Add release signing to release workflow

.github/workflows/bun-release.yml

@@ -11,6 +11,39 @@ on:
         description: The tag to publish
         required: true
 jobs:
+  sign:
+    name: Sign Release
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: packages/bun-release
+    steps:
+      - id: checkout
+        name: Checkout
+        uses: actions/checkout@v3
+      - id: setup-env
+        name: Setup Environment
+        run: |
+          TAG="${{ github.event.inputs.tag }}"
+          TAG="${TAG:-"${{ github.event.release.tag_name }}"}"
+          echo "Setup tag: ${TAG}"
+          echo "TAG=${TAG}" >> ${GITHUB_ENV}
+      - id: setup-bun
+        name: Setup Bun
+        uses: oven-sh/setup-bun@v0.1.8
+        with:
+          bun-version: canary
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+      - id: bun-install
+        name: Install Dependencies
+        run: bun install
+      - id: bun-run
+        name: Sign Release
+        run: |
+          echo "$GPG_PASSPHRASE" | bun upload-assets -- "${{ env.TAG }}"
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
   npm:
     name: Release to NPM
     runs-on: ubuntu-latest
@@ -90,6 +123,7 @@ jobs:
   docker:
     name: Release to Dockerhub
     runs-on: ubuntu-latest
+    needs: sign
     steps:
       - id: checkout
         name: Checkout