Skip to content

Commit 07fb95c

Browse files
ldenningtondscho
ldennington
authored and
dscho
committed
build-git-installers: publish gpg public key
Update build-git-installers workflow to publish `microsoft/git`'s GPG public key as part of each release. Add explanation for how to use this key to verify the Debian package's signature to the README.
1 parent b92f293 commit 07fb95c

File tree

1 file changed

+21
-0
lines changed

1 file changed

+21
-0
lines changed

.github/workflows/build-git-installers.yml

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -703,11 +703,13 @@ jobs:
703703
runs-on: ubuntu-latest
704704
permissions:
705705
contents: write
706+
id-token: write # required for Azure login via OIDC
706707
needs:
707708
- create-linux-artifacts
708709
- create-macos-artifacts
709710
- windows_artifacts
710711
- prereqs
712+
environment: release
711713
if: |
712714
success() ||
713715
(needs.create-linux-artifacts.result == 'skipped' &&
@@ -750,6 +752,25 @@ jobs:
750752
name: linux-artifacts
751753
path: deb-package
752754

755+
- name: Log into Azure
756+
uses: azure/login@v2
757+
with:
758+
client-id: ${{ secrets.AZURE_CLIENT_ID }}
759+
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
760+
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
761+
762+
- name: Check out repository (for akv-secret Action)
763+
uses: actions/checkout@v4
764+
with:
765+
path: git
766+
767+
- name: Download Linux GPG public key signature file
768+
uses: ./git/.github/actions/akv-secret
769+
with:
770+
vault: ${{ secrets.AZURE_VAULT }}
771+
secrets: |
772+
${{ secrets.LINUX_GPG_PUBLIC_SECRET_NAME }} base64> deb-package/msft-git-public.asc
773+
753774
- uses: actions/github-script@v6
754775
with:
755776
script: |

0 commit comments

Comments
 (0)