GitHub Action to sign artifacts or any file with GnuPG.
name: Example
on:
- push
- pull_request
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actionhippie/gpgsign@v1
with:
private_key: ${{ secrets.GNUPG_KEY }}
passphrase: ${{ secrets.GNUPG_PASSPHRASE }}
detach_sign: true
files: |
dist/*
excludes: |
dist/*.sha256
Private GPG key used for signing
Passphrase for the GPG key
Create ASCII armored output, defaults to true
Make a detached signature
Make a clear text signature
List of files to create a signature
List of files to exclude from signing
None
If you find a security issue please contact [email protected] first.
Fork -> Patch -> Push -> Pull Request
Apache-2.0
Copyright (c) 2022 Thomas Boerger <[email protected]>