2 files changed, 29 insertions, 1 deletions

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 8ea5f7a..f02db1b 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -36,11 +36,13 @@ jobs:
         else
           tar czvf ${{ matrix.name }} target/release/${{ matrix.bin }} sentrum.sample.toml contrib/sentrum.service
         fi
+    - name: Generate Changelog
+      run: utils/generate_changelog.sh ${{ github.ref_name }} > ${{ github.workspace }}-CHANGELOG.md
     - name: Publish
       uses: softprops/action-gh-release@v2
       if: startsWith(github.ref, 'refs/tags/')
       with:
-          body_path: docs/CHANGELOG.md
+          body_path: ${{ github.workspace }}-CHANGELOG.md
           draft: true
           fail_on_unmatched_files: true
           files: sentrum-*
diff --git a/utils/generate_changelog.sh b/utils/generate_changelog.sh
new file mode 100755
index 0000000..05e7e9e
--- /dev/null
+++ b/utils/generate_changelog.sh
@@ -0,0 +1,26 @@
+#|/usr/bin/env sh
+
+script_dir=$(dirname -- "$(readlink -f "$0")")
+
+sed '/^$/q' "$script_dir"/../docs/CHANGELOG.md
+
+echo '## Verifying the release
+
+0. Import my gpg public key into your keyring (you only need to do this once, not for every release):
+
+```bash
+gpg --auto-key-locate clear,wkd --locate-keys sommerfeld@sommerfeld.dev
+```
+
+1. Download `sentrum-%s-manifest.txt` and `sentrum-%s-manifest.txt.asc` to the same directory where you are downloading the binary.
+2. Verify the gpg signature is mine (should ouput `Good signature`)`:
+
+```bash
+gpg --verify sentrum-%s-manifest.txt.asc
+```
+
+3. Verify the checksums of the binaries (should output `OK`):
+
+```bash
+sha256sum --check  --ignore-missing sentrum-%s-manifest.txt
+```' | sed "s/%s/$1/g"