fix gpg signing step

Author: binarycodes

.github/workflows/go-build.yml

@@ -2,6 +2,9 @@ name: generic-go-versionbuild
 
 on:
   workflow_call:
+    secrets:
+      GPG_PRIVATE_KEY:
+        required: true
     inputs:
       service:
         required: true
@@ -165,12 +168,22 @@ jobs:
           merge-multiple: true
 
       - name: package with nfpm
+        env:
+          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+          GPG_KEY_ID: mail@binarycodes.io
         run: |
           mkdir -p dist
           nfpm pkg --packager archlinux --config nfpm.yaml --target dist/
           nfpm pkg --packager deb --config nfpm.yaml --target dist/
+
           # sign the package for arch linux
-          gpg --batch --yes --detach-sign dist/*.pkg.tar.zst
+          test -n "$GPG_PRIVATE_KEY" || { echo "GPG_PRIVATE_KEY is empty"; exit 1; }
+          printf '%s' "$GPG_PRIVATE_KEY_B64" | base64 -d | gpg --batch --import
+          gpg --batch --list-secret-keys --keyid-format LONG
+
+          FPR="$(gpg --batch --list-secret-keys --with-colons | awk -F: '$1=="fpr"{print $10; exit}')"
+
+          gpg --batch --yes --local-user "$FPR" --detach-sign dist/*.pkg.tar.zst
 
       - name: upload build artifact
         uses: actions/upload-artifact@v4

.github/workflows/go-ssh-keysign-workflow.yml

@@ -24,3 +24,5 @@ jobs:
     with:
       service: go-ssh-keysign
       artifactVersion: ${{ needs.set-version.outputs.short_sha }}
+    secrets:
+      GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}