create and upload source signature after release publish

2026-05-25 06:01:31 +00:00 · 2022-12-07 14:52:33 +01:00
parent 0725a63b09
commit c61087e697
2 changed files with 28 additions and 12 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -42,15 +42,6 @@ jobs:
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-      - name: Sign source tarball with key 615D449FE6E6A235
-        if: startsWith(github.ref, 'refs/tags/')
-        run: |
-          git archive --prefix="cryptomator-${{ github.ref_name }}/" -o "cryptomator-${{ github.ref_name }}.tar.gz" ${{ github.ref }}
-          echo "${GPG_PRIVATE_KEY}" | gpg --batch --quiet --import
-          echo "${GPG_PASSPHRASE}" | gpg --batch --quiet --passphrase-fd 0 --pinentry-mode loopback -u 615D449FE6E6A235 --detach-sign -a cryptomator-*.tar.gz
-        env:
-          GPG_PRIVATE_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }}
-          GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
      - name: Draft a release
        if: startsWith(github.ref, 'refs/tags/')
        uses: softprops/action-gh-release@v1
@@ -59,9 +50,6 @@ jobs:
          discussion_category_name: releases
          token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
          generate_release_notes: true
-          files: |
-            cryptomator-*.tar.gz.asc
-          fail_on_unmatched_files: true
          body: |-
            :construction: Work in Progress
            
--- a/.github/workflows/post-publish.yml
+++ b/.github/workflows/post-publish.yml
@@ -0,0 +1,28 @@
+name: Post Release Publish Tasks
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  get-version:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Download source tarball
+        run: |
+          curl -L -H "Accept: application/vnd.github+json" ${{ github.event.release.tarball_url }} --output cryptomator-${{ github.event.release.tag_name }}.tar.gz
+      - name: Sign source tarball with key 615D449FE6E6A235
+        if: startsWith(github.ref, 'refs/tags/')
+        run: |
+          echo "${GPG_PRIVATE_KEY}" | gpg --batch --quiet --import
+          echo "${GPG_PASSPHRASE}" | gpg --batch --quiet --passphrase-fd 0 --pinentry-mode loopback -u 615D449FE6E6A235 --detach-sign -a cryptomator-*.tar.gz
+        env:
+          GPG_PRIVATE_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }}
+          GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
+      - name: Publish asc on GitHub Releases
+        uses: softprops/action-gh-release@v1
+        with:
+          fail_on_unmatched_files: true
+          token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
+          files: |
+            cryptomator-*.tar.gz.asc