From b9286cb45ac4b39856abaf02da37660c74de3fcf Mon Sep 17 00:00:00 2001
From: EvolutionX <jeyush2005@gmail.com>
Date: Sat, 4 Jun 2022 23:35:35 +0530
Subject: [PATCH] ci: signing builds

---
 .github/workflows/release.yml | 8 ++++++++
 .goreleaser.yml               | 3 +++
 2 files changed, 11 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 0f68355..c68642a 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -26,6 +26,13 @@ jobs:
           go-version: 1.18
         id: go
 
+      - name: Import GPG key
+        id: import_gpg
+        uses: crazy-max/ghaction-import-gpg@v4
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.PASSPHRASE }}
+
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v2
         with:
@@ -33,3 +40,4 @@ jobs:
           args: release --rm-dist
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
diff --git a/.goreleaser.yml b/.goreleaser.yml
index 10f54f5..d33d07b 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -7,3 +7,6 @@ builds:
     goarch:
       - amd64
     main: ./cmd
+signs:
+  - artifacts: checksum
+    args: ["--batch", "-u", "{{ .Env.GPG_FINGERPRINT }}", "--output", "${signature}", "--detach-sign", "${artifact}"]