@@ -29,87 +29,43 @@ jobs:
2929 GPG_PUBLIC_KEY : ${{ secrets.GPG_PUBLIC_KEY }}
3030 run : |
3131 echo "Verifying tag signature for v${{ inputs.version }}..."
32- <<<<<<< Updated upstream
3332
3433 # Import GPG public key
35- =======
36- TAG_VERIFIED=false
37-
38- # Import GPG key if available
39- >>>>>>> Stashed changes
4034 if [ -n "$GPG_PUBLIC_KEY" ]; then
4135 echo "$GPG_PUBLIC_KEY" > /tmp/gpg_public_key.asc
4236 sed -i 's/\r$//' /tmp/gpg_public_key.asc
43- <<<<<<< Updated upstream
4437 # Make sure the key file has proper GPG armor headers
45- =======
46-
47- # Ensure key has proper PGP headers
48- >>>>>>> Stashed changes
4938 if ! grep -q "^-----BEGIN PGP PUBLIC KEY BLOCK-----" /tmp/gpg_public_key.asc; then
5039 echo "Adding PGP headers to key..."
5140 echo "-----BEGIN PGP PUBLIC KEY BLOCK-----" > /tmp/fixed_key.asc
5241 cat /tmp/gpg_public_key.asc >> /tmp/fixed_key.asc
5342 echo "-----END PGP PUBLIC KEY BLOCK-----" >> /tmp/fixed_key.asc
5443 mv /tmp/fixed_key.asc /tmp/gpg_public_key.asc
5544 fi
56- <<<<<<< Updated upstream
5745 # Import the key from the file
5846 gpg --batch --import /tmp/gpg_public_key.asc || echo "::warning::Failed to import GPG key, but continuing..."
5947 echo "GPG Public Key import attempted."
6048 echo "Available GPG keys:"
6149 gpg --list-keys
6250 rm -f /tmp/gpg_public_key.asc
63- =======
64-
65- # Import key with better error handling
66- gpg --batch --import /tmp/gpg_public_key.asc 2>/tmp/gpg_import_error || true
67- if [ -s /tmp/gpg_import_error ]; then
68- echo "::warning::GPG key import had issues:"
69- cat /tmp/gpg_import_error
70- fi
71-
72- echo "GPG Public Key imported. Available GPG keys:"
73- gpg --list-keys
74- rm -f /tmp/gpg_public_key.asc /tmp/gpg_import_error
75- >>>>>>> Stashed changes
7651 else
7752 echo "::warning::GPG_PUBLIC_KEY secret not found. Will skip signature verification."
7853 fi
7954
80- <<<<<<< Updated upstream
8155 # Check if tag exists in local repository
8256 if ! git tag -l "v${{ inputs.version }}" | grep -q "v${{ inputs.version }}"; then
8357 echo "Tag not found in local repository, attempting to fetch from remote..."
8458 git fetch origin tag "v${{ inputs.version }}" --no-tags
8559 fi
8660
8761 # Verify that the tag exists now
88- =======
89- # Make sure tag exists
90- if ! git tag -l "v${{ inputs.version }}" | grep -q "v${{ inputs.version }}"; then
91- echo "Tag not found in local repository, attempting to fetch from remote..."
92- git fetch origin tag "v${{ inputs.version }}" --no-tags || echo "Could not fetch tag from remote"
93- fi
94-
95- # Check if tag exists
96- >>>>>>> Stashed changes
9762 if ! git tag -l "v${{ inputs.version }}" | grep -q "v${{ inputs.version }}"; then
9863 echo "::error::Tag v${{ inputs.version }} not found in both local and remote repositories!"
9964 exit 1
10065 fi
10166
102- <<<<<<< Updated upstream
10367 # Attempt to verify the tag signature
10468 if git verify-tag "v${{ inputs.version }}" 2>&1 | grep -q "Good signature"; then
105- =======
106- # Try signature verification (but don't fail if not signed)
107- echo "Attempting to verify tag signature..."
108- VERIFY_OUTPUT=$(git verify-tag "v${{ inputs.version }}" 2>&1) || true
109- echo "Verification output : $VERIFY_OUTPUT"
110-
111- if echo "$VERIFY_OUTPUT" | grep -q "Good signature"; then
112- >>>>>>> Stashed changes
11369 echo "✅ Tag v${{ inputs.version }} has a valid GPG signature!"
11470 TAG_VERIFIED=true
11571 else
@@ -118,12 +74,9 @@ jobs:
11874 echo "For fully verified releases, please use a GPG-signed tag:"
11975 echo " git tag -s v${{ inputs.version }} -m \"Release version ${{ inputs.version }}\""
12076 echo " git push origin v${{ inputs.version }}"
121- <<<<<<< Updated upstream
12277
12378 # Enforce signed tags for verified releases
12479 exit 1
125- =======
126- >>>>>>> Stashed changes
12780 fi
12881
12982 # Set verification status for later steps
0 commit comments