pohui_pohui/firmware
1
0
Fork 0
mirror of https://github.com/meshtastic/firmware.git synced 2025-10-27 15:02:41 +00:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity

CI: Detached signatures for firmware binaries

Browse Source
This commit is contained in:
Austin Lane 2025-10-10 18:44:01 -04:00
parent fe2e2753aa
commit 3f09261251
1 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
.github/workflows/build_firmware.yml vendored
View File

@ -45,6 +45,13 @@ jobs:
echo "tgt=release/bleota.bin" >> $GITHUB_OUTPUT echo "tgt=release/bleota.bin" >> $GITHUB_OUTPUT
fi fi
- name: Import GPG key
if: github.repository == 'meshtastic/firmware'
uses: crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: ${{ secrets.PPA_GPG_PRIVATE_KEY }}
id: gpg
- name: Build ${{ inputs.platform }} - name: Build ${{ inputs.platform }}
id: build id: build
uses: meshtastic/gh-action-firmware@main uses: meshtastic/gh-action-firmware@main
@ -55,6 +62,18 @@ jobs:
ota_firmware_source: ${{ steps.ota_dir.outputs.src || '' }} ota_firmware_source: ${{ steps.ota_dir.outputs.src || '' }}
ota_firmware_target: ${{ steps.ota_dir.outputs.tgt || '' }} ota_firmware_target: ${{ steps.ota_dir.outputs.tgt || '' }}
- name: Sign firmware
working-directory: release
if: github.repository == 'meshtastic/firmware'
env:
GPG_KEY_ID: ${{ steps.gpg.outputs.keyid }}
run: |
for f in *.bin *.elf *.uf2 *.hex *.zip; do
if [ -f "$f" ]; then
gpg --batch --default-key "$GPG_KEY_ID" --output "$f.sig" --detach-sign "$f"
fi
done
- name: Store binaries as an artifact - name: Store binaries as an artifact
uses: actions/upload-artifact@v4 uses: actions/upload-artifact@v4
id: upload id: upload
@ -67,3 +86,4 @@ jobs:
release/*.uf2 release/*.uf2
release/*.hex release/*.hex
release/*-ota.zip release/*-ota.zip
release/*.sig