From dbd512edf5693e90751ff18ab54a1c350284beaf Mon Sep 17 00:00:00 2001
From: Maxime David <contact@maxday.dev>
Date: Sat, 31 May 2025 16:11:35 +0100
Subject: [PATCH] feat: sign release

---
 .github/workflows/release-layer-nodejs.yml | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release-layer-nodejs.yml b/.github/workflows/release-layer-nodejs.yml
index b787a5f203..b4b3ff336c 100644
--- a/.github/workflows/release-layer-nodejs.yml
+++ b/.github/workflows/release-layer-nodejs.yml
@@ -52,15 +52,28 @@ jobs:
         run: mv layer.zip opentelemetry-nodejs-layer.zip
         working-directory: nodejs/packages/layer/build
 
+      - name: Import GPG Key
+        run: echo "$GPG_PRIVATE_KEY" | gpg --batch --import
+        env:
+          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+
       - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         name: Save assembled layer to build
         with:
           name: opentelemetry-nodejs-layer.zip
           path: nodejs/packages/layer/build/opentelemetry-nodejs-layer.zip
+
+      - name: Sign the zip file
+        run: |
+          gpg --armor --output opentelemetry-nodejs-layer.zip.asc \
+              --detach-sign opentelemetry-nodejs-layer.zip
+        working-directory: nodejs/packages/layer/build
           
       - name: Add Binary to Release
         run: |
-          gh release upload ${{github.ref_name}} nodejs/packages/layer/build/opentelemetry-nodejs-layer.zip
+          gh release upload ${{ github.ref_name }} \
+            nodejs/packages/layer/build/opentelemetry-nodejs-layer.zip \
+            nodejs/packages/layer/build/opentelemetry-nodejs-layer.zip.asc
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}