roobre
commented
1 week ago Dropping some context: As a part of building linux packages, goreleaser used to sign them with a GPG key. That key is not trivially accessible from GHA using standard shared-workflows.
I asked platform about this in the past here, and they suggested deployment_tools would be the right place to do the signing, and what everybody else publishing packages is doing.
We changed something recently that caused assets to not be published correctly:
bad: v0.28.2: https://github.com/grafana/synthetic-monitoring-agent/releases/tag/v0.28.2 good: v0.26.0: https://github.com/grafana/synthetic-monitoring-agent/releases/tag/v0.26.0