TMP: Re-run release-verify-signatures on 2.8.0 with new trusted key

emlun · emlun · commit 6aeacf3c9e4a · 2025-12-11T14:33:42.000+01:00
diff --git a/.github/workflows/release-verify-signatures.yml b/.github/workflows/release-verify-signatures.yml
@@ -5,6 +5,9 @@ name: Reproducible binary
 # and finally uploads the signatures to the GitHub release.
 
 on:
+  push:
+    branches:
+      - tmp-rerun-verify-release-2.8.0
   release:
     types: [published]
 
@@ -20,8 +23,8 @@ jobs:
     - name: Download signatures from Maven Central
       timeout-minutes: 60
       run: |
-        until wget https://repo1.maven.org/maven2/com/yubico/webauthn-server-attestation/${{ github.ref_name }}/webauthn-server-attestation-${{ github.ref_name }}.jar.asc; do sleep 180; done
-        until wget https://repo1.maven.org/maven2/com/yubico/webauthn-server-core/${{ github.ref_name }}/webauthn-server-core-${{ github.ref_name }}.jar.asc; do sleep 180; done
+        until wget https://repo1.maven.org/maven2/com/yubico/webauthn-server-attestation/2.8.0-RC1/webauthn-server-attestation-2.8.0-RC1.jar.asc; do sleep 180; done
+        until wget https://repo1.maven.org/maven2/com/yubico/webauthn-server-core/2.8.0-RC1/webauthn-server-core-2.8.0-RC1.jar.asc; do sleep 180; done
 
     - name: Store keyring and signatures as artifact
       uses: actions/upload-artifact@v5
@@ -46,7 +49,7 @@ jobs:
     - name: check out code
       uses: actions/checkout@v6
       with:
-        ref: ${{ github.ref_name }}
+        ref: 2.8.0-RC1
 
     - name: Set up JDK
       uses: actions/setup-java@v5
@@ -63,8 +66,8 @@ jobs:
       run: |
         for sumprog in md5sum sha1sum sha256sum; do
           echo $sumprog
-          $sumprog webauthn-server-attestation/build/libs/webauthn-server-attestation-${{ github.ref_name }}.jar
-          $sumprog webauthn-server-core/build/libs/webauthn-server-core-${{ github.ref_name }}.jar
+          $sumprog webauthn-server-attestation/build/libs/webauthn-server-attestation-2.8.0-RC1.jar
+          $sumprog webauthn-server-core/build/libs/webauthn-server-core-2.8.0-RC1.jar
         done
 
     - name: Retrieve keyring and signatures
@@ -74,8 +77,8 @@ jobs:
 
     - name: Verify signatures from Maven Central
       run: |
-        gpg --no-default-keyring --keyring ./yubico.keyring --verify webauthn-server-attestation-${{ github.ref_name }}.jar.asc webauthn-server-attestation/build/libs/webauthn-server-attestation-${{ github.ref_name }}.jar
-        gpg --no-default-keyring --keyring ./yubico.keyring --verify webauthn-server-core-${{ github.ref_name }}.jar.asc webauthn-server-core/build/libs/webauthn-server-core-${{ github.ref_name }}.jar
+        gpg --no-default-keyring --keyring ./yubico.keyring --verify webauthn-server-attestation-2.8.0-RC1.jar.asc webauthn-server-attestation/build/libs/webauthn-server-attestation-2.8.0-RC1.jar
+        gpg --no-default-keyring --keyring ./yubico.keyring --verify webauthn-server-core-2.8.0-RC1.jar.asc webauthn-server-core/build/libs/webauthn-server-core-2.8.0-RC1.jar
 
   upload:
     name: Upload signatures to GitHub
@@ -93,8 +96,8 @@ jobs:
 
     - name: Upload signatures to GitHub
       run: |
-        RELEASE_DATA=$(curl -H "Authorization: Bearer ${{ github.token }}" ${{ github.api_url }}/repos/${{ github.repository }}/releases/tags/${{ github.ref_name }})
+        RELEASE_DATA=$(curl -H "Authorization: Bearer ${{ github.token }}" ${{ github.api_url }}/repos/${{ github.repository }}/releases/tags/2.8.0-RC1)
         UPLOAD_URL=$(jq -r .upload_url <<<"${RELEASE_DATA}" | sed 's/{?name,label}//')
 
-        curl -X POST -H "Authorization: Bearer ${{ github.token }}" -H 'Content-Type: text/plain' --data-binary @webauthn-server-attestation-${{ github.ref_name }}.jar.asc "${UPLOAD_URL}?name=webauthn-server-attestation-${{ github.ref_name }}.jar.asc"
-        curl -X POST -H "Authorization: Bearer ${{ github.token }}" -H 'Content-Type: text/plain' --data-binary @webauthn-server-core-${{ github.ref_name }}.jar.asc "${UPLOAD_URL}?name=webauthn-server-core-${{ github.ref_name }}.jar.asc"
+        curl -X POST -H "Authorization: Bearer ${{ github.token }}" -H 'Content-Type: text/plain' --data-binary @webauthn-server-attestation-2.8.0-RC1.jar.asc "${UPLOAD_URL}?name=webauthn-server-attestation-2.8.0-RC1.jar.asc"
+        curl -X POST -H "Authorization: Bearer ${{ github.token }}" -H 'Content-Type: text/plain' --data-binary @webauthn-server-core-2.8.0-RC1.jar.asc "${UPLOAD_URL}?name=webauthn-server-core-2.8.0-RC1.jar.asc"
