From 795585a53a55dd28f6bb80ac532eb05a5059bb42 Mon Sep 17 00:00:00 2001
From: dd di cesare <didi@posteo.net>
Date: Fri, 31 Jan 2025 12:26:19 +0100
Subject: [PATCH] [refactor] Not storing the keyring locally, configuring on GH
 action

* One should import the keyring first for signing the package

Signed-off-by: dd di cesare <didi@posteo.net>
---
 .github/workflows/release-helm-chart.yaml |  7 ++++++-
 make/helm.mk                              | 20 ++++++++++----------
 2 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/release-helm-chart.yaml b/.github/workflows/release-helm-chart.yaml
index b4ebfb7..fe9bc6e 100644
--- a/.github/workflows/release-helm-chart.yaml
+++ b/.github/workflows/release-helm-chart.yaml
@@ -30,9 +30,14 @@ jobs:
         git config user.name "$GITHUB_ACTOR"
         git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
 
+    - name: Configure GPG Key
+      run: |
+        echo -n "$GPG_SIGNING_KEY" | base64 -d | gpg --import
+      env:
+        GPG_SIGNING_KEY: ${{ secrets.HELM_CHARTS_SIGNING_KEY }}
+
     - name: Package Helm Chart
       run: |
-        GPG_KEYRING_BASE64=${{ secrets.HELM_CHARTS_SIGNING_KEY }} \
         GPG_KEY_UID="Kuadrant Development Team" \
         make helm-package
 
diff --git a/make/helm.mk b/make/helm.mk
index c829fd5..196b69e 100644
--- a/make/helm.mk
+++ b/make/helm.mk
@@ -31,18 +31,18 @@ helm-upgrade: $(HELM) ## Upgrade the helm chart
 	# Upgrade the helm chart in the cluster
 	$(HELM) upgrade $(CHART_NAME) $(CHART_DIRECTORY)
 
-# GPG_KEY_UID: substring of the desired key's uid, the name or email
-GPG_KEY_UID ?= 'Kuadrant Development Team'
-# GPG_KEYRING_BASE64: the gpg keyring base64 encoded
-GPG_KEYRING_BASE64 ?= <KUADRANT_GPG_KEYRING_BASE64>
-
 .PHONY: helm-package
-helm-package: $(HELM) ## Package the helm chart and GPG sign it
-	# Store the key
-	mkdir -p .gpg
-	echo $(GPG_KEYRING_BASE64) | base64 -d > .gpg/kuadrantsecring.gpg  #storing base64 GPG key into keyring
+helm-package: $(HELM) ## Package the helm chart
 	# Package the helm chart
-	$(HELM) package --sign --key $(GPG_KEY_UID) --keyring .gpg/kuadrantsecring.gpg $(CHART_DIRECTORY)
+	$(HELM) package $(CHART_DIRECTORY)
+
+# GPG_KEY_UID: substring of the desired key's uid, the name or email
+GPG_KEY_UID ?= 'Kuadrant Development Team'
+# The keyring should've been imported before running this target
+.PHONY: helm-package-sign
+helm-package-sign: $(HELM) ## Package the helm chart and GPG sign it
+	# Package the helm chart and sign it
+	$(HELM) package --sign --key $(GPG_KEY_UID) $(CHART_DIRECTORY)
 
 # GitHub Token with permissions to upload to the release assets
 HELM_WORKFLOWS_TOKEN ?= <YOUR-TOKEN>