From e2b13573ae5910864ea68e447c2897b50c51e020 Mon Sep 17 00:00:00 2001
From: Elian Doran <contact@eliandoran.me>
Date: Thu, 14 Aug 2025 10:25:11 +0300
Subject: [PATCH] feat(forge): rpm signing

---
 .github/actions/build-electron/action.yml   | 6 ++++++
 .github/workflows/nightly.yml               | 3 ++-
 .github/workflows/release.yml               | 1 +
 apps/desktop/electron-forge/forge.config.ts | 3 ++-
 4 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/.github/actions/build-electron/action.yml b/.github/actions/build-electron/action.yml
index 93772d7d9..da4e94507 100644
--- a/.github/actions/build-electron/action.yml
+++ b/.github/actions/build-electron/action.yml
@@ -55,6 +55,12 @@ runs:
       security set-keychain-settings -t 3600 -l build-app-${{ github.run_id }}.keychain
       security set-keychain-settings -t 3600 -l build-installer-${{ github.run_id }}.keychain
 
+  - name: Import GPG signing key
+    if: inputs.os == 'linux'
+    shell: ${{ inputs.shell }}
+    run: |
+      echo -n "$GPG_SIGNING_KEY" | base64 --decode | gpg --import
+
   - name: Set up Python and other macOS dependencies
     if: ${{ inputs.os == 'macos' }}
     shell: ${{ inputs.shell }}
diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index cfed9c4fe..03a9b5262 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -76,6 +76,7 @@ jobs:
           APPLE_ID: ${{ secrets.APPLE_ID }}
           APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
           WINDOWS_SIGN_EXECUTABLE: ${{ vars.WINDOWS_SIGN_EXECUTABLE }}
+          GPG_SIGNING_KEY: ${{ secrets.GPG_SIGN_KEY }}
 
       - name: Publish release
         uses: softprops/action-gh-release@v2.3.2
@@ -97,7 +98,7 @@ jobs:
           path: apps/desktop/upload
 
   nightly-server:
-    if: github.repository == 'TriliumNext/Trilium'  
+    if: github.repository == 'TriliumNext/Trilium'
     name: Deploy server nightly
     strategy:
       fail-fast: false
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 041e7a437..20161630f 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -58,6 +58,7 @@ jobs:
           APPLE_ID: ${{ secrets.APPLE_ID }}
           APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
           WINDOWS_SIGN_EXECUTABLE: ${{ vars.WINDOWS_SIGN_EXECUTABLE }}
+          GPG_SIGNING_KEY: ${{ secrets.GPG_SIGN_KEY }}
 
       - name: Upload the artifact
         uses: actions/upload-artifact@v4
diff --git a/apps/desktop/electron-forge/forge.config.ts b/apps/desktop/electron-forge/forge.config.ts
index b433ee4d7..991a58dfd 100644
--- a/apps/desktop/electron-forge/forge.config.ts
+++ b/apps/desktop/electron-forge/forge.config.ts
@@ -106,7 +106,8 @@ const config: ForgeConfig = {
         {
             name: "@electron-forge/maker-rpm",
             config: {
-                options: baseLinuxMakerConfigOptions
+                options: baseLinuxMakerConfigOptions,
+                args: ["--rpm-sign"]
             }
         },
         {