GPG Sign

This plugin can sign your artifacts and build results with GnuPG. The below pipeline configuration demonstrates simple usage:

kind: pipeline
name: default

steps:
- name: sign  
  image: plugins/gpgsign
  settings:
    key: your-base64-encoded-private-key
    passphrase: p455w0rd
    files:
      - dist/*

Exclude specific patterns:

kind: pipeline
name: default

steps:
- name: sign  
  image: plugins/gpgsign
  settings:
    key: your-base64-encoded-private-key
    passphrase: p455w0rd
    files:
      - dist/*
    excludes:
      - dist/*.sha256

Generate detach-sign signature:

kind: pipeline
name: default

steps:
- name: sign  
  image: plugins/gpgsign
  settings:
    key: your-base64-encoded-private-key
    passphrase: p455w0rd
    files:
      - dist/*
    detach_sign: true

Generate clear-sign signature:

kind: pipeline
name: default

steps:
- name: sign  
  image: plugins/gpgsign
  settings:
    key: your-base64-encoded-private-key
    passphrase: p455w0rd
    files:
      - dist/*
    clear_sign: true

Example configuration using secrets:

kind: pipeline
name: default

steps:
- name: sign  
  image: plugins/gpgsign
  settings:
    key:
      from_secret: your-base64-encoded-private-key
    passphrase:
      from_secret: your-passphrase
    files:
      - dist/*

Parameter Reference

key

Private GnuPG key, optionally base64 encoded

passphrase

Passphrase to unlock private key

detach_sign

Generate a detach-sign signature

clear_sign

Generate a clear-sign signature

files, file

List of globs to match files

excludes, exclude

List of patterns to exclude files