db s3 action

FriendlyCM · FriendlyCM · commit fd0c457ef641 · 2025-04-13T11:51:41.000+08:00
diff --git a/.github/workflows/docker-s3-deploy.yml b/.github/workflows/docker-s3-deploy.yml
@@ -28,6 +28,23 @@ jobs:
             exit 1
           fi
 
+      - name: Import GPG key
+        uses: crazy-max/ghaction-import-gpg@v6
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.GPG_PASSPHRASE }}
+
+      - name: Sign tron-docker.zip with GPG
+        run: |
+          gpg --detach-sign --armor tron-docker.zip
+          # This creates tron-docker.zip.asc (ASCII-armored signature)
+
+      - name: Export GPG public key to tron-docker-099228E1.pub
+        run: |
+          gpg --armor --export > tron-docker-099228E1.pub
+          # Optional: Set restrictive permissions
+          chmod 600 tron-docker-099228E1.pub
+
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
@@ -39,3 +56,8 @@ jobs:
         run: |
           aws s3 cp tron-docker.zip s3://${{ github.event.inputs.bucket-name }}/package/publish-latest.zip
           aws s3 cp tron-docker.zip s3://${{ github.event.inputs.bucket-name }}/package/publish-v0.1.1.zip
+
+          zip -r public.zip tron-docker.zip tron-docker.zip.asc
+          aws s3 cp tron-docker-099228E1.pub s3://${{ github.event.inputs.bucket-name }}/public-keys/tron-docker-099228E1.pub
+          aws s3 cp tron-docker-099228E1.pub s3://${{ github.event.inputs.bucket-name }}/signatures/tron-docker.zip.asc
+          aws s3 cp tron-docker.zip s3://${{ github.event.inputs.bucket-name }}/tron-docker.zip
