From fc0f2eb4995ef5fabd5f8c1ba5baf8454c82a0c2 Mon Sep 17 00:00:00 2001
From: ramin <raminkeene@gmail.com>
Date: Wed, 25 Oct 2023 16:02:46 -0400
Subject: [PATCH] add signing

---
 .github/workflows/ci.yml |  8 ++++++++
 .goreleaser.yaml         | 13 ++++++++++++-
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 55bb938..6f3b9e0 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -48,6 +48,13 @@ jobs:
         with:
           go-version: ${{ needs.setup.outputs.go-version }}
 
+      - name: Import GPG key
+        id: import_gpg
+        uses: crazy-max/ghaction-import-gpg@v4
+        with:
+          gpg_private_key: ${{ secrets.GPG_KEY }}
+          passphrase: ${{ secrets.GPG_PASSPHRASE }}
+
       - uses: goreleaser/goreleaser-action@v5
         with:
           distribution: goreleaser
@@ -55,3 +62,4 @@ jobs:
           args: release --clean
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 30d93a1..c9f99a8 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -35,7 +35,18 @@ archives:
     format_overrides:
       - goos: windows
         format: zip
-
+signs:
+  - artifacts: checksum
+    args:
+      [
+        "--batch",
+        "-u",
+        "{{ .Env.GPG_FINGERPRINT }}",
+        "--output",
+        "${signature}",
+        "--detach-sign",
+        "${artifact}",
+      ]
 changelog:
   sort: asc
   filters: