diff options
Diffstat (limited to '.github/workflows/release-build.yaml')
| -rw-r--r-- | .github/workflows/release-build.yaml | 36 |
1 files changed, 34 insertions, 2 deletions
diff --git a/.github/workflows/release-build.yaml b/.github/workflows/release-build.yaml index a3c82b0..9905137 100644 --- a/.github/workflows/release-build.yaml +++ b/.github/workflows/release-build.yaml @@ -78,7 +78,7 @@ jobs: - name: "Install dependencies" run: |- - sudo apt-get install --yes python3-git python3-yaml + sudo apt-get install --yes python3-git python3-yaml debsigs devscripts - name: "Checkout repository" uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 @@ -90,6 +90,22 @@ jobs: - name: "Run builder for ${{ matrix.version }} ${{ matrix.arch }}" run: |- sudo --preserve-env ./build.py ${{ env.JELLYFIN_VERSION }} debian ${{ matrix.arch }} ${{ matrix.release }} + sudo chown --recursive $USER out/debian + + - name: "Import repository signing GPG key" + run: | + echo -n "${{ secrets.DEBIAN_SIGNING_KEY }}" | base64 --decode | gpg --batch --yes --import + + - name: "Sign Debian package and source files" + run: | + for file in out/debian/*.deb; do + debsigs --sign=origin --default-key=${{ secrets.DEBIAN_SIGNING_KEY_ID }} ${file} + done + debsign -k ${{ secrets.DEBIAN_SIGNING_KEY_ID }} out/debian/*.changes + + - name: "Remove repository signing GPG key" + run: | + gpg --batch --yes --delete-secret-keys ${{ secrets.DEBIAN_SIGNING_KEY_ID }} - name: "Upload artifacts to repository server" uses: appleboy/scp-action@917f8b81dfc1ccd331fef9e2d61bdc6c8be94634 # v0.1.7 @@ -172,7 +188,7 @@ jobs: - name: "Install dependencies" run: |- - sudo apt-get install --yes python3-git python3-yaml + sudo apt-get install --yes python3-git python3-yaml debsigs devscripts - name: "Checkout repository" uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 @@ -184,6 +200,22 @@ jobs: - name: "Run builder for ${{ matrix.version }} ${{ matrix.arch }}" run: |- sudo --preserve-env ./build.py ${{ env.JELLYFIN_VERSION }} ubuntu ${{ matrix.arch }} ${{ matrix.release }} + sudo chown --recursive $USER out/ubuntu + + - name: "Import repository signing GPG key" + run: | + echo -n "${{ secrets.DEBIAN_SIGNING_KEY }}" | base64 --decode | gpg --batch --yes --import + + - name: "Sign Ubuntu package and source files" + run: | + for file in out/ubuntu/*.deb; do + debsigs --sign=origin --default-key=${{ secrets.DEBIAN_SIGNING_KEY_ID }} ${file} + done + debsign -k ${{ secrets.DEBIAN_SIGNING_KEY_ID }} out/ubuntu/*.changes + + - name: "Remove repository signing GPG key" + run: | + gpg --batch --yes --delete-secret-keys ${{ secrets.DEBIAN_SIGNING_KEY_ID }} - name: "Upload artifacts to repository server" uses: appleboy/scp-action@917f8b81dfc1ccd331fef9e2d61bdc6c8be94634 # v0.1.7 |