diff --git a/.github/workflows/git-artifacts.yml b/.github/workflows/git-artifacts.yml index 14af08ad95..7272b08221 100644 --- a/.github/workflows/git-artifacts.yml +++ b/.github/workflows/git-artifacts.yml @@ -6,6 +6,7 @@ on: - workflow_dispatch env: + GPG_OPTIONS: "--batch --yes --no-tty --list-options no-show-photos --verify-options no-show-photos --pinentry-mode loopback" HOME: "${{github.workspace}}\\home" MSYSTEM: MINGW64 USERPROFILE: "${{github.workspace}}\\home" @@ -44,7 +45,21 @@ jobs: run: | d=git-sdk-64-build-installers/usr/src/build-extra && git clone --single-branch -b main https://github.com/git-for-windows/build-extra $d + - name: Prepare home directory for GPG signing + if: env.GPGKEY != '' + shell: bash + run: | + echo '${{secrets.PRIVGPGKEY}}' | tr % '\n' | gpg $GPG_OPTIONS --import && + mkdir -p home && + git config --global gpg.program "$PWD/git-sdk-64-build-installers/usr/src/build-extra/gnupg-with-gpgkey.sh" && + info="$(gpg --list-keys --with-colons "${GPGKEY%% *}" | cut -d : -f 1,10 | sed -n '/^uid/{s|uid:||p;q}')" && + git config --global user.name "${info% <*}" && + git config --global user.email "<${info#*<}" + env: + GPGKEY: ${{secrets.GPGKEY}} - name: Generate bundle artifacts + env: + GPGKEY: ${{secrets.GPGKEY}} shell: powershell run: | & .\git-sdk-64-build-installers\git-cmd.exe --command=usr\bin\bash.exe -lc @" @@ -59,12 +74,16 @@ jobs: echo \"prerelease-`${tag_name#v}\" >bundle-artifacts/ver && echo \"`${tag_name#v}\" >bundle-artifacts/display_version && echo \"`$tag_name\" >bundle-artifacts/next_version && - git tag -m \"Snapshot build\" \"`$tag_name\" FETCH_HEAD && + git tag `$(test -z \"`$GPGKEY\" || echo \" -s\") -m \"Snapshot build\" \"`$tag_name\" FETCH_HEAD && git bundle create bundle-artifacts/git.bundle origin/main..\"`$tag_name\" && sh -x /usr/src/build-extra/please.sh mention feature \"Snapshot of `$(git show -s --pretty='tformat:%h (%s, %ad)' --date=short FETCH_HEAD)\" && git -C /usr/src/build-extra bundle create \"`$PWD/bundle-artifacts/build-extra.bundle\" origin/main..main "@ + - name: Clean up temporary files + if: always() + shell: bash + run: rm -rf home - name: 'Publish Pipeline Artifact: bundle-artifacts' uses: actions/upload-artifact@v1 with: @@ -116,7 +135,19 @@ jobs: git remote add -f origin https://github.com/git-for-windows/git && git fetch --tags bundle-artifacts/git.bundle $(cat bundle-artifacts/next_version) && git reset --hard $(cat bundle-artifacts/next_version) + - name: Prepare home directory for GPG signing + if: env.GPGKEY != '' + shell: bash + run: | + echo '${{secrets.PRIVGPGKEY}}' | tr % '\n' | gpg $GPG_OPTIONS --import && + info="$(gpg --list-keys --with-colons "${GPGKEY%% *}" | cut -d : -f 1,10 | sed -n '/^uid/{s|uid:||p;q}')" && + git config --global user.name "${info% <*}" && + git config --global user.email "<${info#*<}" + env: + GPGKEY: ${{secrets.GPGKEY}} - name: Build mingw-w64-x86_64-git + env: + GPGKEY: "${{secrets.GPGKEY}}" shell: powershell run: | & git-sdk-64-makepkg-git\usr\bin\sh.exe -lc @" @@ -126,6 +157,13 @@ jobs: type -p mspdb140.dll || exit 1 sh -x /usr/src/build-extra/please.sh build-mingw-w64-git --only-64-bit --build-src-pkg -o artifacts HEAD && cp bundle-artifacts/ver artifacts/ && + if test -n \"`$GPGKEY\" + then + for tar in artifacts/*.tar* + do + /usr/src/build-extra/gnupg-with-gpgkey.sh --detach-sign --no-armor `$tar + done + fi && b=`$PWD/artifacts && version=`$(cat bundle-artifacts/next_version) && @@ -134,6 +172,10 @@ jobs: git commit -s -m \"mingw-w64-git: new version (`$version)\" PKGBUILD && git bundle create \"`$b\"/MINGW-packages.bundle origin/main..main) "@ + - name: Clean up temporary files + if: always() + shell: bash + run: rm -rf home - name: Publish mingw-w64-x86_64-git uses: actions/upload-artifact@v1 with: