3636 type : string
3737
3838 secrets :
39- GPG_PRIVATE_KEY :
40- required : true
41- PASSPHRASE :
42- required : true
43- SSH_KEY_TORRENTS :
39+ PRIMARY_KEY :
40+ required : false
41+ PRIMARY_PASS :
42+ required : false
43+ SECONDARY_KEY :
44+ required : false
45+ SECONDARY_PASS :
4446 required : false
45- KNOWN_HOSTS_UPLOAD :
47+ TERTIARY_KEY :
4648 required : false
49+ TERTIARY_PASS :
50+ required : false
51+
52+ env :
53+ PRIMARY_KEY : ${{ secrets.PRIMARY_KEY }}
54+ PRIMARY_PASS : ${{ secrets.PRIMARY_PASS }}
55+ SECONDARY_KEY : ${{ secrets.SECONDARY_KEY }}
56+ SECONDARY_PASS : ${{ secrets.SECONDARY_PASS }}
57+ TERTIARY_KEY : ${{ secrets.TERTIARY_KEY }}
58+ TERTIARY_PASS : ${{ secrets.TERTIARY_PASS }}
4759
4860jobs :
4961
5062 prepare :
63+ name : Prepare releases
64+ if : ${{ github.repository_owner == 'Armbian' }}
5165 runs-on : ubuntu-latest
5266 outputs :
5367 matrix : ${{ steps.prep.outputs.matrix }}
@@ -178,23 +192,43 @@ jobs:
178192 path : repository
179193 ref : repository
180194
181- - name : Import GPG key
182- id : import_gpg
195+ - name : Import PRIMARY GPG key
196+ id : import_gpg_primary
197+ if : env.PRIMARY_KEY != ''
198+ uses : crazy-max/ghaction-import-gpg@v6
199+ with :
200+ gpg_private_key : ${{ secrets.PRIMARY_KEY }}
201+ passphrase : ${{ secrets.PRIMARY_PASS || '' }}
202+
203+ - name : Import SECONDARY GPG key
204+ id : import_gpg_secondary
205+ if : env.SECONDARY_KEY != ''
183206 uses : crazy-max/ghaction-import-gpg@v6
184207 with :
185- gpg_private_key : ${{ secrets.GPG_PRIVATE_KEY }}
186- passphrase : ${{ secrets.PASSPHRASE }}
208+ gpg_private_key : ${{ secrets.SECONDARY_KEY }}
209+ passphrase : ${{ secrets.SECONDARY_PASS || '' }}
210+
211+ - name : Import TERTIARY GPG key
212+ id : import_gpg_tertiary
213+ if : env.TERTIARY_KEY != ''
214+ uses : crazy-max/ghaction-import-gpg@v6
215+ with :
216+ gpg_private_key : ${{ secrets.TERTIARY_KEY }}
217+ passphrase : ${{ secrets.TERTIARY_PASS || '' }}
187218
188219 - name : Configure git identity
189220 working-directory : repository
221+ env :
222+ GPG_TTY : ${{ env.GPG_TTY || '/dev/tty' }}
190223 run : |
191224
192- echo "Testing signing" | gpg --sign --armor
193-
194- gpg -K
195- echo "#"
196- git config user.name github-actions
197- git config user.email github-actions@github.com
225+ echo "Available GPG keys:"
226+ gpg --list-secret-keys --keyid-format LONG
227+ git config user.name "github-actions"
228+ git config user.email "github-actions@github.com"
229+ echo "data" | gpg --armor --batch --yes --local-user DF00FAF1C577104B50BF1D0093D6889F9F0E78D5 --sign # need password
230+ # echo "data" | gpg --armor --batch --yes --local-user B4A41B81566CC20009232FE45CD410F6B3CBB6BB --sign # need password
231+ echo "data" | gpg --armor --batch --yes --local-user 8CFA83D13EB2181EEF5843E41EB30FAF236099FE --sign
198232
199233name : Deploy packages
200234 run : |
@@ -214,7 +248,6 @@ jobs:
214248 Architectures: amd64 arm64 armhf riscv64
215249 Components: main
216250 Description: Armbian development repo
217- SignWith: DF00FAF1C577104B50BF1D0093D6889F9F0E78D5
218251 EOD
219252
220253 # Determine a list of binary debs to include in the repo
@@ -242,6 +275,23 @@ jobs:
242275 echo "Repository generated at ${REPO_DIR}/"
243276 fi
244277
278+ echo "Sign repo"
279+ GPG_PARAMETERS=(
280+ "--yes"
281+ "--armor"
282+ "-u" "DF00FAF1C577104B50BF1D0093D6889F9F0E78D5" # Igor Pecovnik (Ljubljana, Slovenia) <igor.pecovnik@gmail.com>
283+ "-u" "8CFA83D13EB2181EEF5843E41EB30FAF236099FE" # Armbian Repository Signing Key (Repository Key) <info@armbian.com>
284+ )
285+ for i in ${REPO_DIR}/dists/*/Release
286+ do
287+ DISTRO_PATH="$(dirname "$i")"
288+ echo $DISTRO_PATH
289+ gpg "${GPG_PARAMETERS[@]}" --clear-sign -o "$DISTRO_PATH/InRelease" "$i"
290+ gpg "${GPG_PARAMETERS[@]}" --detach-sign -o "$DISTRO_PATH/Release.gpg" "$i"
291+ done
292+
293+
294+
245295 cd ${REPO_DIR}
246296 git add .
247297 git commit -m "Updating repo" || true
0 commit comments