pkgx icon indicating copy to clipboard operation
pkgx copied to clipboard

Published 20 hours ago verified publisher icon pkgxdev

GPG sign GitHub Action created releases

Open mxcl opened this issue 2 years ago • 3 comments

  • [ ] Store the key securely. (@Xercesblu3 to research this)
  • [ ] @jhheider to implement

Longer term storing the key in as a GitHub Secrets is not sufficient and we will need to determine something better.

Longer term we will need releases to be approved via a push notification to the devices of @mxcl and @jhheider, this will pause the actions run waiting on that in some manner.

mxcl avatar May 26 '22 14:05 mxcl

Can we store it in 1pass Kingdom Vault?

Xercesblu3 avatar May 26 '22 16:05 Xercesblu3

We may need something even more restricted TBH. However 1Pass is viable since they have tools for accessing their vaults from the command line.

mxcl avatar Jun 07 '22 19:06 mxcl

The two-stage build probably doesn't require pausing; just a job that runs and eventually notifies the maintainer list, and a dispatchable job that does whatever is left.

jhheider avatar Jun 07 '22 19:06 jhheider