Skip to content

Use private key to sign packagte #11

Use private key to sign packagte

Use private key to sign packagte #11

Workflow file for this run

name: Push packages
on:
# TODO: remove once tested
pull_request:
push:
branches:
- main
jobs:
build-packages:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Save private key to temp file
run: 'echo "$SECRET" > melange.rsa'
env:
SECRET: ${{ secrets.MELANGE_PRIVATE_KEY }}
# TODO: if new packages list grows, automation of listing packages would be handy
- name: Build signed packages specific to this repo
run: |
docker run --privileged --rm -v $(pwd):/work cgr.dev/chainguard/melange build --signing-key melange.rsa --arch=x86_64 poppler.yaml
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v3
with:
aws-access-key-id: ${{ secrets.AWS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: Upload index to s3
run: |
aws s3 cp --recursive packages/x86_64 s3://wolfi-packages/x86_64 --acl public-read