Allow a Passphrase on the Key

facebook · Mar 15, 2021 · 2303306 · 2303306
1 parent eed64d7
commit 2303306
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/.github/workflows/publish-release-artifacts.yml b/.github/workflows/publish-release-artifacts.yml
@@ -17,6 +17,7 @@ jobs:
       - name: Archive
         env:
           RELEASE_SIGNING_KEY: ${{ secrets.RELEASE_SIGNING_KEY }}
+          RELEASE_SIGNING_KEY_PASSPHRASE: ${{ secrets.RELEASE_SIGNING_KEY_PASSPHRASE }}
         run: |
           # compute file name
           export TAG="$(echo "$GITHUB_REF" | sed -n 's_^refs/tags/__p')"
@@ -54,8 +55,8 @@ jobs:
           # sign
           if [ -n "$RELEASE_SIGNING_KEY" ]; then
             echo "$RELEASE_SIGNING_KEY" | gpg --import
-            gpg --armor --sign --sign-with signing@zstd.net --detach-sig --output $ZSTD_VERSION.tar.zst.sig $ZSTD_VERSION.tar.zst
-            gpg --armor --sign --sign-with signing@zstd.net --detach-sig --output $ZSTD_VERSION.tar.gz.sig  $ZSTD_VERSION.tar.gz
+            gpg --batch --no-use-agent --pinentry-mode loopback --no-tty --yes --armor --sign --sign-with signing@zstd.net --detach-sig --passphrase "$RELEASE_SIGNING_KEY_PASSPHRASE" --output $ZSTD_VERSION.tar.zst.sig $ZSTD_VERSION.tar.zst
+            gpg --batch --no-use-agent --pinentry-mode loopback --no-tty --yes --armor --sign --sign-with signing@zstd.net --detach-sig --passphrase "$RELEASE_SIGNING_KEY_PASSPHRASE" --output $ZSTD_VERSION.tar.gz.sig  $ZSTD_VERSION.tar.gz
           fi
 
       - name: Publish