From e0f01c80b3cab68ff8928509661329314515a1fc Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@gmail.com>
Date: Wed, 13 May 2020 21:39:04 +0100
Subject: [PATCH] build: Sign archive checksum

---
 .github/workflows/main.yml | 6 +++++-
 .goreleaser.yml            | 5 +++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 61428313..af42db23 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -29,13 +29,17 @@ jobs:
         id: codesign
         env:
           VERSION: v0
+      -
+        name: Import PGP key for archive signing
+        run: echo -e "${{ secrets.PGP_SIGNING_KEY }}" | gpg --import
       -
         name: Release
         uses: goreleaser/goreleaser-action@v1
         with:
           version: latest
-          args: release --skip-sign
+          args: release
         env:
+          PGP_USER_ID: ${{ secrets.PGP_USER_ID }}
           CODESIGN_IMAGE: ${{ steps.codesign.outputs.image }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           ARTIFACTORY_TOKEN: ${{ secrets.ARTIFACTORY_TOKEN }}
diff --git a/.goreleaser.yml b/.goreleaser.yml
index 9c66dac5..0b40f40e 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -50,5 +50,10 @@ checksum:
   name_template: '{{ .ProjectName }}_{{ .Version }}_SHA256SUMS'
   algorithm: sha256
 
+signs:
+  -
+    args: ["-u", "{{ .Env.PGP_USER_ID }}", "--output", "${signature}", "--detach-sign", "${artifact}"]
+    artifacts: checksum
+
 changelog:
   skip: true