Feat: add gpg key support

action.yaml

@@ -8,6 +8,10 @@ inputs:
     description: "The context of the build environment"
     required: false
     default: .
+  gpg-password:
+    description: "Password of the gpg secret key to sign the package"
+    required: false
+    default: 'none'
   repo-name:
     description: "The repo name to be pushed to"
     required: false
@@ -41,7 +45,12 @@ runs:
     - name: Build package
       run: |
         cd "${{ inputs.context }}"
-        makepkg -sc --needed --noconfirm
+        if [[ "${{ inputs.gpg-password }}" != 'none' ]]; then
+          echo "${{ inputs.gpg-password }}" | \
+            makepkg -sc --needed --noconfirm --sign
+        else
+          makepkg -sc -needed --noconfirm
+        fi
 
     - name: Setup MinIO
       run: |
@@ -52,19 +61,46 @@ runs:
     - name: Copy repo db from MinIO
       run: |
         mkdir repo
-        mcli cp "m/${{ inputs.minio-bucket }}/${{ inputs.repo-name }}.db" "repo/${{ inputs.repo-name }}.db.tar.zst"
+
-        mcli cp "m/${{ inputs.minio-bucket }}/${{ inputs.repo-name }}.files" "repo/${{ inputs.repo-name }}.files.tar.zst"
+        mcli cp "m/${{ inputs.minio-bucket }}/${{ inputs.repo-name }}.db" \
+          "repo/${{ inputs.repo-name }}.db.tar.zst"
+        mcli cp "m/${{ inputs.minio-bucket }}/${{ inputs.repo-name }}.files" \
+          "repo/${{ inputs.repo-name }}.files.tar.zst"
+
         echo "Copy ${{ inputs.repo-name }}.db and ${{ inputs.repo-name }}.files from MinIO"
         
     - name: Add pkgs to repo db
       run: |
+        if [[ "${{ inputs.gpg-password }}" != 'none' ]]; then
+          echo "${{ inputs.gpg-password }}" | \
+            repo-add --verify --sign \
+            "repo/${{ inputs.repo-name }}.db.tar.gz" *.pkg.tar.zst --
+          mv *.pkg.tar.zst *.pkg.tar.zst.sig repo
+        else
           repo-add "repo/${{ inputs.repo-name }}.db.tar.zst" *.pkg.tar.zst
           mv *.pkg.tar.zst repo
+        fi
         echo "Add $(ls *.pkg.tar.zst) to repo"
 
     - name: Update repo to MinIO
       run: |
-        mcli mv repo/${{ inputs.repo-name }}.db.tar.zst "m/${{ inputs.minio-bucket }}/${{ inputs.repo-name }}.db"
+        mcli mv "repo/${{ inputs.repo-name }}.db.tar.zst" \
-        mcli mv repo/${{ inputs.repo-name }}.files.tar.zst "m/${{ inputs.minio-bucket }}/${{ inputs.repo-name }}.files"
+          "m/${{ inputs.minio-bucket }}/${{ inputs.repo-name }}.db"
-        mcli mv repo/*.pkg.tar.zst "m/${{ inputs.minio-bucket }}"
+        if [[ -e "repo/${{ inputs.repo-name }}.db.tar.zst.sig" ]]; then
-        echo "Update ${{ inputs.repo-name }}.db adn ${{ inputs.repo-name }}.files to MinIO"
+          mcli mv "repo/${{ inputs.repo-name }}.db.tar.zst.sig" \
+            "m/${{ inputs.minio-bucket }}/${{ inputs.repo-name }}.db.sig"
+        fi
+
+        mcli mv "repo/${{ inputs.repo-name }}.files.tar.zst" \
+          "m/${{ inputs.minio-bucket }}/${{ inputs.repo-name }}.files"
+        if [[ -e "repo/${{ inputs.repo-name }}.files.tar.zst.sig" ]]; then
+          mcli mv "repo/${{ inputs.repo-name }}.files.tar.zst.sig" \
+            "m/${{ inputs.minio-bucket }}/${{ inputs.repo-name }}.files.sig"
+        fi
+
+        find repo -name '*.pkg.tar.zst' | xargs -I% \
+          mcli mv % "m/${{ inputs.minio-bucket }}"
+        find repo -name '*.pkg.tar.zst.sig' | xargs -I% \
+          mcli mv % "m/${{ inputs.minio-bucket }}"
+
+        echo "Update ${{ inputs.repo-name }}.db and ${{ inputs.repo-name }}.files to MinIO"