From c9fab7a3551bb515d8259e59526cda1c12335f39 Mon Sep 17 00:00:00 2001
From: Ben Wilson <ben@3box.io>
Date: Tue, 16 Jul 2024 16:48:43 -0400
Subject: [PATCH] fix: gpg key usage in deb repo workflow

---
 .github/workflows/update-deb-repo.yml | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/update-deb-repo.yml b/.github/workflows/update-deb-repo.yml
index a4dcfd754..15ade1d74 100644
--- a/.github/workflows/update-deb-repo.yml
+++ b/.github/workflows/update-deb-repo.yml
@@ -37,17 +37,22 @@ jobs:
           GPG_PASSPHRASE: ${{ secrets.REPO_GPG_PASSPHRASE }}
         run: |
           echo "$GPG_PRIVATE_KEY" | gpg --batch --import --pinentry-mode loopback
-          echo "allow-preset-passphrase" > ~/.gnupg/gpg-agent.conf
-          gpg-connect-agent reloadagent /bye
-          /usr/lib/gnupg2/gpg-preset-passphrase --preset "$GPG_PASSPHRASE"
 
+      - name: Configure GPG to use passphrase
+        env:
+          GPG_PASSPHRASE: ${{ secrets.REPO_GPG_PASSPHRASE }}
+        run: |
+          echo "use-agent" > ~/.gnupg/gpg.conf
+          echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf
+          echo "allow-loopback-pinentry" > ~/.gnupg/gpg-agent.conf
+          echo "RELOADAGENT" | gpg-connect-agent
 
       - name: Update Deb Repo
         working-directory: debian-repo
         env:
           GPG_PASSPHRASE: ${{ secrets.REPO_GPG_PASSPHRASE }}
         run: |
-          GNUPGHOME=~/.gnupg reprepro --basedir . includedeb stable ../ceramic-one.deb
+          echo "$GPG_PASSPHRASE" | GNUPGHOME=~/.gnupg reprepro --basedir . includedeb stable ../ceramic-one.deb
 
       - name: Commit and Push changes
         working-directory: debian-repo