From 4749f839e8f1c4d41311a7e8ca6ff94d4f4a0060 Mon Sep 17 00:00:00 2001
From: jkowall <jkowall@kowall.net>
Date: Wed, 9 Nov 2022 08:21:50 -0500
Subject: [PATCH 1/2] Adding signing releases capabilities to build process

Signed-off-by: jkowall <jkowall@kowall.net>
---
 .github/workflows/ci-release.yml | 8 +++++++-
 scripts/package-deploy.sh        | 2 ++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ci-release.yml b/.github/workflows/ci-release.yml
index 4acf5d0124c..4fed7972bb5 100644
--- a/.github/workflows/ci-release.yml
+++ b/.github/workflows/ci-release.yml
@@ -43,6 +43,12 @@ jobs:
     - name: Install tools
       run: make install-ci
 
+    - name: Configure GPG Key
+      uses: crazy-max/ghaction-import-gpg@v1
+      env:
+        GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+        PASSPHRASE: ${{ secrets.GPG_PASSWORD }}
+
     - name: Build binaries
       id: build-binaries
       run: make build-all-platforms
@@ -55,7 +61,7 @@ jobs:
     - name: Upload binaries
       uses: svenstaro/upload-release-action@133984371c30d34e38222a64855679a414cb7575
       with:
-        file: '{deploy/*.tar.gz,deploy/*.zip,deploy/*.sha256sum.txt}'
+        file: '{deploy/*.tar.gz,deploy/*.zip,deploy/*.sha256sum.txt,deploy/*.asc}'
         file_glob: true
         tag: ${{ github.ref }}
         repo_token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/scripts/package-deploy.sh b/scripts/package-deploy.sh
index 599bcd75e46..c6da2787b31 100755
--- a/scripts/package-deploy.sh
+++ b/scripts/package-deploy.sh
@@ -74,3 +74,5 @@ package tar linux-arm64
 package tar linux-ppc64le
 # Create a checksum file for all non-checksum files in the deploy directory. Strips the leading 'deploy/' directory from filepaths. Sort by filename.
 find deploy \( ! -name '*sha256sum.txt' \) -type f -exec shasum -b -a 256 {} \; | sed -r 's#(\w+\s+\*?)deploy/(.*)#\1\2#' | sort -k2 | tee ./deploy/jaeger-$VERSION.sha256sum.txt
+# Setup gpg and sign the keys to include the files in the package. Exclude the checksum files created.
+find deploy \( ! -name '*sha256sum.txt' \) -type f -exec gpg --armor --detach-sign {} \; | sed -r 's#(\w+\s+\*?)deploy/(.*)#\1\2#' | sort -k2 | tee ./deploy/jaeger-$VERSION.asc

From b0430e8a31eda495502724f0ece3cc6e54c57dc9 Mon Sep 17 00:00:00 2001
From: Jonah Kowall <jkowall@kowall.net>
Date: Wed, 9 Nov 2022 12:27:49 -0500
Subject: [PATCH 2/2] Change secret variable

Co-authored-by: Yuri Shkuro <yurishkuro@users.noreply.github.com>
Signed-off-by: Jonah Kowall <jkowall@gmail.com>
---
 .github/workflows/ci-release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci-release.yml b/.github/workflows/ci-release.yml
index 4fed7972bb5..dea73882f1c 100644
--- a/.github/workflows/ci-release.yml
+++ b/.github/workflows/ci-release.yml
@@ -47,7 +47,7 @@ jobs:
       uses: crazy-max/ghaction-import-gpg@v1
       env:
         GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
-        PASSPHRASE: ${{ secrets.GPG_PASSWORD }}
+        PASSPHRASE: ${{ secrets. GPG_PASSPHRASE }}
 
     - name: Build binaries
       id: build-binaries