From 9ad9798d4cff505ba826a992da076351b01a1011 Mon Sep 17 00:00:00 2001
From: Samuel Alfageme Sainz <samuel@alfage.me>
Date: Mon, 6 Mar 2023 11:30:17 +0100
Subject: [PATCH] gh actions: pgp-sign all the charts

---
 .ct.yaml                       |  2 ++
 .github/workflows/release.yaml |  9 +++++++++
 revad/Chart.yaml               | 10 +++++-----
 wopiserver/Chart.yaml          |  8 ++++++--
 4 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/.ct.yaml b/.ct.yaml
index 949bc46..5808dfe 100644
--- a/.ct.yaml
+++ b/.ct.yaml
@@ -4,3 +4,5 @@ target-branch: master
 chart-dirs:
   - .
 helm-extra-args: --timeout 600s
+sign: true
+key: cboxbot@cern.ch
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index b5475c5..f9e8c25 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -18,6 +18,15 @@ jobs:
           git config user.name "$GITHUB_ACTOR"
           git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
 
+      - name: Import GPG key
+        uses: crazy-max/ghaction-import-gpg@v4.1.0
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.PASSPHRASE }}
+
+      - name: Export GPG key to legacy format
+        run: gpg --export-secret-keys > ~/.gnupg/pubring.gpg
+
       - name: Run chart-releaser
         uses: helm/chart-releaser-action@v1.0.0
         env:
diff --git a/revad/Chart.yaml b/revad/Chart.yaml
index 8f9d10b..8c16037 100644
--- a/revad/Chart.yaml
+++ b/revad/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: revad
 description: The Reva daemon (revad) helm chart
 type: application
-version: 1.5.0
+version: 1.5.1
 appVersion: v1.21.0
 kubeVersion: '>= 1.19.0'
 icon: https://reva.link/logo.svg
@@ -24,10 +24,10 @@ keywords:
 annotations:
   artifacthub.io/changes: |
     - kind: changed
-      description: Bump revad version to v.1.21.0
-      links:
-        - name: cs3org/reva#3524
-          url: https://github.com/cs3org/reva/pull/3524
+      description: Sign the charts with PGP
   artifacthub.io/images: |
     - name: revad
       image: cs3org/revad:v1.21.0
+  artifacthub.io/signKey: |
+    fingerprint: 655F3553ADB323E2D57BCB1BAD0A76D5622F273A
+    url: https://keys.openpgp.org/vks/v1/by-fingerprint/655F3553ADB323E2D57BCB1BAD0A76D5622F273A
diff --git a/wopiserver/Chart.yaml b/wopiserver/Chart.yaml
index 3fd08be..c9cefc5 100644
--- a/wopiserver/Chart.yaml
+++ b/wopiserver/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: wopiserver
 description: A Vendor-neutral Web-application Open Platform Interface (WOPI) gateway for EFSS systems
 type: application
-version: 0.8.0
+version: 0.8.1
 appVersion: v9.4.2
 kubeVersion: '>= 1.19.0'
 home: https://github.com/cs3org/wopiserver
@@ -18,8 +18,12 @@ keywords:
   - efss
 annotations:
   artifacthub.io/changes: |
-    - "Update the wopiserver to version 9.4.2"
+    - kind: changed
+      description: Sign the charts with PGP
   artifacthub.io/images: |
     - name: wopiserver
       image: cs3org/wopiserver:v9.4.2
   artifacthub.io/containsSecurityUpdates: 'false'
+  artifacthub.io/signKey: |
+    fingerprint: 655F3553ADB323E2D57BCB1BAD0A76D5622F273A
+    url: https://keys.openpgp.org/vks/v1/by-fingerprint/655F3553ADB323E2D57BCB1BAD0A76D5622F273A