From 753bce84cee28a24097931c30d55fdba6c3dc00d Mon Sep 17 00:00:00 2001
From: Alex Lovell-Troy <alovelltroy@lanl.gov>
Date: Tue, 17 Mar 2026 17:49:04 -0400
Subject: [PATCH] Add step to display signing subkey expiration

Added a step to show signing subkey expiration in the GPG key import process.

Signed-off-by: Alex Lovell-Troy <alovelltroy@lanl.gov>
---
 .github/workflows/build-rpm.yaml | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/build-rpm.yaml b/.github/workflows/build-rpm.yaml
index 096f0ec..ff403d1 100644
--- a/.github/workflows/build-rpm.yaml
+++ b/.github/workflows/build-rpm.yaml
@@ -37,11 +37,27 @@ jobs:
       - name: Import GPG key
         run: |
           echo "$GPG_PRIVATE_KEY" | base64 --decode | gpg --import --batch --yes
-          gpg -K --keyid-format long
-          gpg --list-secret-keys --with-subkey-fingerprints --keyid-format long
-          gpg --list-secret-keys --with-colons
         env:
           GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+          
+      - name: Show signing subkey expiration
+        shell: bash
+        run: |
+          gpg --list-secret-keys --with-colons \
+          | awk -F: '
+            $1=="ssb" && $12 ~ /s/ {
+              keyid = $5
+              expires = $7
+              if (expires == "" || expires == "0") {
+                edate = "never"
+              } else {
+                cmd = "date -u -d @" expires " +\"%Y-%m-%d %H:%M:%S UTC\""
+                cmd | getline edate
+                close(cmd)
+              }
+              printf "signing subkey %s expires: %s\n", keyid, edate
+             }
+          '   
 
       - name: Get version
         id: get_version