66 - workflow_dispatch
77
88env :
9+ GPG_OPTIONS : " --batch --yes --no-tty --list-options no-show-photos --verify-options no-show-photos --pinentry-mode loopback"
910 HOME : " ${{github.workspace}}\\ home"
1011 MSYSTEM : MINGW64
1112 USERPROFILE : " ${{github.workspace}}\\ home"
4445 run : |
4546 d=git-sdk-64-build-installers/usr/src/build-extra &&
4647 git clone --single-branch -b main https://github.com/git-for-windows/build-extra $d
48+ name : Prepare home directory for GPG signing
49+ if : env.GPGKEY != ''
50+ shell : bash
51+ run : |
52+ echo '${{secrets.PRIVGPGKEY}}' | tr % '\n' | gpg $GPG_OPTIONS --import &&
53+ mkdir -p home &&
54+ git config --global gpg.program "$PWD/git-sdk-64-build-installers/usr/src/build-extra/gnupg-with-gpgkey.sh" &&
55+ info="$(gpg --list-keys --with-colons "${GPGKEY%% *}" | cut -d : -f 1,10 | sed -n '/^uid/{s|uid:||p;q}')" &&
56+ git config --global user.name "${info% <*}" &&
57+ git config --global user.email "<${info#*<}"
58+ env :
59+ GPGKEY : ${{secrets.GPGKEY}}
4760 - name : Generate bundle artifacts
61+ env :
62+ GPGKEY : ${{secrets.GPGKEY}}
4863 shell : powershell
4964 run : |
5065 & .\git-sdk-64-build-installers\git-cmd.exe --command=usr\bin\bash.exe -lc @"
@@ -59,12 +74,16 @@ jobs:
5974 echo \"prerelease-`${tag_name#v}\" >bundle-artifacts/ver &&
6075 echo \"`${tag_name#v}\" >bundle-artifacts/display_version &&
6176 echo \"`$tag_name\" >bundle-artifacts/next_version &&
62- git tag -m \"Snapshot build\" \"`$tag_name\" FETCH_HEAD &&
77+ git tag `$(test -z \"`$GPGKEY\" || echo \" -s\") -m \"Snapshot build\" \"`$tag_name\" FETCH_HEAD &&
6378 git bundle create bundle-artifacts/git.bundle origin/main..\"`$tag_name\" &&
6479
6580 sh -x /usr/src/build-extra/please.sh mention feature \"Snapshot of `$(git show -s --pretty='tformat:%h (%s, %ad)' --date=short FETCH_HEAD)\" &&
6681 git -C /usr/src/build-extra bundle create \"`$PWD/bundle-artifacts/build-extra.bundle\" origin/main..main
6782 "@
83+ name : Clean up temporary files
84+ if : always()
85+ shell : bash
86+ run : rm -rf home
6887 - name : ' Publish Pipeline Artifact: bundle-artifacts'
6988 uses : actions/upload-artifact@v1
7089 with :
@@ -116,7 +135,19 @@ jobs:
116135 git remote add -f origin https://github.com/git-for-windows/git &&
117136 git fetch --tags bundle-artifacts/git.bundle $(cat bundle-artifacts/next_version) &&
118137 git reset --hard $(cat bundle-artifacts/next_version)
138+ name : Prepare home directory for GPG signing
139+ if : env.GPGKEY != ''
140+ shell : bash
141+ run : |
142+ echo '${{secrets.PRIVGPGKEY}}' | tr % '\n' | gpg $GPG_OPTIONS --import &&
143+ info="$(gpg --list-keys --with-colons "${GPGKEY%% *}" | cut -d : -f 1,10 | sed -n '/^uid/{s|uid:||p;q}')" &&
144+ git config --global user.name "${info% <*}" &&
145+ git config --global user.email "<${info#*<}"
146+ env :
147+ GPGKEY : ${{secrets.GPGKEY}}
119148 - name : Build mingw-w64-x86_64-git
149+ env :
150+ GPGKEY : " ${{secrets.GPGKEY}}"
120151 shell : powershell
121152 run : |
122153 & git-sdk-64-makepkg-git\usr\bin\sh.exe -lc @"
@@ -126,6 +157,13 @@ jobs:
126157 type -p mspdb140.dll || exit 1
127158 sh -x /usr/src/build-extra/please.sh build-mingw-w64-git --only-64-bit --build-src-pkg -o artifacts HEAD &&
128159 cp bundle-artifacts/ver artifacts/ &&
160+ if test -n \"`$GPGKEY\"
161+ then
162+ for tar in artifacts/*.tar*
163+ do
164+ /usr/src/build-extra/gnupg-with-gpgkey.sh --detach-sign --no-armor `$tar
165+ done
166+ fi &&
129167
130168 b=`$PWD/artifacts &&
131169 version=`$(cat bundle-artifacts/next_version) &&
@@ -134,6 +172,10 @@ jobs:
134172 git commit -s -m \"mingw-w64-git: new version (`$version)\" PKGBUILD &&
135173 git bundle create \"`$b\"/MINGW-packages.bundle origin/main..main)
136174 "@
175+ name : Clean up temporary files
176+ if : always()
177+ shell : bash
178+ run : rm -rf home
137179 - name : Publish mingw-w64-x86_64-git
138180 uses : actions/upload-artifact@v1
139181 with :
0 commit comments