Use private key to sign packagte #11
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Push packages | |
on: | |
# TODO: remove once tested | |
pull_request: | |
push: | |
branches: | |
- main | |
jobs: | |
build-packages: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Save private key to temp file | |
run: 'echo "$SECRET" > melange.rsa' | |
env: | |
SECRET: ${{ secrets.MELANGE_PRIVATE_KEY }} | |
# TODO: if new packages list grows, automation of listing packages would be handy | |
- name: Build signed packages specific to this repo | |
run: | | |
docker run --privileged --rm -v $(pwd):/work cgr.dev/chainguard/melange build --signing-key melange.rsa --arch=x86_64 poppler.yaml | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v3 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-east-1 | |
- name: Upload index to s3 | |
run: | | |
aws s3 cp --recursive packages/x86_64 s3://wolfi-packages/x86_64 --acl public-read |