From 655e47fb8da23e62b3edd56dd93f2946bebc55a2 Mon Sep 17 00:00:00 2001
From: nopeitsnothing <no@anonymousplanet.org>
Date: Sun, 19 Apr 2026 00:25:57 -0400
Subject: [PATCH] The GPG bit fails, let's try again

Signed-off-by: nopeitsnothing <no@anonymousplanet.org>
---
 .github/workflows/build-sign-release.yml | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/build-sign-release.yml b/.github/workflows/build-sign-release.yml
index 178bff9..80002d7 100644
--- a/.github/workflows/build-sign-release.yml
+++ b/.github/workflows/build-sign-release.yml
@@ -83,13 +83,24 @@ jobs:
         run: |
           cd ${{ github.workspace }}
 
-          # Import GPG key (if not already imported)
+          # Import GPG key if not already imported
           export GPG_TTY=$(tty)
           echo "$GPG_KEY" | gpg --batch --import 2>/dev/null || true
 
-          # Sign the PDFs with detach signatures
-          gpg --batch --yes --armor --detach-sign --output export/thgtoa.pdf.sig export/thgtoa.pdf 2>/dev/null || true
-          gpg --batch --yes --armor --detach-sign --output export/thgtoa-dark.pdf.sig export/thgtoa-dark.pdf 2>/dev/null || true
+          # Sign each PDF file individually with detached signature
+          for pdf_file in export/*.pdf; do
+            if [ -f "$pdf_file" ]; then
+              base_name=$(basename "$pdf_file")
+              echo "Signing $base_name..."
+              gpg --batch --yes --armor --detach-sign --output "export/${pdf_file}.sig" "$pdf_file" 2>/dev/null || true
+            fi
+          done
+
+          # Verify signatures were created
+          ls -la export/*.sig 2>/dev/null || echo "No signature files found in export/"
+        env:
+          GPG_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
 
       - name: 🦠 Upload PDFs to VirusTotal
         uses: crazy-max/ghaction-virustotal@v5