mirror of
https://github.com/rehlds/.github.git
synced 2025-03-13 05:40:16 +03:00
added full signing example of gpg signing
Some checks failed
Automatic sync with GitLab's read-only mirror / mirror (map[github:https://github.com/rehlds/.github.git gitlab:git@gitlab.com:rehlds/dot-github.git]) (push) Has been cancelled
Automatic sync with GitLab's read-only mirror / mirror (map[github:https://github.com/rehlds/ReGameDLL_CS.git gitlab:git@gitlab.com:rehlds/ReGameDLL_CS.git]) (push) Has been cancelled
Automatic sync with GitLab's read-only mirror / mirror (map[github:https://github.com/rehlds/metamod-r.git gitlab:git@gitlab.com:rehlds/metamod-r.git]) (push) Has been cancelled
Automatic sync with GitLab's read-only mirror / mirror (map[github:https://github.com/rehlds/metamod-r.org.git gitlab:git@gitlab.com:rehlds/metamod-r.org.git]) (push) Has been cancelled
Automatic sync with GitLab's read-only mirror / mirror (map[github:https://github.com/rehlds/rehlds.git gitlab:git@gitlab.com:rehlds/rehlds.git]) (push) Has been cancelled
Automatic sync with GitLab's read-only mirror / mirror (map[github:https://github.com/rehlds/rehlds.github.io.git gitlab:git@gitlab.com:rehlds/rehlds.github.io.git]) (push) Has been cancelled
Automatic sync with GitLab's read-only mirror / mirror (map[github:https://github.com/rehlds/relocalizebugfix.git gitlab:git@gitlab.com:rehlds/relocalizebugfix.git]) (push) Has been cancelled
Automatic sync with GitLab's read-only mirror / mirror (map[github:https://github.com/rehlds/resemiclip.git gitlab:git@gitlab.com:rehlds/resemiclip.git]) (push) Has been cancelled
Automatic sync with GitLab's read-only mirror / mirror (map[github:https://github.com/rehlds/reunion.git gitlab:git@gitlab.com:rehlds/reunion.git]) (push) Has been cancelled
Automatic sync with GitLab's read-only mirror / mirror (map[github:https://github.com/rehlds/revoice.git gitlab:git@gitlab.com:rehlds/revoice.git]) (push) Has been cancelled
Automatic sync with GitLab's read-only mirror / mirror (map[github:https://github.com/rehlds/testdemos.git gitlab:git@gitlab.com:rehlds/testdemos.git]) (push) Has been cancelled
Automatic sync with GitLab's read-only mirror / mirror (map[github:https://github.com/rehlds/hitboxtracker.git gitlab:git@gitlab.com:rehlds/hitboxtracker.git]) (push) Has been cancelled
Automatic sync with GitLab's read-only mirror / mirror (map[github:https://github.com/rehlds/reapi.git gitlab:git@gitlab.com:rehlds/reapi.git]) (push) Has been cancelled
Automatic sync with GitLab's read-only mirror / mirror (map[github:https://github.com/rehlds/rechecker.git gitlab:git@gitlab.com:rehlds/rechecker.git]) (push) Has been cancelled
Some checks failed
Automatic sync with GitLab's read-only mirror / mirror (map[github:https://github.com/rehlds/.github.git gitlab:git@gitlab.com:rehlds/dot-github.git]) (push) Has been cancelled
Automatic sync with GitLab's read-only mirror / mirror (map[github:https://github.com/rehlds/ReGameDLL_CS.git gitlab:git@gitlab.com:rehlds/ReGameDLL_CS.git]) (push) Has been cancelled
Automatic sync with GitLab's read-only mirror / mirror (map[github:https://github.com/rehlds/metamod-r.git gitlab:git@gitlab.com:rehlds/metamod-r.git]) (push) Has been cancelled
Automatic sync with GitLab's read-only mirror / mirror (map[github:https://github.com/rehlds/metamod-r.org.git gitlab:git@gitlab.com:rehlds/metamod-r.org.git]) (push) Has been cancelled
Automatic sync with GitLab's read-only mirror / mirror (map[github:https://github.com/rehlds/rehlds.git gitlab:git@gitlab.com:rehlds/rehlds.git]) (push) Has been cancelled
Automatic sync with GitLab's read-only mirror / mirror (map[github:https://github.com/rehlds/rehlds.github.io.git gitlab:git@gitlab.com:rehlds/rehlds.github.io.git]) (push) Has been cancelled
Automatic sync with GitLab's read-only mirror / mirror (map[github:https://github.com/rehlds/relocalizebugfix.git gitlab:git@gitlab.com:rehlds/relocalizebugfix.git]) (push) Has been cancelled
Automatic sync with GitLab's read-only mirror / mirror (map[github:https://github.com/rehlds/resemiclip.git gitlab:git@gitlab.com:rehlds/resemiclip.git]) (push) Has been cancelled
Automatic sync with GitLab's read-only mirror / mirror (map[github:https://github.com/rehlds/reunion.git gitlab:git@gitlab.com:rehlds/reunion.git]) (push) Has been cancelled
Automatic sync with GitLab's read-only mirror / mirror (map[github:https://github.com/rehlds/revoice.git gitlab:git@gitlab.com:rehlds/revoice.git]) (push) Has been cancelled
Automatic sync with GitLab's read-only mirror / mirror (map[github:https://github.com/rehlds/testdemos.git gitlab:git@gitlab.com:rehlds/testdemos.git]) (push) Has been cancelled
Automatic sync with GitLab's read-only mirror / mirror (map[github:https://github.com/rehlds/hitboxtracker.git gitlab:git@gitlab.com:rehlds/hitboxtracker.git]) (push) Has been cancelled
Automatic sync with GitLab's read-only mirror / mirror (map[github:https://github.com/rehlds/reapi.git gitlab:git@gitlab.com:rehlds/reapi.git]) (push) Has been cancelled
Automatic sync with GitLab's read-only mirror / mirror (map[github:https://github.com/rehlds/rechecker.git gitlab:git@gitlab.com:rehlds/rechecker.git]) (push) Has been cancelled
moved away from this pr: https://github.com/rehlds/ReHLDS/actions/runs/12416117825/job/34664003176?pr=1069
This commit is contained in:
parent
953ddb2bfa
commit
300e468b61
185
.github/workflows/gpg-signing.yml.example
vendored
Normal file
185
.github/workflows/gpg-signing.yml.example
vendored
Normal file
@ -0,0 +1,185 @@
|
||||
# linux:
|
||||
# name: 'Linux'
|
||||
# runs-on: ubuntu-24.04
|
||||
#
|
||||
# steps:
|
||||
# - name: Checkout
|
||||
# uses: actions/checkout@v4
|
||||
# with:
|
||||
# fetch-depth: 0
|
||||
#
|
||||
# - name: Install dependencies
|
||||
# run: |
|
||||
# dpkg --add-architecture i386
|
||||
# apt-get update
|
||||
# apt-get install -y \
|
||||
# gcc-multilib g++-multilib \
|
||||
# build-essential \
|
||||
# libc6-dev libc6-dev-i386 \
|
||||
# git cmake rsync \
|
||||
# g++ gcc
|
||||
#
|
||||
#
|
||||
# - name: GPG Import
|
||||
# run: |
|
||||
# echo "${{ secrets.REHLDS_PUB_ASC }}" > "${{ secrets.REHLDS_PUB_ASC_FILE }}"
|
||||
# echo "${{ secrets.REHLDS_KEY_ASC }}" > "${{ secrets.REHLDS_KEY_ASC_FILE }}"
|
||||
#
|
||||
# # Import the public key
|
||||
# gpg --batch --yes --import "${{ secrets.REHLDS_PUB_ASC_FILE }}"
|
||||
# if [[ $? -ne 0 ]]; then
|
||||
# echo "Error: Failed to import the public key"
|
||||
# exit 1
|
||||
# fi
|
||||
#
|
||||
# # Import the private key
|
||||
# gpg --batch --yes --import "${{ secrets.REHLDS_KEY_ASC_FILE }}"
|
||||
# if [[ $? -ne 0 ]]; then
|
||||
# echo "Error: Failed to import the private key"
|
||||
# exit 2
|
||||
# fi
|
||||
#
|
||||
# # Extract the fingerprint of the imported public key
|
||||
# REHLDS_LINUX_FINGERPRINT=$(gpg --list-keys --with-colons | grep '^fpr' | head -n 1 | cut -d: -f10)
|
||||
#
|
||||
# # Check if the fingerprint was extracted
|
||||
# if [[ -z "$REHLDS_LINUX_FINGERPRINT" ]]; then
|
||||
# echo "Error: Failed to extract the fingerprint of the key"
|
||||
# exit 3
|
||||
# fi
|
||||
#
|
||||
# # Set the trust level for the key
|
||||
# echo "$REHLDS_LINUX_FINGERPRINT:6:" | gpg --batch --import-ownertrust
|
||||
# if [ $? -ne 0 ]; then
|
||||
# echo "Error: Failed to set trust for the key $REHLDS_LINUX_FINGERPRINT"
|
||||
# exit 4
|
||||
# fi
|
||||
#
|
||||
# echo "Key $REHLDS_LINUX_FINGERPRINT successfully imported and trusted"
|
||||
# gpg --list-keys
|
||||
#
|
||||
# #export for global use
|
||||
# echo "REHLDS_LINUX_FINGERPRINT=$REHLDS_LINUX_FINGERPRINT" >> $GITHUB_ENV
|
||||
# shell: bash
|
||||
#
|
||||
# - name: Find and Sign Files
|
||||
# run: |
|
||||
#
|
||||
# # Define directory containing files
|
||||
# TARGET_DIR="publish/bin"
|
||||
#
|
||||
# # Find and sign each file
|
||||
# find "$TARGET_DIR" -type f -name "*" | while read -r FILE; do
|
||||
# echo "Signing $FILE..."
|
||||
# gpg --batch --yes --detach-sign --armor -u "$REHLDS_LINUX_FINGERPRINT" "$FILE"
|
||||
# if [ $? -ne 0 ]; then
|
||||
# echo "Error: Failed to sign $FILE"
|
||||
# exit 4
|
||||
# fi
|
||||
# echo "$FILE signed successfully."
|
||||
# done
|
||||
# shell: bash
|
||||
#
|
||||
# - name: Verify Signatures
|
||||
# run: |
|
||||
#
|
||||
# # Verify the generated signatures
|
||||
# TARGET_DIR="publish/bin"
|
||||
# find "$TARGET_DIR" -type f -not -name "*.asc" | while read -r FILE; do
|
||||
# echo "Verifying signature for $FILE..."
|
||||
# gpg --verify "$FILE.asc" "$FILE"
|
||||
# if [ $? -ne 0 ]; then
|
||||
# echo "Error: Signature verification failed for $FILE"
|
||||
# exit 5
|
||||
# fi
|
||||
# echo "Signature for $FILE is valid."
|
||||
# done
|
||||
# shell: bash
|
||||
#
|
||||
# publish:
|
||||
# name: 'Publish'
|
||||
# runs-on: ubuntu-24.04
|
||||
# needs: [windows, testdemos, linux]
|
||||
#
|
||||
# steps:
|
||||
# - name: Deploying linux artifacts
|
||||
# uses: actions/download-artifact@v4
|
||||
# with:
|
||||
# name: linux32
|
||||
#
|
||||
# - name: Deploying windows artifacts
|
||||
# uses: actions/download-artifact@v4
|
||||
# with:
|
||||
# name: win32
|
||||
#
|
||||
# - name: Reading appversion.h
|
||||
# run: |
|
||||
# if [ -e appversion.h ]; then
|
||||
# APP_VERSION=$(cat appversion.h | grep -wi '#define APP_VERSION_STRD' | sed -e 's/#define APP_VERSION_STRD[ \t\r\n\v\f]\+\(.*\)/\1/i' -e 's/\r//g')
|
||||
# if [ $? -ne 0 ]; then
|
||||
# APP_VERSION=""
|
||||
# else
|
||||
# # Remove quotes
|
||||
# APP_VERSION=$(echo $APP_VERSION | xargs)
|
||||
# echo "APP_VERSION=${APP_VERSION}" >> $GITHUB_ENV
|
||||
# fi
|
||||
# fi
|
||||
# rm -f appversion.h
|
||||
#
|
||||
# - name: Final signing and Packaging bin/dbg
|
||||
# id: packaging-job
|
||||
# if: |
|
||||
# github.event_name == 'release' &&
|
||||
# github.event.action == 'published' &&
|
||||
# startsWith(github.ref, 'refs/tags/')
|
||||
# run: |
|
||||
#
|
||||
# # new runner, niw signs
|
||||
# echo "${{ secrets.REHLDS_PUB_ASC }}" > "${{ secrets.REHLDS_PUB_ASC_FILE }}"
|
||||
# echo "${{ secrets.REHLDS_KEY_ASC }}" > "${{ secrets.REHLDS_KEY_ASC_FILE }}"
|
||||
# gpg --batch --yes --import "${{ secrets.REHLDS_PUB_ASC_FILE }}"
|
||||
# gpg --batch --yes --import "${{ secrets.REHLDS_KEY_ASC_FILE }}"
|
||||
# REHLDS_LINUX_FINGERPRINT=$(gpg --list-keys --with-colons | grep '^fpr' | head -n 1 | cut -d: -f10)
|
||||
# echo "$REHLDS_LINUX_FINGERPRINT:6:" | gpg --batch --import-ownertrust
|
||||
# echo "REHLDS_LINUX_FINGERPRINT=$REHLDS_LINUX_FINGERPRINT" >> $GITHUB_ENV
|
||||
#
|
||||
# sign_file() {
|
||||
# local file=$1
|
||||
# gpg --batch --yes --detach-sign --armor -u "$REHLDS_LINUX_FINGERPRINT" "$file"
|
||||
# if [ $? -ne 0 ]; then
|
||||
# echo "Error: Failed to sign $file"
|
||||
# exit 2
|
||||
# fi
|
||||
# echo "$file signed successfully."
|
||||
# }
|
||||
#
|
||||
# # Pack and sign final archive
|
||||
# 7z a -tzip rehlds-bin-${{ env.APP_VERSION }}.zip bin/ hlsdk/
|
||||
# sign_file "rehlds-bin-${{ env.APP_VERSION }}.zip"
|
||||
#
|
||||
# # Pack and sign final archive
|
||||
# 7z a -t7z -m0=lzma2 -mx=9 -mfb=64 -aoa rehlds-dbg-${{ env.APP_VERSION }}.7z debug/
|
||||
# sign_file "rehlds-dbg-${{ env.APP_VERSION }}.7z"
|
||||
#
|
||||
# # Find and sign each win32 files, linux files already signed
|
||||
# find ./bin/win32 -type f -name "*" | while read -r FILE; do
|
||||
# echo "Signing $FILE..."
|
||||
# gpg --batch --yes --detach-sign --armor -u "$REHLDS_LINUX_FINGERPRINT" "$FILE"
|
||||
# if [ $? -ne 0 ]; then
|
||||
# echo "Error: Failed to sign $FILE"
|
||||
# exit 1
|
||||
# fi
|
||||
# echo "$FILE signed successfully."
|
||||
# done
|
||||
# # Find and sign each PDB files
|
||||
# find ./debug -type f -name "*" | while read -r FILE; do
|
||||
# echo "Signing $FILE..."
|
||||
# gpg --batch --yes --detach-sign --armor -u "$REHLDS_LINUX_FINGERPRINT" "$FILE"
|
||||
# if [ $? -ne 0 ]; then
|
||||
# echo "Error: Failed to sign $FILE"
|
||||
# exit 3
|
||||
# fi
|
||||
# echo "$FILE signed successfully."
|
||||
# done
|
||||
#
|
||||
# shell: bash
|
Loading…
x
Reference in New Issue
Block a user