GPG setup for public releases

Question

GPG setup for public releases

vemv opened this issue 6 years ago · 2 comments

We're almost there with the setup for public releases: see https://github.com/nedap/utils.spec/pull/41

Now what is missing is to do a GPG setup that will sign releases and deploy to Clojars.

This may help: http://frankiesardo.github.io/posts/2015-04-19-automate-everything-with-circleci.html

Other than that I don't know much about the topic. I remember some other projects had a GPG setup, but that it started failing so we removed it for the moment.

@thumbnail @jwkoelewijn do you know how to setup this? Or would it need some investigation?

Answer 1 · 2019-04-18T05:47:24.000Z

The links you referenced seem to want the secret key in the repo itself. I think we'd be able to use CircleCI Context' to store the secret key used for the signing.

Another aproach would be to store the key in the repo; and store a passphrase in circleci env-variables (using CircleCI Context).

Answer 2 · 2019-04-18T06:19:09.000Z

I got it working once and as I remember it, it was not a very clear or trivial task

I know nothing about how to do it with Circle though...