Stop using s3 for packaging signing key

Robert Marshall · Robert Marshall · commit 3985f67dbb40 · 2024-01-26T00:15:07.000-05:00
- Stop pulling the package signing key from s3. This removes the final dependency requirement for awscli in the container build images. Closes https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/8393 Related https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/8398 Related https://gitlab.com/gitlab-org/gitlab-omnibus-builder/-/issues/78 Related https://gitlab.com/gitlab-org/gitlab-omnibus-builder/-/issues/77 Signed-off-by: Robert Marshall <rmarshall@gitlab.com>
diff --git a/support/import_gpg_secrets.sh b/support/import_gpg_secrets.sh
@@ -1,10 +1,7 @@
 #!/bin/bash
 # GPG key for package signing
-if [ -n "$SECRET_AWS_ACCESS_KEY_ID" ]; then
-  echo -e "[default]\naws_access_key_id = $AWS_ACCESS_KEY_ID \naws_secret_access_key = $AWS_SECRET_ACCESS_KEY" > ~/.aws/config
-  AWS_ACCESS_KEY_ID="$SECRET_AWS_ACCESS_KEY_ID" AWS_SECRET_ACCESS_KEY="$SECRET_AWS_SECRET_ACCESS_KEY" aws s3 cp s3://omnibus-sig/package.sig.key .
-  gpg --batch --no-tty --allow-secret-key-import --import package.sig.key
-  rm package.sig.key
+if [ -n "$PACKAGE_SIGNING_KEY_FILE" ]; then
+  gpg --batch --no-tty --allow-secret-key-import --import "$PACKAGE_SIGNING_KEY_FILE"
 else
   echo "No GPG secret key were imported."
 fi
