aboutsummaryrefslogtreecommitdiff
path: root/.github/workflows
diff options
context:
space:
mode:
Diffstat (limited to '.github/workflows')
-rw-r--r--.github/workflows/release-build.yaml36
1 files changed, 34 insertions, 2 deletions
diff --git a/.github/workflows/release-build.yaml b/.github/workflows/release-build.yaml
index a3c82b0..9905137 100644
--- a/.github/workflows/release-build.yaml
+++ b/.github/workflows/release-build.yaml
@@ -78,7 +78,7 @@ jobs:
- name: "Install dependencies"
run: |-
- sudo apt-get install --yes python3-git python3-yaml
+ sudo apt-get install --yes python3-git python3-yaml debsigs devscripts
- name: "Checkout repository"
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
@@ -90,6 +90,22 @@ jobs:
- name: "Run builder for ${{ matrix.version }} ${{ matrix.arch }}"
run: |-
sudo --preserve-env ./build.py ${{ env.JELLYFIN_VERSION }} debian ${{ matrix.arch }} ${{ matrix.release }}
+ sudo chown --recursive $USER out/debian
+
+ - name: "Import repository signing GPG key"
+ run: |
+ echo -n "${{ secrets.DEBIAN_SIGNING_KEY }}" | base64 --decode | gpg --batch --yes --import
+
+ - name: "Sign Debian package and source files"
+ run: |
+ for file in out/debian/*.deb; do
+ debsigs --sign=origin --default-key=${{ secrets.DEBIAN_SIGNING_KEY_ID }} ${file}
+ done
+ debsign -k ${{ secrets.DEBIAN_SIGNING_KEY_ID }} out/debian/*.changes
+
+ - name: "Remove repository signing GPG key"
+ run: |
+ gpg --batch --yes --delete-secret-keys ${{ secrets.DEBIAN_SIGNING_KEY_ID }}
- name: "Upload artifacts to repository server"
uses: appleboy/scp-action@917f8b81dfc1ccd331fef9e2d61bdc6c8be94634 # v0.1.7
@@ -172,7 +188,7 @@ jobs:
- name: "Install dependencies"
run: |-
- sudo apt-get install --yes python3-git python3-yaml
+ sudo apt-get install --yes python3-git python3-yaml debsigs devscripts
- name: "Checkout repository"
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
@@ -184,6 +200,22 @@ jobs:
- name: "Run builder for ${{ matrix.version }} ${{ matrix.arch }}"
run: |-
sudo --preserve-env ./build.py ${{ env.JELLYFIN_VERSION }} ubuntu ${{ matrix.arch }} ${{ matrix.release }}
+ sudo chown --recursive $USER out/ubuntu
+
+ - name: "Import repository signing GPG key"
+ run: |
+ echo -n "${{ secrets.DEBIAN_SIGNING_KEY }}" | base64 --decode | gpg --batch --yes --import
+
+ - name: "Sign Ubuntu package and source files"
+ run: |
+ for file in out/ubuntu/*.deb; do
+ debsigs --sign=origin --default-key=${{ secrets.DEBIAN_SIGNING_KEY_ID }} ${file}
+ done
+ debsign -k ${{ secrets.DEBIAN_SIGNING_KEY_ID }} out/ubuntu/*.changes
+
+ - name: "Remove repository signing GPG key"
+ run: |
+ gpg --batch --yes --delete-secret-keys ${{ secrets.DEBIAN_SIGNING_KEY_ID }}
- name: "Upload artifacts to repository server"
uses: appleboy/scp-action@917f8b81dfc1ccd331fef9e2d61bdc6c8be94634 # v0.1.7
bgstack15