Load gpg key without external action (#4784)

t3chguy · web-flow · commit 634651859bfd · 2025-04-14T11:25:10.000Z
* Load gpg key ourselves

* Update release-make.yml
diff --git a/.github/workflows/release-make.yml b/.github/workflows/release-make.yml
@@ -58,11 +58,18 @@ jobs:
             - name: Load GPG key
               id: gpg
               if: inputs.gpg-fingerprint
-              uses: crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec # v6
-              with:
-                  gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
-                  passphrase: ${{ secrets.GPG_PASSPHRASE }}
-                  fingerprint: ${{ inputs.gpg-fingerprint }}
+              env:
+                  PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+                  PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+                  FINGERPRINT: ${{ inputs.gpg-fingerprint }}
+              run: |
+                  # Import the private key from the GH secrets
+                  echo "$PRIVATE_KEY" | gpg --import --batch --passphrase "$PASSPHRASE" -
+                  # For debugging, show the contents of the keyring
+                  gpg --list-keys --list-options show-unusable-subkeys=yes --with-subkey-fingerprint $FINGERPRINT
+                  # Extract the email address
+                  EMAIL=$(gpg --list-keys --with-colons $FINGERPRINT | head -n1 | awk -F: '$1=="uid" {match($10, /<([^>]+)>/, a); print a[1]}')
+                  echo "email=$EMAIL" >> $GITHUB_OUTPUT
 
             - name: Get draft release
               id: draft-release
