Sign Linux packages (#38)

Author: joaopalet

.github/workflows/release.yaml

@@ -26,9 +26,16 @@ jobs:
         with:
           go-version-file: "go.mod"
           cache: true
+      - name: Import GPG key
+        uses: crazy-max/ghaction-import-gpg@v6
+        id: import_gpg
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.GPG_PASSPHRASE }}
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v5
         with:
           args: release --clean
         env:
           GITHUB_TOKEN: ${{ secrets.CLI_RELEASE }}
+          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}

.goreleaser.yaml

@@ -59,6 +59,10 @@ nfpms:
       - deb
       - rpm
 
+signs:
+  - artifacts: package
+    args: ["-u", "{{ .Env.GPG_FINGERPRINT }}", "--output", "${signature}", "--detach-sign", "${artifact}"]
+
 brews:
   - name: stackit-cli
     repository: