update signing to the new, more robust version

2025-07-11 08:36:22 -07:00 · 2025-07-11 08:36:22 -07:00 · 7520a46f5a
commit 7520a46f5a
parent 5491b45b36
1 changed files with 6 additions and 4 deletions
--- a/.gitea/workflows/build.yaml
+++ b/.gitea/workflows/build.yaml
@ -13,10 +13,11 @@ jobs:
      - run: echo "Triggered by ${{ github.event_name }} event"
      - name: Check out repository code
        uses: actions/checkout@v3
-      - uses: elerch/setup-zig@v3
+      - name: Setup Zig
        uses: https://github.com/mlugg/setup-zig@v2.0.4
        with:
          version: 0.13.0
-      - uses: elerch/zig-action-cache@v1.1.6
+      - uses: https://github.com/Hanaasagi/zig-action-cache@3954aae427f8b05914e08dfd79f15e1f2e435929
      - name: Test
        run: zig build test -Dtarget="$BUILD_TARGET"
      - name: Build
@ -35,7 +36,7 @@ jobs:
          user: ${{ secrets.NTFY_USER }}
          password: ${{ secrets.NTFY_PASSWORD }}
  sign:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-hsm
    needs: build
    steps:
      - name: Download Artifact
@ -46,11 +47,12 @@ jobs:
        run: "chmod 755 flexilib"
      - name: Sign
        id: sign
-        uses: https://git.lerch.org/lobo/action-hsm-sign@v1
+        uses: https://git.lerch.org/lobo/action-hsm-sign@v2
        with:
          pin: ${{ secrets.HSM_USER_PIN }}
          files: flexilib
          public_key: 'https://emil.lerch.org/serverpublic.pem'
          uhub_control: 'true'
      - name: Output signature URL
        run: echo "Signature URL is ${{ steps.sign.outputs.URL_0 }}"
      - name: Upload Artifact