Create other binaries #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Sign Go Application 2 | |
| on: | |
| workflow_dispatch: | |
| jobs: | |
| build-and-sign: | |
| environment: prod | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Retrieve secrets from Keeper | |
| id: ksecrets | |
| uses: Keeper-Security/ksm-action@master | |
| with: | |
| keeper-secret-config: ${{ secrets.KSM_CONFIG }} | |
| secrets: |- | |
| bavsKZY_NufFZGqwyduvGw/field/password > PASSWORD | |
| bavsKZY_NufFZGqwyduvGw/file/private.key > file:/tmp/private.key | |
| bavsKZY_NufFZGqwyduvGw/file/public.key > file:/tmp/public.key | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: '1.18' | |
| - name: Import GPG Key | |
| run: | | |
| echo "${{ steps.ksecrets.outputs.PASSWORD }}" | gpg --batch --yes --passphrase-fd 0 --import /tmp/private.key | |
| env: | |
| GPG_PRIVATE_KEY: ${{ steps.ksecrets.outputs.PASSWORD }} | |
| - name: Build, Sign, and Upload binaries | |
| run: | | |
| mkdir -p artifacts | |
| GOOS=linux GOARCH=amd64 go build -o hello-world-linux main.go | |
| echo "${{ steps.ksecrets.outputs.PASSWORD }}" | gpg --batch --yes --passphrase-fd 0 --pinentry-mode loopback --armor --output hello-world-linux.sig --detach-sign hello-world-linux | |
| mv hello-world-linux hello-world-linux.sig artifacts/ | |
| GOOS=windows GOARCH=amd64 go build -o hello-world-windows.exe main.go | |
| echo "${{ steps.ksecrets.outputs.PASSWORD }}" | gpg --batch --yes --passphrase-fd 0 --pinentry-mode loopback --armor --output hello-world-windows.exe.sig --detach-sign hello-world-windows.exe | |
| mv hello-world-windows.exe hello-world-windows.exe.sig artifacts/ | |
| GOOS=darwin GOARCH=amd64 go build -o hello-world-macos main.go | |
| echo "${{ steps.ksecrets.outputs.PASSWORD }}" | gpg --batch --yes --passphrase-fd 0 --pinentry-mode loopback --armor --output hello-world-macos.sig --detach-sign hello-world-macos | |
| mv hello-world-macos hello-world-macos.sig artifacts/ | |
| env: | |
| GPG_PASSPHRASE: ${{ steps.ksecrets.outputs.PASSWORD }} | |
| - name: Upload signed binaries | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: signed-binaries | |
| path: artifacts/ |