DEBUG: fix downloading of the artifacts #327
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build-git-installers | |
| on: | |
| push: | |
| permissions: | |
| id-token: write # required for Azure login via OIDC | |
| env: | |
| DO_WIN_CODESIGN: ${{ secrets.WIN_CODESIGN_CERT_SECRET_NAME != '' && secrets.WIN_CODESIGN_PASS_SECRET_NAME != '' }} | |
| DO_WIN_GPGSIGN: ${{ secrets.WIN_GPG_KEYGRIP_SECRET_NAME != '' && secrets.WIN_GPG_PRIVATE_SECRET_NAME != '' && secrets.WIN_GPG_PASSPHRASE_SECRET_NAME != '' }} | |
| jobs: | |
| # Check prerequisites for the workflow | |
| create-linux-artifacts: | |
| runs-on: ubuntu-latest | |
| environment: release | |
| steps: | |
| - uses: mxschmitt/action-tmate/detached@v3 | |
| with: | |
| limit-access-to-actor: true | |
| - name: Log into Azure | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| - name: Check out repository (for akv-secret Action) | |
| uses: actions/checkout@v4 | |
| with: | |
| path: git | |
| - name: Download GPG secrets | |
| id: gpg-secrets | |
| uses: ./git/.github/actions/akv-secret | |
| with: | |
| vault: ${{ secrets.AZURE_VAULT }} | |
| secrets: | | |
| ${{ secrets.LINUX_GPG_KEYGRIP_SECRET_NAME }} > $output:keygrip | |
| ${{ secrets.LINUX_GPG_PRIVATE_SECRET_NAME }} base64> $output:private-key | |
| ${{ secrets.LINUX_GPG_PASSPHRASE_SECRET_NAME }} > $output:passphrase | |
| - name: Prepare for GPG signing | |
| run: | | |
| # Install debsigs | |
| sudo apt-get install -y debsigs | |
| # Import GPG key | |
| echo -n '${{ steps.gpg-secrets.outputs.private-key }}' | gpg --import --no-tty --batch --yes | |
| # Configure GPG | |
| echo "allow-preset-passphrase" > ~/.gnupg/gpg-agent.conf | |
| gpg-connect-agent RELOADAGENT /bye | |
| /usr/lib/gnupg2/gpg-preset-passphrase --preset '${{ steps.gpg-secrets.outputs.keygrip }}' <<<'${{ steps.gpg-secrets.outputs.passphrase }}' | |
| - name: Download artifacts | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| shell: bash | |
| run: | | |
| gh run download 18599663781 --repo microsoft/git --name linux-unsigned-artifacts | |
| - name: Sign Debian package | |
| run: | | |
| # Sign Debian package | |
| version="2.51.1.vfs.0.0" | |
| debsigs --sign=origin --verify --check microsoft-git_"$version".deb | |
| # End build and sign Debian package |