diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4074ee35e0..6cbbf7819e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -126,6 +126,11 @@ jobs: composer update --no-dev --no-scripts --no-plugins -q sudo chown -R runner:docker resources/lang .ci/phpcs.sh + - name: Import GPG key + uses: crazy-max/ghaction-import-gpg@v6 + with: + gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.PASSPHRASE }} - name: Release run: | # do some configuration @@ -191,6 +196,10 @@ jobs: sha256sum -b $zipName > $zipName.sha256 sha256sum -b $tarName > $tarName.sha256 + # add signatures: + gpg --armor --detach-sign $zipName + gpg --armor --detach-sign $tarName + # create a development (nightly) release: if [[ "develop" == "$version" ]]; then echo 'Develop release.' @@ -198,7 +207,7 @@ jobs: rm output.txt echo "Bi-weekly development release of Firefly III with the latest fixes, translations and features. Docker users can find this release under the \`develop\` tag." >> output.txt echo "" >> output.txt - echo "This release was created on **$(date +'%Y-%m-%d')** and may contain unexpected bugs. Data loss is rare but is not impossible." >> output.txt + echo "This release was created on **$(date +'%Y-%m-%d')** and may contain unexpected bugs. Data loss is rare but is not impossible. The releases are signed, and you can verify them using the [Firefly III releases PGP key](https://docs.firefly-iii.org/explanation/more-information/signatures/)." >> output.txt echo "" >> output.txt echo "* Please read the installation instructions for [Docker](https://docs.firefly-iii.org/how-to/firefly-iii/installation/docker/), [Portainer](https://docs.firefly-iii.org/how-to/firefly-iii/installation/portainer/), [Kubernetes](https://docs.firefly-iii.org/how-to/firefly-iii/installation/kubernetes/) or [self-managed servers](https://docs.firefly-iii.org/how-to/firefly-iii/installation/self-managed/)" >> output.txt echo "* Or read the upgrade instructions for [Docker](https://docs.firefly-iii.org/how-to/firefly-iii/upgrade/docker/), [Kubernetes](https://docs.firefly-iii.org/how-to/firefly-iii/upgrade/kubernetes/) or [self-managed servers](https://docs.firefly-iii.org/how-to/firefly-iii/upgrade/self-managed/)" >> output.txt @@ -221,6 +230,10 @@ jobs: gh release upload $releaseName $zipName.sha256 gh release upload $releaseName $tarName.sha256 + # add signatures to release + gh release upload $releaseName $zipName.asc + gh release upload $releaseName $tarName.asc + # get current HEAD and add as file to the release HEAD=$(git rev-parse HEAD) echo $HEAD > HEAD.txt @@ -234,6 +247,7 @@ jobs: echo '' >> output.txt echo "* Installation instructions for [Docker](https://docs.firefly-iii.org/how-to/firefly-iii/installation/docker/), [Portainer](https://docs.firefly-iii.org/how-to/firefly-iii/installation/portainer/), [Kubernetes](https://docs.firefly-iii.org/how-to/firefly-iii/installation/kubernetes/) or [self-managed servers](https://docs.firefly-iii.org/how-to/firefly-iii/installation/self-managed/)" >> output.txt echo "* Or read the upgrade instructions for [Docker](https://docs.firefly-iii.org/how-to/firefly-iii/upgrade/docker/), [Kubernetes](https://docs.firefly-iii.org/how-to/firefly-iii/upgrade/kubernetes/) or [self-managed servers](https://docs.firefly-iii.org/how-to/firefly-iii/upgrade/self-managed/)" >> output.txt + echo "* The releases are signed, and you can verify them using the [Firefly III releases PGP key](https://docs.firefly-iii.org/explanation/more-information/signatures/)." echo "Create default release." git tag -a $releaseName -m "Here be changelog" @@ -248,6 +262,10 @@ jobs: gh release upload $releaseName $zipName.sha256 gh release upload $releaseName $tarName.sha256 + # add signatures to release + gh release upload $releaseName $zipName.asc + gh release upload $releaseName $tarName.asc + # get current HEAD and add as file to the release HEAD=$(git rev-parse HEAD) echo $HEAD > HEAD.txt