jaegertracing · yurishkuro · Nov 9, 2022 · Nov 9, 2022 · Nov 9, 2022
@@ -43,6 +43,12 @@ jobs:
     - name: Install tools
       run: make install-ci
 
+    - name: Configure GPG Key
+      uses: crazy-max/ghaction-import-gpg@v1
+      env:
+        GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+        PASSPHRASE: ${{ secrets.GPG_PASSWORD }}
+
     - name: Build binaries
       id: build-binaries
       run: make build-all-platforms
@@ -55,7 +61,7 @@ jobs:
     - name: Upload binaries
       uses: svenstaro/upload-release-action@133984371c30d34e38222a64855679a414cb7575
       with:
-        file: '{deploy/*.tar.gz,deploy/*.zip,deploy/*.sha256sum.txt}'
+        file: '{deploy/*.tar.gz,deploy/*.zip,deploy/*.sha256sum.txt,deploy/*.asc}'
         file_glob: true
         tag: ${{ github.ref }}
         repo_token: ${{ secrets.GITHUB_TOKEN }}

@@ -74,3 +74,5 @@ package tar linux-arm64
 package tar linux-ppc64le
 # Create a checksum file for all non-checksum files in the deploy directory. Strips the leading 'deploy/' directory from filepaths. Sort by filename.
 find deploy \( ! -name '*sha256sum.txt' \) -type f -exec shasum -b -a 256 {} \; | sed -r 's#(\w+\s+\*?)deploy/(.*)#\1\2#' | sort -k2 | tee ./deploy/jaeger-$VERSION.sha256sum.txt
+# Setup gpg and sign the keys to include the files in the package. Exclude the checksum files created.
+find deploy \( ! -name '*sha256sum.txt' \) -type f -exec gpg --armor --detach-sign {} \; | sed -r 's#(\w+\s+\*?)deploy/(.*)#\1\2#' | sort -k2 | tee ./deploy/jaeger-$VERSION.asc