Remove the github action package signing step

This will be done elsewhere.
2026-06-03 08:46:42 +00:00 · 2022-11-18 16:02:44 -08:00
parent 041aba9a0b
commit 5c9dce0f8a
2 changed files with 0 additions and 75 deletions
--- a/.github/actions/sign/action.yml
+++ b/.github/actions/sign/action.yml
@@ -1,21 +0,0 @@
-name: 'Sign packages'
-runs:
-  using: "composite"
-
-  steps:
-    - name: Sign
-      shell: bash
-      run: |
-        set -ex -o pipefail
-        echo "$GPG_KEY_B64"| base64 -d | gpg --batch --no-tty --allow-secret-key-import --import -
-        unset GPG_KEY_B64
-        export GPG_PASSPHRASE=$(echo $GPG_KEY_PASS_B64 | base64 -di)
-        unset GPG_KEY_PASS_B64
-        export GPG_KEYID=$(gpg --with-colon --list-secret-keys | head -n1 | cut -d : -f 5)
-        for PKG in $(ls *.deb); do
-          dpkg-sig \
-            -g "--no-tty --digest-algo 'sha512' --passphrase '${GPG_PASSPHRASE}' --pinentry-mode=loopback" \
-                  -k "${GPG_KEYID}" \
-                  --sign builder \
-                  $PKG
-        done
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -67,60 +67,6 @@ jobs:
          name: clio_tests-${{ matrix.type.suffix }}
          path: ${{ github.workspace }}/clio_tests

-  sign:
-    name: Sign packages
-    needs: build_clio
-    runs-on: ubuntu-20.04
-    if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/release' || github.ref == 'refs/heads/develop'
-    env:
-      GPG_KEY_B64: ${{ secrets.GPG_KEY_B64 }}
-      GPG_KEY_PASS_B64: ${{ secrets.GPG_KEY_PASS_B64 }}
-    strategy:
-      fail-fast: false
-      matrix:
-        type:
-          - suffix: deb
-            image: ubuntu:20.04
-            script: dpkg
-          # - suffix: rpm
-          #   image: centos:7
-          #   script: rpm
-    container:
-      image: ${{ matrix.type.image }}
-    steps:
-      - uses: actions/checkout@v3
-      - name: Install dpkg-sig
-        run: |
-          apt-get update && apt-get install -y dpkg-sig gnupg
-      - name: Get package artifact
-        uses: actions/download-artifact@v3
-        with:
-          name: clio_${{ matrix.type.suffix }}_packages
-
-      - name: find packages
-        run: find . -name "*.${{ matrix.type.suffix }}"
-
-      - name: Sign packages
-        uses: ./.github/actions/sign
-
-
-      - name: Verify the signature
-        run: |
-          set -e
-          for PKG in $(ls *.deb); do
-            gpg --verify "${PKG}"
-          done
-
-      - name: Get short SHA
-        id: shortsha
-        run: echo "::set-output name=sha8::$(echo ${GITHUB_SHA} | cut -c1-8)"
-
-      - name: Artifact signed packages
-        uses: actions/upload-artifact@v2
-        with:
-          name: signed-clio-deb-packages-${{ steps.shortsha.outputs.sha8 }}
-          path: ${{ github.workspace }}/*.deb
-
  test_clio:
    name: Test Clio
    runs-on: [self-hosted, Linux]