Skip to content

Commit 0d0387a

Browse files
ldenningtondscho
ldennington
authored and
dscho
committed
build-git-installers: publish gpg public key
Update build-git-installers workflow to publish `microsoft/git`'s GPG public key as part of each release. Add explanation for how to use this key to verify the Debian package's signature to the README.
1 parent b93b3de commit 0d0387a

File tree

1 file changed

+21
-0
lines changed

1 file changed

+21
-0
lines changed

.github/workflows/build-git-installers.yml

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -709,11 +709,13 @@ jobs:
709709
runs-on: ubuntu-latest
710710
permissions:
711711
contents: write
712+
id-token: write # required for Azure login via OIDC
712713
needs:
713714
- create-linux-artifacts
714715
- create-macos-artifacts
715716
- windows_artifacts
716717
- prereqs
718+
environment: release
717719
if: |
718720
success() ||
719721
(needs.create-linux-artifacts.result == 'skipped' &&
@@ -756,6 +758,25 @@ jobs:
756758
name: linux-artifacts
757759
path: deb-package
758760

761+
- name: Log into Azure
762+
uses: azure/login@v2
763+
with:
764+
client-id: ${{ secrets.AZURE_CLIENT_ID }}
765+
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
766+
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
767+
768+
- name: Check out repository (for akv-secret Action)
769+
uses: actions/checkout@v4
770+
with:
771+
path: git
772+
773+
- name: Download Linux GPG public key signature file
774+
uses: ./git/.github/actions/akv-secret
775+
with:
776+
vault: ${{ secrets.AZURE_VAULT }}
777+
secrets: |
778+
${{ secrets.LINUX_GPG_PUBLIC_SECRET_NAME }} base64> deb-package/msft-git-public.asc
779+
759780
- uses: actions/github-script@v6
760781
with:
761782
script: |

0 commit comments

Comments
 (0)