- name: Make GPG directory tempfile: state: directory register: gnupg_tmpdir - name: Create GPG private key tempfile tempfile: state: file register: gpg_private_key_tmp - name: Create GPG private key copy: content: "{{ gpg_key.private }}" dest: "{{ gpg_private_key_tmp.path }}" mode: 0400 - name: Import GPG private key command: "gpg --homedir {{ gnupg_tmpdir.path }} --allow-secret-key-import --import {{ gpg_private_key_tmp.path }}" - name: Delete GPG private key file: path: "{{ gpg_private_key_tmp.path }}" state: absent - name: Find files to sign find: paths: "{{ gpg_sign_path }}" register: artifacts - name: Sign artifacts command: "gpg --homedir {{ gnupg_tmpdir.path }} --armor --detach-sign {{ zj_artifact.path }}" with_items: "{{ artifacts.files }}" loop_control: loop_var: zj_artifact when: artifacts.matched > 0 - name: Delete keyring directory file: path: "{{ gnupg_tmpdir.path }}" state: absent - name: Record checksums command: "sha256sum {{ zj_artifact.path }}" with_items: "{{ artifacts.files }}" loop_control: loop_var: zj_artifact when: artifacts.matched > 0 - name: Record signatures command: "cat {{ zj_artifact.path }}.asc" with_items: "{{ artifacts.files }}" loop_control: loop_var: zj_artifact when: artifacts.matched > 0