fix: gpg key usage in deb repo workflow

ceramicnetwork · Jul 16, 2024 · c9fab7a · c9fab7a
1 parent 5a843ab
commit c9fab7a
Showing 1 changed file with 9 additions and 4 deletions.
diff --git a/.github/workflows/update-deb-repo.yml b/.github/workflows/update-deb-repo.yml
@@ -37,17 +37,22 @@ jobs:
           GPG_PASSPHRASE: ${{ secrets.REPO_GPG_PASSPHRASE }}
         run: |
           echo "$GPG_PRIVATE_KEY" | gpg --batch --import --pinentry-mode loopback
-          echo "allow-preset-passphrase" > ~/.gnupg/gpg-agent.conf
-          gpg-connect-agent reloadagent /bye
-          /usr/lib/gnupg2/gpg-preset-passphrase --preset "$GPG_PASSPHRASE"
 
+      - name: Configure GPG to use passphrase
+        env:
+          GPG_PASSPHRASE: ${{ secrets.REPO_GPG_PASSPHRASE }}
+        run: |
+          echo "use-agent" > ~/.gnupg/gpg.conf
+          echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf
+          echo "allow-loopback-pinentry" > ~/.gnupg/gpg-agent.conf
+          echo "RELOADAGENT" | gpg-connect-agent
 
       - name: Update Deb Repo
         working-directory: debian-repo
         env:
           GPG_PASSPHRASE: ${{ secrets.REPO_GPG_PASSPHRASE }}
         run: |
-          GNUPGHOME=~/.gnupg reprepro --basedir . includedeb stable ../ceramic-one.deb
+          echo "$GPG_PASSPHRASE" | GNUPGHOME=~/.gnupg reprepro --basedir . includedeb stable ../ceramic-one.deb
 
       - name: Commit and Push changes
         working-directory: debian-repo