use gpg key for signing

Author: ndbroadbent

.github/workflows/release.yml

@@ -18,6 +18,24 @@ jobs:
       - uses: actions/setup-go@v5
         with:
           go-version: '1.22'
+      - name: Import GPG private key (for checksum signing)
+        if: ${{ secrets.GPG_PRIVATE_KEY != '' }}
+        env:
+          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+        run: |
+          mkdir -p ~/.gnupg
+          chmod 700 ~/.gnupg
+          echo "Importing GPG key"
+          echo "$GPG_PRIVATE_KEY" | gpg --batch --import
+          # If the key has a passphrase, enable loopback so non-interactive signing can work
+          if [ -n "$GPG_PASSPHRASE" ]; then
+            echo 'pinentry-mode loopback' >> ~/.gnupg/gpg.conf
+            echo 'allow-loopback-pinentry' >> ~/.gnupg/gpg-agent.conf
+            gpg-connect-agent reloadagent /bye
+          fi
+          echo "GPG keys:"
+          gpg --list-secret-keys --keyid-format LONG
       - name: Build
         run: go build ./...
       - name: GoReleaser
@@ -27,4 +45,6 @@ jobs:
           args: release --clean
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
+          # If your key has a passphrase, gpg will read it via loopback pinentry
+          # GPG_TTY helps avoid certain agent warnings
+          GPG_TTY: ${{ runner.env.SSH_AUTH_SOCK }}

.gitignore

@@ -4,3 +4,4 @@ bin/
 .terraform.lock.hcl
 *.tfstate*
 **/.DS_Store
+.gpg/private_gpg_key.asc

.gpg/gpg-batch.cfg

@@ -0,0 +1,9 @@
+Key-Type: RSA
+Key-Length: 4096
+Subkey-Type: RSA
+Subkey-Length: 4096
+Name-Real: DocSpring Terraform Provider
+Name-Email: [email protected]
+Expire-Date: 1y
+%no-protection
+%commit

.gpg/public_gpg_key.asc

@@ -0,0 +1,64 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGi6qCQBEAC6aMKxRLaIycCGKhIY2O2yNepqZd9/J8WnOWvk6l6CHahYgl1L
+zsu2azEhL+gQEOZK0V3k2S4uYNzZ3P097H+AzZInmAPL62/T8Ao292XAod6OF5hU
+p/90CdHR9VUgHqod6sLYXbxCS0wiYrsry52vDbxvaebi+hfFXGb5xeWktDRHeJ/+
+dKHcYo3QbY7C9THh6Y7Kfr4kmGdnskOZbqYKhmX2iA6zH68shdNkqpuHz7buCnaY
+yZ/1TCxpRRXLZGAlq01A3wXP4kPiof0Wa2C0vREK/ASu+tXkiLgKSsQtSO2C2/HA
+bfRMaIqlwiAxl7M7ezs2CbfVUmklHVSr/wGe5LANiMHxy87MJj1W2ahiOMv0vI62
+zHRHjmBOb/gf2f9/zFYNFlNcQpMUZ034ZbBmL9qnYJO7FE4y9rNF4U2OtX29M9Ab
+FO2gE6NryO2V+SNQXLiORHDGYK3cetqmxMgG5H51reEipPnwM/3osUHrVWUBq1UP
+JJtgrqRy9iQF0+OLZiVqTeD4oDz1SiMoQsUFwZDv8YMMFiSH87PApNoCyLlbTukU
+OWm/QB2zBJWUuhcJECmbGZFxw9VzQPWDhcAxu5NwbORWwYvpFXJTdIHzbvcBifrl
+xqR2LW8rzxTIMh7rigAYqlytDFRth/BA2WMjUC0FCAo+7YlUq1L6PY8rGwARAQAB
+tDpEb2NTcHJpbmcgVGVycmFmb3JtIFByb3ZpZGVyIDxkb2NzcHJpbmctYm90QGRv
+Y3NwcmluZy5jb20+iQJYBBMBCABCFiEEcFCcEm/0Wli6kqoY3EDNM8qmh5gFAmi6
+qCQDGy8EBQkB4TOABQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAAoJENxAzTPK
+poeY/lkP+QGeHgZB0JeYjUcH2VP/nu2fWP0f0NJhlPr5j0zWQdKZpWM7t8t9CkGa
+2ER8YH1Dkw71F6GfujjdSGTx495k28NCaGjBAOi0rBPTxtGmQDjBIowbF1KHjLUR
+wYHSzrf9Q18fg9TaIqpE66wf6g/UitUgotPJdY2twZbbk3XpZh4E62soVuky2dTS
+24pIJvp5nwxMw/8n3H/GGZAEKkRdm5PHzLdOQ1M2M1Ks+6EYurAOtw02URKIQaDf
+ulp4X8VKXkhPSH/Eo+9Oz+ZB6ioY9BK/vM9NO4qjq+bfxN4jcHbGPcKlgodMkGxC
+S7/mOccYmVjWlrfudYrNwcWI7eH79Ky61KlKoRbfaIEZUJdVjKpUcGxdboenU8s2
+cE4nSSxxfwp4uz4Cg5C84OoKk00gE1wHg2Ei3w6vW+U/fx5GMgnYNXp+iFaPybFK
+gIZbaujzZ9V6qrV5QJLgwTymuIxpczNbSa87RGEOwo2mZ32peJIf296CPP71084q
+BGmO+hvMWt69rkr2GU2RLBbWYpE9sBoJwg3wYUX5/FemJsHWsZJr3s5JsCdHbNvh
+jFO2y1MNbNnyCa7Z1psuBTadrzucECgEaGCFxpRqIlA5ES0zPZGNCM4Vg9IutdQk
+rDeUa5AEc2Oa5r/d6YLaOQjUzp2y7Qk64AKrHdW/cWxKp0OGUJ6yuQINBGi6qCQB
+EAC59TiEU20iVfijHNLqk1II5u5GGI1XOQ8SKEM1PdpmLUHFDUYE7dV6v3pmhvUH
+S8l+mjnt98g9tpWUpjnay+ySddJAYKpjT8THO6JocXJfYXH+0v1j0RcnGQoP4Xov
+h/sQgdkp8BAovF5mez5LIFJ4G0deGQaasMnGeFs8MuZtCWIBPRAKv2nVFa9dUqDh
+CgyZ2U9oa8oSGTJn0/g2EDvppLRyAriBsyI4OO8asqbvhVUlTnCTZO2yYyvHT9AT
+I4gDJLifcQVHaAFWVw090sOpw/WPHvjWMjoTeYSvIi8c4bQCyfnbwlUnzChfB2A7
+LnnA505Hy3NDI44CE0v5GORD1NxEp0YdL0ogEkpbMn+Tu3yQsjPlWLeQohA6ofzR
+i6yKa4Huu8kJN56e/ciUB1F0zv0rmcQwqNssRsIJCMmpqaATiAvJGaX7ta9USvkB
+maDqtaGnDBiuJHySyQFtIj1NVdbhSOHTrngKQ6nBKY7X0/u8cBF4d9NSi6QmhPYQ
+6ThTiByGMhiAsjeW4LENJcOYyIca2KpX1hTbHIZPp+QPUMyJhn+ksxnWhiAJJdIW
+kxkEIZlcU3X4+2SJ6al62aYjMLDjAFM7b/iiWLC869Hnxx01tZCVWfmYk/iGDItq
+Dy573TIjg4Q/y5fgyYZPpbycjk4iykP1s/vyi7zBCpRt5wARAQABiQRyBBgBCAAm
+FiEEcFCcEm/0Wli6kqoY3EDNM8qmh5gFAmi6qCQCGy4FCQHhM4ACQAkQ3EDNM8qm
+h5jBdCAEGQEIAB0WIQSqiyj6KGvgW758iyR/dIxewc1D2gUCaLqoJAAKCRB/dIxe
+wc1D2ryZD/9/OcIW7RrGzA2oIrd7qhWjubbPkEa34S9bPrWnw3fNEPmeZxfRQvPz
+eD1EREfGDtEWvsU2hz7WHg5UdQo7oJysAXcopdT/ncVBOPDR6cMTStx9pBZX5vHi
+dMeZ7Dy/vkD8t/h5j4+MScgwVBBBAc/BKNt1aqO9c6s04rJyjgkUL2VthQdttFQi
+qyGc3e6Svmto7v9VcwJMfBVPt+/4N+W2PYGlYlI3GhvS/SgsAUIq5XyDPdc9cdt7
+1KtUhiIm12t0XEuJnWEmB6PLjl/pLdIng/g5uYGi6CVH5RWTQUnO4LxtKa3qIFYU
+ptv2ikq/9q/3T4YexgqJP3dHrp2zjFh3MWos9NR4FH4hHDS5c3KQvy/yYco9ivph
+FPxYNdvZAH0PvI6JNtRa4FDextYD8cuBj3V77tLKIi7yy5BU5a7KukzYBt7xqQW1
+c0KK0vFV+SqxhBl09tO4yBhSxLi12sdHNm+rwYFBiETiJRhwMX5oNMYmOkts6xdl
+L5TWvlZdrs3iRWaP497V3IWc4RSer9PvKFI5Mzzo33dxmmZAzJMoiUKIdYnwxKs5
+GlpbhXB6ZSRG8D7d6447EWtm+2au7dcM0XPYXpLldIAh4B3jlmY3u77XcgF3rw/A
+lo86Knx63rjAFiwnkIMZI8kSrnlopwpwzo4v62gGgJRSFd7zNphmSva5EACfw1H2
+WtgBpYscDFxeUYNbW/uLy/tZjhXeO3ELT7Idya/r69EqGqSGEAW8rTPjhn1EDfRf
+cX1gCHtKFqfCnFFyw7C9o29M7rYCy+mEwh5NCOeTCW8ThcgP8FCofAP1QI1S4iw4
+pXVNb1NsVk0NjMqLHyqTQlHt2WT6ks/McaE2rdLjgYOuELJk13W4xvddxEPjiDDL
+a0bzUVni1VzTBPLbzvyCuMqJCR5VAI4rGJN5CbfX/uKoRTRTCbNbrm2EQQ4yUb3M
+bDbkM0qycgp+Jxr9qxLi4/wwNtizlwZk4zLluIXi3lTGM8//bOF6EeLc40vN85KS
+0c1M2XJHdmPQpRdXjvMun7dEPWM088rJ+eG53IEk1AigakOOpPd6OfSen36xT1H0
+qSN1uTrpxNfQhZSVvBeQzhLHozBkhPRBMHWgtH9RitJPkVJZ5PUb0QfxDR0h1nA/
+HoFM4Cjoyp23gFsvd1Gbq1RpSMsw0KRFZB6i+238K83qXuitZ7aOttU0e6onsPX5
+M5PmGXyOT9okDVNcfA+bABC2rt8Uky/ZRcmnSHkolLt3Iv9gVVJHhiWbr6Qz4/DA
+Z6y252M7vTc4EdKKk58avaZFAlBCPmJNjPe+pDwGS3Ct0qhBEH9IDa82xFgGutgB
+N941ZapemsmbJbrR5HdZtZo9iU3xNGeapEmMFQ==
+=pDs7
+-----END PGP PUBLIC KEY BLOCK-----