@@ -631,28 +631,28 @@ jobs:
631631 tenant-id : ${{ secrets.AZURE_TENANT_ID }}
632632 subscription-id : ${{ secrets.AZURE_SUBSCRIPTION_ID }}
633633
634+ - name : Download GPG secrets
635+ id : gpg-secrets
636+ uses : ./.github/actions/akv-secret
637+ with :
638+ vault : ${{ secrets.AZURE_VAULT }}
639+ secrets : |
640+ ${{ secrets.LINUX_GPG_KEYGRIP_SECRET_NAME }} > $output:keygrip
641+ ${{ secrets.LINUX_GPG_PRIVATE_SECRET_NAME }} base64> $output:private-key
642+ ${{ secrets.LINUX_GPG_PASSPHRASE_SECRET_NAME }} > $output:passphrase
643+
634644name : Prepare for GPG signing
635- env :
636- AZURE_VAULT : ${{ secrets.AZURE_VAULT }}
637- GPG_KEY_SECRET_NAME : ${{ secrets.GPG_KEY_SECRET_NAME }}
638- GPG_PASSPHRASE_SECRET_NAME : ${{ secrets.GPG_PASSPHRASE_SECRET_NAME }}
639- GPG_KEYGRIP_SECRET_NAME : ${{ secrets.GPG_KEYGRIP_SECRET_NAME }}
640645 run : |
641646 # Install debsigs
642647 sudo apt-get install -y debsigs
643648
644- # Download GPG key, passphrase, and keygrip from Azure Key Vault
645- key="$(az keyvault secret show --name "$GPG_KEY_SECRET_NAME" --vault-name "$AZURE_VAULT" --query "value" --output tsv)"
646- passphrase="$(az keyvault secret show --name "$GPG_PASSPHRASE_SECRET_NAME" --vault-name "$AZURE_VAULT" --query "value" --output tsv)"
647- keygrip="$(az keyvault secret show --name "$GPG_KEYGRIP_SECRET_NAME" --vault-name "$AZURE_VAULT" --query "value" --output tsv)"
648-
649649 # Import GPG key
650- echo "$key" | base64 -d | gpg --import --no-tty --batch --yes
650+ echo -n '${{ steps.gpg-secrets.outputs.private-key }}' | gpg --import --no-tty --batch --yes
651651
652652 # Configure GPG
653653 echo "allow-preset-passphrase" > ~/.gnupg/gpg-agent.conf
654654 gpg-connect-agent RELOADAGENT /bye
655- /usr/lib/gnupg2/gpg-preset-passphrase --preset "$ keygrip" <<<"$ passphrase"
655+ /usr/lib/gnupg2/gpg-preset-passphrase --preset '${{ steps.gpg-secrets.outputs. keygrip }}' <<<'${{ steps.gpg-secrets.outputs. passphrase }}'
656656
657657name : Download artifacts
658658 uses : actions/download-artifact@v4
0 commit comments