Merge pull request #3 from gruntwork-io/remove-gpg-from-checksum

marinalimeira · web-flow · commit fec507e667f2 · 2023-01-06T17:01:18.000+01:00
Update GH actions: remove dependabot and signing of binaries
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -17,17 +17,10 @@ jobs:
       uses: actions/setup-go@v3
       with:
         go-version-file: 'go.mod'
-    - name: Import GPG key
-      id: import_gpg
-      uses: crazy-max/ghaction-import-gpg@v5
-      with:
-        gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
-        passphrase: ${{ secrets.PASSPHRASE }}
     - name: Run GoReleaser
       uses: goreleaser/goreleaser-action@v3
       with:
         version: latest
         args: release --rm-dist
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -20,6 +20,3 @@ archives:
       - none*
 checksum:
   name_template: 'checksums.txt'
-signs:
-  - artifacts: checksum
-    args: ["--batch", "-u", "{{ .Env.GPG_FINGERPRINT }}", "--output", "${signature}", "--detach-sign", "${artifact}"]
