I am trying to verify the signature of a CLI I am trying to install into a GitHub action.
steps:
- uses: actions/checkout@v3
- name: Download SnowSQL
run: curl -O https://sfc-repo.snowflakecomputing.com/snowsql/bootstrap/1.2/linux_x86_64/snowsql-1.2.24-linux_x86_64.bash
- name: Download GPG public key
run: curl -O https://sfc-repo.snowflakecomputing.com/snowsql/bootstrap/1.2/linux_x86_64/snowsql-1.2.24-linux_x86_64.bash.sig
- name: Print content
run: ls
- name: Verify the package signature
run: gpg --verify snowsql-1.2.24-linux_x86_64.bash.sig snowsql-1.2.24-linux_x86_64.bash
When doing so I am getting an error.
gpg: directory '/home/runner/.gnupg' created
gpg: keybox '/home/runner/.gnupg/pubring.kbx' created
gpg: Signature made Thu Oct 20 18:31:13 2022 UTC
gpg: using RSA key 630D9F3CAB551AF3
gpg: Can't check signature: No public key
I added the ls to see if both files are there and they do show up in the path. Output from ls:
README.md
snowsql-1.2.24-linux_x86_64.bash
snowsql-1.2.24-linux_x86_64.bash.sig
Any idea on what causes this and how it can be fixed?