Fix custom keyring path when mirroring repo

Author: joaopalet

.github/workflows/release.yaml

@@ -68,8 +68,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.CLI_RELEASE }}
           GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
       - name: Publish packages to APT repo
-        if: contains(github.ref_name, '-') == false
         env:
           GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
-          GPG_PRIVATE_KEY_ID: ${{ steps.import_gpg.outputs.keyid }}
+          GPG_PRIVATE_KEY_ID: ${{ steps.import_gpg.outputs.fingerprint }}
         run: ./scripts/publish-apt-packages.sh

public.asc

@@ -0,0 +1,14 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEZecIDBYJKwYBBAHaRw8BAQdAkJdEvuTh7E95zz3bwKLNSn7CiYrKSK0rjy8Y
+DBTIqYq0NVNUQUNLSVQgR1BHIFNJR05FUiA8c3RhY2tpdC1ncGctc2lnbmVyQHN0
+YWNraXQuY2xvdWQ+iJkEExYKAEEWIQSdnh7Gtp/l8z02ElhB2Hp1SygX/gUCZecI
+DAIbAwUJAO1OAAULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgAAKCRBB2Hp1SygX
+/vKZAP9s/T0F4A/4urNq6SoJGK2cbFUr/N5ReuIns3uDugFF2QEA8RtIeZmDcrZe
+gIYLYXxdmnWE9a0c40VO/VMJWer0kwu4OARl5wgMEgorBgEEAZdVAQUBAQdAsMmj
+G7eHWlL1M0cBYDKD4wY0ho+moixXDJj71hVEHXEDAQgHiH4EGBYKACYWIQSdnh7G
+tp/l8z02ElhB2Hp1SygX/gUCZecIDAIbDAUJAO1OAAAKCRBB2Hp1SygX/ksfAP9F
+D5HVH5qcAYI5+7gwhQWjwKQCTIDGE4z7frTnt6NB/QEAheahd+Rv/N9KSJsjyesU
+CBXspQZQZZkRaS79frnnkAQ=
+=1WMx
+-----END PGP PUBLIC KEY BLOCK-----

scripts/publish-apt-packages.sh

@@ -10,20 +10,24 @@ OBJECT_STORAGE_ENDPOINT="https://object.storage.eu01.onstackit.cloud"
 APT_BUCKET_NAME="stackit-cli-apt"
 PUBLIC_KEY_BUCKET_NAME="stackit-public-key"
 PUBLIC_KEY_FILE="key.gpg"
-CUSTOM_KEYRING="custom-keyring"
+CUSTOM_KEYRING_FILE="aptly-keyring.gpg"
 DISTRIBUTION="stackit"
 APTLY_CONFIG_FILE_PATH="./.aptly.conf"
 GORELEASER_PACKAGES_FOLDER="dist/"
 
+# We need to disable the key database daemon (keyboxd)
+# This can be done by removing "use-keyboxd" from ~/.gnupg/common.conf (see https://github.com/gpg/gnupg/blob/master/README)
+echo -n >~/.gnupg/common.conf
+
 # Create a local mirror of the current state of the remote APT repository
 printf ">>> Creating mirror \n"
 curl ${OBJECT_STORAGE_ENDPOINT}/${PUBLIC_KEY_BUCKET_NAME}/${PUBLIC_KEY_FILE} >public.asc
-gpg --no-default-keyring --keyring ./${CUSTOM_KEYRING}.gpg --import public.asc
-aptly mirror create -keyring="${CUSTOM_KEYRING}.gpg" current "${OBJECT_STORAGE_ENDPOINT}/${APT_BUCKET_NAME}" ${DISTRIBUTION}
+gpg -v --no-default-keyring --keyring=${CUSTOM_KEYRING_FILE} --import public.asc
+aptly mirror create -config "${APTLY_CONFIG_FILE_PATH}" -keyring="${CUSTOM_KEYRING_FILE}" current "${OBJECT_STORAGE_ENDPOINT}/${APT_BUCKET_NAME}" ${DISTRIBUTION}
 
 # Update the mirror to the latest state
 printf "\n>>> Updating mirror \n"
-aptly mirror update current
+aptly mirror update -keyring="${CUSTOM_KEYRING_FILE}" current
 
 # Create a snapshot of the mirror
 printf "\n>>> Creating snapshop from mirror \n"
@@ -47,4 +51,4 @@ aptly snapshot pull -no-remove -architectures="amd64,i386,arm64" current-snapsho
 
 # Publish the new snapshot to the remote repo
 printf "\n>>> Publishing updated snapshot \n"
-aptly publish switch -gpg-key="${GPG_PRIVATE_KEY_ID}" -passphrase "${GPG_PASSPHRASE}" -config "${APTLY_CONFIG_FILE_PATH}" ${DISTRIBUTION} "s3:${APT_BUCKET_NAME}:" updated-snapshot
+aptly publish snapshot -keyring="${CUSTOM_KEYRING_FILE}" -gpg-key="${GPG_PRIVATE_KEY_ID}" -passphrase "${GPG_PASSPHRASE}" -config "${APTLY_CONFIG_FILE_PATH}" updated-snapshot "s3:${APT_BUCKET_NAME}:"