added full signing example of gpg signing

moved away from this pr: https://github.com/rehlds/ReHLDS/actions/runs/12416117825/job/34664003176?pr=1069

.github/workflows/gpg-signing.yml.example

@@ -0,0 +1,185 @@
+#  linux:
+#    name: 'Linux'
+#    runs-on: ubuntu-24.04
+#
+#    steps:
+#      - name: Checkout
+#        uses: actions/checkout@v4
+#        with:
+#          fetch-depth: 0
+#
+#      - name: Install dependencies
+#        run: |
+#          dpkg --add-architecture i386
+#          apt-get update
+#          apt-get install -y \
+#            gcc-multilib g++-multilib \
+#            build-essential \
+#            libc6-dev libc6-dev-i386 \
+#            git cmake rsync \
+#            g++ gcc
+#
+#
+#      - name: GPG Import
+#        run: |
+#          echo "${{ secrets.REHLDS_PUB_ASC }}" > "${{ secrets.REHLDS_PUB_ASC_FILE }}"
+#          echo "${{ secrets.REHLDS_KEY_ASC }}" > "${{ secrets.REHLDS_KEY_ASC_FILE }}"
+#
+#          # Import the public key
+#          gpg --batch --yes --import "${{ secrets.REHLDS_PUB_ASC_FILE }}"
+#          if [[ $? -ne 0 ]]; then
+#            echo "Error: Failed to import the public key"
+#            exit 1
+#          fi
+#          
+#          # Import the private key
+#          gpg --batch --yes --import "${{ secrets.REHLDS_KEY_ASC_FILE }}"
+#          if [[ $? -ne 0 ]]; then
+#            echo "Error: Failed to import the private key"
+#            exit 2
+#          fi
+#          
+#          # Extract the fingerprint of the imported public key
+#          REHLDS_LINUX_FINGERPRINT=$(gpg --list-keys --with-colons | grep '^fpr' | head -n 1 | cut -d: -f10)
+#          
+#          # Check if the fingerprint was extracted
+#          if [[ -z "$REHLDS_LINUX_FINGERPRINT" ]]; then
+#            echo "Error: Failed to extract the fingerprint of the key"
+#            exit 3
+#          fi
+#          
+#          # Set the trust level for the key
+#          echo "$REHLDS_LINUX_FINGERPRINT:6:" | gpg --batch --import-ownertrust
+#          if [ $? -ne 0 ]; then
+#            echo "Error: Failed to set trust for the key $REHLDS_LINUX_FINGERPRINT"
+#            exit 4
+#          fi
+#          
+#          echo "Key $REHLDS_LINUX_FINGERPRINT successfully imported and trusted"
+#          gpg --list-keys
+#
+#          #export for global use
+#          echo "REHLDS_LINUX_FINGERPRINT=$REHLDS_LINUX_FINGERPRINT" >> $GITHUB_ENV
+#        shell: bash
+#        
+#      - name: Find and Sign Files
+#        run: |
+#
+#          # Define directory containing files
+#          TARGET_DIR="publish/bin"
+#
+#          # Find and sign each file
+#          find "$TARGET_DIR" -type f -name "*" | while read -r FILE; do
+#            echo "Signing $FILE..."
+#            gpg --batch --yes --detach-sign --armor -u "$REHLDS_LINUX_FINGERPRINT" "$FILE"
+#            if [ $? -ne 0 ]; then
+#              echo "Error: Failed to sign $FILE"
+#              exit 4
+#            fi
+#            echo "$FILE signed successfully."
+#          done
+#        shell: bash
+#
+#      - name: Verify Signatures
+#        run: |
+#
+#          # Verify the generated signatures
+#          TARGET_DIR="publish/bin"
+#          find "$TARGET_DIR" -type f -not -name "*.asc" | while read -r FILE; do
+#            echo "Verifying signature for $FILE..."
+#            gpg --verify "$FILE.asc" "$FILE"
+#            if [ $? -ne 0 ]; then
+#              echo "Error: Signature verification failed for $FILE"
+#              exit 5
+#            fi
+#            echo "Signature for $FILE is valid."
+#          done
+#        shell: bash
+#
+#  publish:
+#    name: 'Publish'
+#    runs-on: ubuntu-24.04
+#    needs: [windows, testdemos, linux]
+#
+#    steps:
+#      - name: Deploying linux artifacts
+#        uses: actions/download-artifact@v4
+#        with:
+#          name: linux32
+#
+#      - name: Deploying windows artifacts
+#        uses: actions/download-artifact@v4
+#        with:
+#          name: win32
+#
+#      - name: Reading appversion.h
+#        run: |
+#          if [ -e appversion.h ]; then
+#            APP_VERSION=$(cat appversion.h | grep -wi '#define APP_VERSION_STRD' | sed -e 's/#define APP_VERSION_STRD[ \t\r\n\v\f]\+\(.*\)/\1/i' -e 's/\r//g')
+#            if [ $? -ne 0 ]; then
+#              APP_VERSION=""
+#            else
+#              # Remove quotes
+#              APP_VERSION=$(echo $APP_VERSION | xargs)
+#              echo "APP_VERSION=${APP_VERSION}" >> $GITHUB_ENV
+#            fi
+#          fi
+#          rm -f appversion.h
+#
+#      - name: Final signing and Packaging bin/dbg
+#        id: packaging-job
+#        if: |
+#          github.event_name == 'release' &&
+#          github.event.action == 'published' &&
+#          startsWith(github.ref, 'refs/tags/')
+#        run: |
+#
+#          # new runner, niw signs
+#          echo "${{ secrets.REHLDS_PUB_ASC }}" > "${{ secrets.REHLDS_PUB_ASC_FILE }}"
+#          echo "${{ secrets.REHLDS_KEY_ASC }}" > "${{ secrets.REHLDS_KEY_ASC_FILE }}"
+#          gpg --batch --yes --import "${{ secrets.REHLDS_PUB_ASC_FILE }}"
+#          gpg --batch --yes --import "${{ secrets.REHLDS_KEY_ASC_FILE }}"
+#          REHLDS_LINUX_FINGERPRINT=$(gpg --list-keys --with-colons | grep '^fpr' | head -n 1 | cut -d: -f10)
+#          echo "$REHLDS_LINUX_FINGERPRINT:6:" | gpg --batch --import-ownertrust
+#          echo "REHLDS_LINUX_FINGERPRINT=$REHLDS_LINUX_FINGERPRINT" >> $GITHUB_ENV
+#
+#          sign_file() {
+#            local file=$1
+#            gpg --batch --yes --detach-sign --armor -u "$REHLDS_LINUX_FINGERPRINT" "$file"
+#            if [ $? -ne 0 ]; then
+#              echo "Error: Failed to sign $file"
+#              exit 2
+#            fi
+#            echo "$file signed successfully."
+#          }
+#          
+#          # Pack and sign final archive
+#          7z a -tzip rehlds-bin-${{ env.APP_VERSION }}.zip bin/ hlsdk/
+#          sign_file "rehlds-bin-${{ env.APP_VERSION }}.zip"
+#
+#          # Pack and sign final archive
+#          7z a -t7z -m0=lzma2 -mx=9 -mfb=64 -aoa rehlds-dbg-${{ env.APP_VERSION }}.7z debug/
+#          sign_file "rehlds-dbg-${{ env.APP_VERSION }}.7z"
+#
+#          # Find and sign each win32 files, linux files already signed
+#          find ./bin/win32 -type f -name "*" | while read -r FILE; do
+#            echo "Signing $FILE..."
+#            gpg --batch --yes --detach-sign --armor -u "$REHLDS_LINUX_FINGERPRINT" "$FILE"
+#            if [ $? -ne 0 ]; then
+#              echo "Error: Failed to sign $FILE"
+#              exit 1
+#            fi
+#            echo "$FILE signed successfully."
+#          done
+#          # Find and sign each PDB files
+#          find ./debug -type f -name "*" | while read -r FILE; do
+#            echo "Signing $FILE..."
+#            gpg --batch --yes --detach-sign --armor -u "$REHLDS_LINUX_FINGERPRINT" "$FILE"
+#            if [ $? -ne 0 ]; then
+#              echo "Error: Failed to sign $FILE"
+#              exit 3
+#            fi
+#            echo "$FILE signed successfully."
+#          done
+#
+#        shell: bash