From b7c322d47318439e5384c9492ebd3a7eb9fe5061 Mon Sep 17 00:00:00 2001
From: Ajay Bura <ajbura@gmail.com>
Date: Tue, 3 May 2022 16:43:16 +0530
Subject: [PATCH] Sign release tarball with PGP key (#392)

---
 .github/workflows/prod-deploy.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.github/workflows/prod-deploy.yml b/.github/workflows/prod-deploy.yml
index a4d6d76a..107abbc4 100644
--- a/.github/workflows/prod-deploy.yml
+++ b/.github/workflows/prod-deploy.yml
@@ -25,11 +25,19 @@ jobs:
         run: echo ::set-output name=tag::${GITHUB_REF#refs/*/}
       - name: Create tar.gz
         run: tar -czvf cinny-${{ steps.vars.outputs.tag }}.tar.gz dist
+      - name: Sign tar.gz
+        uses: actionhippie/gpgsign@4e28208b142cae93e1582401dcda1cf79e4f72c0
+        with:
+          private_key: ${{ secrets.GNUPG_KEY }}
+          passphrase: ${{ secrets.GNUPG_PASSPHRASE }}
+          detach_sign: true
+          files: cinny-${{ steps.vars.outputs.tag }}.tar.gz
       - name: Upload tagged release
         uses: softprops/action-gh-release@1e07f4398721186383de40550babbdf2b84acfc5
         with:
           files: |
             cinny-${{ steps.vars.outputs.tag }}.tar.gz
+            cinny-${{ steps.vars.outputs.tag }}.tar.gz.asc
 
   push_to_dockerhub:
     name: Push Docker image to Docker Hub