From a71d2d17ef364d7230df39fb070a32b6c8337cad Mon Sep 17 00:00:00 2001
From: Shawn Smith <shawnpsmith@gmail.com>
Date: Tue, 14 Mar 2023 11:40:03 +0900
Subject: [PATCH] use crazy-max/ghaction-import-gpg for importing GPG key
 (#134)

---
 .github/actions/gpg-import/action.yml | 25 -------------------------
 .github/workflows/release.yml         |  9 ++++-----
 2 files changed, 4 insertions(+), 30 deletions(-)
 delete mode 100644 .github/actions/gpg-import/action.yml

diff --git a/.github/actions/gpg-import/action.yml b/.github/actions/gpg-import/action.yml
deleted file mode 100644
index 4f663bf..0000000
--- a/.github/actions/gpg-import/action.yml
+++ /dev/null
@@ -1,25 +0,0 @@
-# action.yml
-name: "GPG key import"
-description: "Import private GPG key"
-runs:
-  using: "composite"
-  steps:
-    - run: |
-        #
-        echo -e "${{ env.GPG_PRIVATE_KEY }}" | gpg --import --batch --no-tty
-        echo "hello world" > temp.txt
-        gpg --detach-sig --yes -v --output=/dev/null --pinentry-mode loopback --passphrase "${{ env.PASSPHRASE }}" temp.txt
-        rm temp.txt
-      shell: bash
-      name: import GPG key and prime passphrase
-    - id: gpg-fingerprint
-      run: |
-        fingerprint=$(gpg --with-colons --list-keys | awk -F: '/^pub/ { print $5 }')
-        echo "::set-output name=fingerprint::$fingerprint"
-      shell: bash
-      name: set gpg fingerprint output
-
-outputs:
-  fingerprint:
-    description: "Fingerprint of the GPG key (recommended as user ID)"
-    value: ${{ steps.gpg-fingerprint.outputs.fingerprint }}
\ No newline at end of file
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index eda0941..cf3d033 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,7 +1,7 @@
 # This GitHub action can publish assets for release when a tag is created.
 # Currently its setup to run on any tag that matches the pattern "v*" (ie. v0.1.0).
 #
-# This uses an action (hashicorp/ghaction-import-gpg) that assumes you set your
+# This uses an action (crazy-max/ghaction-import-gpg) that assumes you set your
 # private key in the `GPG_PRIVATE_KEY` secret and passphrase in the `PASSPHRASE`
 # secret. If you would rather own your own GPG handling, please fork this action
 # or use an alternative one for key handling.
@@ -32,11 +32,10 @@ jobs:
       -
         name: Import GPG key
         id: import_gpg
-        uses: ./.github/actions/gpg-import
+        uses: crazy-max/ghaction-import-gpg@v5
         env:
-          # These secrets will need to be configured for the repository:
-          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
-          PASSPHRASE: ${{ secrets.PASSPHRASE }}
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.PASSPHRASE }}
       -
         name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v4