name: Sign SKILL.md
on:
workflow_dispatch:
jobs:
sign:
name: GPG Sign SKILL.md
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@v5
- name: Import GPG key
env:
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
run: |
echo "$GPG_PRIVATE_KEY" | gpg --import --batch --yes
- name: Sign SKILL.md
env:
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
run: |
gpg --batch --pinentry-mode loopback --passphrase-fd 0 --detach-sign --armor --output SKILL.md.sig SKILL.md <<< "$GPG_PASSPHRASE"
- name: Verify signature
run: |
gpg --verify SKILL.md.sig SKILL.md
- name: Export public key
run: |
gpg --armor --export david@saorsalabs.com > SAORSA_PUBLIC_KEY.asc
if [ ! -s SAORSA_PUBLIC_KEY.asc ]; then
echo "Error: Failed to export public key"
exit 1
fi
- name: Upload signature artifact
uses: actions/upload-artifact@v5
with:
name: skill-signature
path: |
SKILL.md.sig
SAORSA_PUBLIC_KEY.asc