@@ -179,6 +179,7 @@ jobs:
179179 env :
180180 MINISIGN_KEY : ${{ secrets.MINISIGN_KEY }}
181181 MINISIGN_PUB : ${{ secrets.MINISIGN_PUB }}
182+ MINISIGN_PASSWORD : ${{ secrets.MINISIGN_PASSWORD }}
182183 GPG_PRIVATE_KEY : ${{ secrets.GPG_PRIVATE_KEY }}
183184 GPG_PASSPHRASE : ${{ secrets.GPG_PASSPHRASE }}
184185 run : |
@@ -223,7 +224,12 @@ jobs:
223224
224225 sha256sum "${files[@]}" "${sboms[@]}" > dist/SHA256SUMS
225226
226- minisign -S -s out/minisign.key -p out/minisign.pub -m dist/SHA256SUMS
227+ minisign_args=(-S -s out/minisign.key -p out/minisign.pub)
228+ if [ -n "${MINISIGN_PASSWORD:-}" ]; then
229+ minisign_args+=(-P "$MINISIGN_PASSWORD")
230+ fi
231+
232+ minisign "${minisign_args[@]}" -m dist/SHA256SUMS
227233 if [ -n "${GPG_PASSPHRASE:-}" ]; then
228234 gpg --batch --yes --pinentry-mode loopback --passphrase "$GPG_PASSPHRASE" \
229235 --local-user "$key_id" --armor --detach-sign -o dist/SHA256SUMS.asc dist/SHA256SUMS
@@ -232,7 +238,7 @@ jobs:
232238 fi
233239
234240 for f in "${files[@]}"; do
235- minisign -S -s out/minisign.key -p out/minisign.pub -m "$f"
241+ minisign "${minisign_args[@]}" -m "$f"
236242 if [ -n "${GPG_PASSPHRASE:-}" ]; then
237243 gpg --batch --yes --pinentry-mode loopback --passphrase "$GPG_PASSPHRASE" \
238244 --local-user "$key_id" --armor --detach-sign -o "$f.asc" "$f"
0 commit comments