new(ci): sign .tar.gz packages

Signed-off-by: Luca Guerra <luca@guerra.sh>
2025-06-01 03:05:25 +00:00 · 2024-05-16 16:11:35 +00:00 · 2024-05-16 16:11:35 +00:00 · b5461e11a7
commit b5461e11a7
parent c8072d2640
1 changed files with 7 additions and 1 deletions
--- a/scripts/publish-bin
+++ b/scripts/publish-bin
@ -39,9 +39,15 @@ fi
 s3_bucket_repo="s3://falco-distribution/packages/${repo}/${arch}"
 cloudfront_path="/packages/${repo}/${arch}"

+# sign
+
+gpg --detach-sign --digest-algo SHA256 --armor ${file}
+
 # publish
 package=$(basename -- ${file})
 echo "Publishing ${package} to ${s3_bucket_repo}..."
 aws s3 cp ${file} ${s3_bucket_repo}/${package} --acl public-read
+aws s3 cp ${file}.asc ${s3_bucket_repo}/${package}.asc --acl public-read

-aws cloudfront create-invalidation --distribution-id ${AWS_CLOUDFRONT_DIST_ID} --paths ${cloudfront_path}/${package}
+aws cloudfront create-invalidation --distribution-id ${AWS_CLOUDFRONT_DIST_ID} --paths ${cloudfront_path}/${package}
+aws cloudfront create-invalidation --distribution-id ${AWS_CLOUDFRONT_DIST_ID} --paths ${cloudfront_path}/${package}.asc