feat(forge): rpm signing

.github/actions/build-electron/action.yml

@@ -55,6 +55,12 @@ runs:
       security set-keychain-settings -t 3600 -l build-app-${{ github.run_id }}.keychain
       security set-keychain-settings -t 3600 -l build-installer-${{ github.run_id }}.keychain
 
+  - name: Import GPG signing key
+    if: inputs.os == 'linux'
+    shell: ${{ inputs.shell }}
+    run: |
+      echo -n "$GPG_SIGNING_KEY" | base64 --decode | gpg --import
+
   - name: Set up Python and other macOS dependencies
     if: ${{ inputs.os == 'macos' }}
     shell: ${{ inputs.shell }}

.github/workflows/nightly.yml

@@ -76,6 +76,7 @@ jobs:
           APPLE_ID: ${{ secrets.APPLE_ID }}
           APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
           WINDOWS_SIGN_EXECUTABLE: ${{ vars.WINDOWS_SIGN_EXECUTABLE }}
+          GPG_SIGNING_KEY: ${{ secrets.GPG_SIGN_KEY }}
 
       - name: Publish release
         uses: softprops/action-gh-release@v2.3.2
@@ -97,7 +98,7 @@ jobs:
           path: apps/desktop/upload
 
   nightly-server:
-    if: github.repository == 'TriliumNext/Trilium'  
+    if: github.repository == 'TriliumNext/Trilium'
     name: Deploy server nightly
     strategy:
       fail-fast: false

.github/workflows/release.yml

@@ -58,6 +58,7 @@ jobs:
           APPLE_ID: ${{ secrets.APPLE_ID }}
           APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
           WINDOWS_SIGN_EXECUTABLE: ${{ vars.WINDOWS_SIGN_EXECUTABLE }}
+          GPG_SIGNING_KEY: ${{ secrets.GPG_SIGN_KEY }}
 
       - name: Upload the artifact
         uses: actions/upload-artifact@v4

apps/desktop/electron-forge/forge.config.ts

@@ -106,7 +106,8 @@ const config: ForgeConfig = {
         {
             name: "@electron-forge/maker-rpm",
             config: {
-                options: baseLinuxMakerConfigOptions
+                options: baseLinuxMakerConfigOptions,
+                args: ["--rpm-sign"]
             }
         },
         {