13889a5878
This is actually a noop for gpg, since the private key also contains the public. Change-Id: I60d4ebf0f3343911986a4e6c46a806539cda701b Signed-off-by: Paul Belanger <pabelanger@redhat.com>
39 lines
939 B
YAML
39 lines
939 B
YAML
- name: Make GPG directory
|
|
tempfile:
|
|
state: directory
|
|
register: gnupg_tmpdir
|
|
|
|
- name: Create GPG private key tempfile
|
|
tempfile:
|
|
state: file
|
|
register: gpg_private_key_tmp
|
|
|
|
- name: Create GPG private key
|
|
copy:
|
|
content: "{{ gpg_key.private }}"
|
|
dest: "{{ gpg_private_key_tmp.path }}"
|
|
mode: 0400
|
|
|
|
- name: Import GPG private key
|
|
command: "gpg --homedir {{ gnupg_tmpdir.path }} --allow-secret-key-import --import {{ gpg_private_key_tmp.path }}"
|
|
|
|
- name: Delete GPG private key
|
|
file:
|
|
path: "{{ gpg_private_key_tmp.path }}"
|
|
state: absent
|
|
|
|
- name: Find files to sign
|
|
find:
|
|
paths: "{{ gpg_sign_path }}"
|
|
register: artifacts
|
|
|
|
- name: Sign artifacts
|
|
command: "gpg --homedir {{ gnupg_tmpdir.path }} --armor --detach-sign {{ item.path }}"
|
|
with_items: "{{ artifacts.files }}"
|
|
when: artifacts.matched > 0
|
|
|
|
- name: Delete keyring directory
|
|
file:
|
|
path: "{{ gnupg_tmpdir.path }}"
|
|
state: absent
|