From bc49ea0231846526b6e565c5fbacec7c39f1d58c Mon Sep 17 00:00:00 2001
From: Nicolas Duchon <nicolas.duchon@gmail.com>
Date: Fri, 17 May 2024 12:43:42 +0200
Subject: [PATCH] ci: attempt to fix DCT key

---
 .github/workflows/build-publish-signed.yml | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/build-publish-signed.yml b/.github/workflows/build-publish-signed.yml
index 7bb8c0e..e8c734c 100644
--- a/.github/workflows/build-publish-signed.yml
+++ b/.github/workflows/build-publish-signed.yml
@@ -24,11 +24,13 @@ jobs:
       - name: Load DCT delegation key
         env:
           DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DCT_KEY_PASSPHRASE }}
-          DCT_KEY_BASE64: ${{ secrets.DCT_KEY_BASE64 }}
+          DCT_KEY_PATH: ~/.docker/trust/private/${{ vars.DCT_KEY_ID }}.key
         run: |
-          echo "$DCT_KEY_BASE64" | base64 -d > delegation.key
-          chmod 600 delegation.key
-          docker trust key load delegation.key --name gha
+          mkdir -p ~/.docker/trust/private
+          echo "${{ secrets.DCT_KEY_BASE64 }}" | base64 -d > delegation.key
+          mv -f delegation.key "$DCT_KEY_PATH"
+          chmod 600 "$DCT_KEY_PATH"
+          docker trust key load "$DCT_KEY_PATH" --name gha
 
       - name: Login to DockerHub
         uses: docker/login-action@v3
@@ -50,4 +52,7 @@ jobs:
           docker trust inspect --pretty ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}
 
       - name: Remove DCT delegation key
-        run: rm delegation.key
+        env:
+          DCT_KEY_PATH: ~/.docker/trust/private/${{ vars.DCT_KEY_ID }}.key
+        run: |
+          rm "$DCT_KEY_PATH"