "extra"
license: "AGPLv3"
depends:
- systemd
rpm:
signature:
key_file: ${NFPM_GPG_KEY_FILE}
overrides:
apk:
depends: