This is an automated email from the ASF dual-hosted git repository.
ppkarwasz pushed a commit to branch release-atr/2.26.1
in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git
The following commit(s) were added to refs/heads/release-atr/2.26.1 by this
push:
new 51b9c11f0b Add signatures of distributions
51b9c11f0b is described below
commit 51b9c11f0b9f413dd1c153718adfc766166f5d95
Author: Piotr P. Karwasz <[email protected]>
AuthorDate: Wed Jun 3 10:55:03 2026 +0200
Add signatures of distributions
---
.github/workflows/deploy-atr.yaml | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/.github/workflows/deploy-atr.yaml
b/.github/workflows/deploy-atr.yaml
index 98448cc73c..e439122bb1 100644
--- a/.github/workflows/deploy-atr.yaml
+++ b/.github/workflows/deploy-atr.yaml
@@ -59,6 +59,20 @@ jobs:
git archive --format=tar.gz --prefix="${prefix}" -o
"dist/apache-log4j-${version}-src.tar.gz" HEAD
git archive --format=zip --prefix="${prefix}" -o
"dist/apache-log4j-${version}-src.zip" HEAD
+ - name: Import GPG key
+ uses:
crazymax/ghaction-import-gpg@2dc316deee8e90f13e1a351ab510b4d5bc0c82cd #
v7.0.0
+ with:
+ gpg_private_key: ${{ secrets.LOGGING_GPG_SECRET_KEY }}
+
+ - name: Generate checksums and signatures
+ working-directory: dist
+ run: |
+ for file in *.tar.gz *.zip; do
+ sha256sum "${file}" > "${file}.sha256"
+ sha512sum "${file}" > "${file}.sha512"
+ gpg --batch --yes --armor --detach-sign --output "${file}.asc"
"${file}"
+ done
+
- name: Upload to ATR
uses:
apache/tooling-actions/upload-to-atr@5bd24e53798bc79aa7bb69f62154a6b1e18ffd6e
with:
