wp-gpgsign

Woodpecker CI plugin to sign artifacts with GnuPG.

steps:
  - name: gpgsign dist files
    image: quay.io/thegeeklab/wp-gpgsign
    settings:
      key: LS0tLS1CRUdJTi...tLS0tCg==
      passphrase: randomstring
      files:
        - dist/*

armor optional bool

Create ASCII-armored output instead of a binary.

Default: false

clear_sign optional bool

Wrap the file in an ASCII-armored signature.

Default: false

detach_sign optional bool

Creates a detached signature for the file.

Default: false

excludes optional list

List of glob patterns to determine files to be excluded from signing.

Default: none

files optional list

List of glob patterns to determine files to be signed. If the list is empty, the plugin runs in setup-only mode. This is useful if the GPG key is required for other steps in the workflow.

Default: none

fingerprint optional string

Specific fingerprint to be used. Most like this option is required if a subkey of the given GPG key should be used. If not set, the fingerprint of the primary key is used.

Default: none

homedir optional string

GPG home directory.

Default: $HOME/.gnupg

insecure_skip_verify optional bool

Skip SSL verification.

Default: false

key required string

Armored private GPG private key or the base64 encoded string of it.

Default: none

log_level optional string

Plugin log level.

Default: info

passphrase optional string

Passphrase for the GPG private key.

Default: none

trust_level optional string

Key owner trust level. Supported values: unknown|never|marginal|full|ultimate.

Default: unknown

Build the binary with the following command:

make build

Build the Container image with the following command:

docker build --file Containerfile.multiarch --tag thegeeklab/wp-gpgsign .

docker run --rm \
  -e PLUGIN_KEY=LS0tLS1CRUdJTi...tLS0tCg== \
  -e PLUGIN_PASSPHRASE=randomstring \
  -v $(pwd):/build:z \
  -w /build \
  thegeeklab/wp-gpgsign