Skip to content

Commit

Permalink
sign prebuilt archives with zipsign for self-update verification
Browse files Browse the repository at this point in the history
  • Loading branch information
jqnatividad committed Oct 26, 2023
1 parent 25585b7 commit 32155a6
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 0 deletions.
13 changes: 13 additions & 0 deletions .github/workflows/macOS-arm64-selfhosted-publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,19 @@ jobs:
cat docs/publishing_assets/README.txt docs/publishing_assets/qsv-${{ matrix.job.target }}.txt > qsv-${{ needs.analyze-tags.outputs.previous-tag }}/README
- name: zip up binaries
run: 7zz a -tzip qsv-${{ needs.analyze-tags.outputs.previous-tag }}-${{ matrix.job.target }}.zip ./qsv-${{ needs.analyze-tags.outputs.previous-tag }}/* -mx=9 -mmt=on
- name: install zipsign
run: |
cargo install zipsign
- name: Fetch zipsign private key
uses: mobiledevops/secret-to-file-action@v1
with:
base64-encoded-secret: ${{ secrets.QSV_ZIPSIGN_PRIV_KEY }}
filename: "qsvpriv.key"
is-executable: false
working-directory: "."
- name: zipsign binary
run: |
zipsign sign zip qsv-${{ needs.analyze-tags.outputs.previous-tag }}-${{ matrix.job.target }}.zip qsvpriv.key
- name: Upload zipped binaries to release
uses: svenstaro/upload-release-action@v2
with:
Expand Down
13 changes: 13 additions & 0 deletions .github/workflows/publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -196,6 +196,19 @@ jobs:
cat docs/publishing_assets/README.txt docs/publishing_assets/qsv-${{ matrix.job.target }}.txt > qsv-${{ needs.analyze-tags.outputs.previous-tag }}/README
- name: zip up binaries
run: 7z a -tzip qsv-${{ needs.analyze-tags.outputs.previous-tag }}-${{ matrix.job.target }}.zip ./qsv-${{ needs.analyze-tags.outputs.previous-tag }}/* -mx=9 -mmt=on
- name: install zipsign
run: |
cargo install zipsign
- name: Fetch zipsign private key
uses: mobiledevops/secret-to-file-action@v1
with:
base64-encoded-secret: ${{ secrets.QSV_ZIPSIGN_PRIV_KEY }}
filename: "qsvpriv.key"
is-executable: false
working-directory: "."
- name: zipsign binary
run: |
zipsign sign zip qsv-${{ needs.analyze-tags.outputs.previous-tag }}-${{ matrix.job.target }}.zip qsvpriv.key
- name: Upload zipped binaries to release
uses: svenstaro/upload-release-action@v2
with:
Expand Down

0 comments on commit 32155a6

Please sign in to comment.