chore: Revert "ci: add gpg signing for RPM packages (#3612)" (#3946)

This reverts commit 67572dff6d.

.github/workflows/reusable-release.yaml

@@ -75,12 +75,6 @@ jobs:
           args: mod -licenses -json -output bom.json
           version: ^v1
 
-      - name: "save gpg key"
-        env:
-          GPG_KEY: ${{ secrets.GPG_KEY }}
-        run: |
-          echo "$GPG_KEY" > gpg.key
-
       - name: GoReleaser
         uses: goreleaser/goreleaser-action@v4
         with:
@@ -88,12 +82,6 @@ jobs:
           args: release -f=${{ inputs.goreleaser_config}} ${{ inputs.goreleaser_options}}
         env:
           GITHUB_TOKEN: ${{ secrets.ORG_REPO_TOKEN }}
-          NFPM_DEFAULT_RPM_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
-          GPG_FILE: "gpg.key"
-
-      - name: "remove gpg key"
-        run: |
-          rm gpg.key
 
       ## push images to registries
       ## only for canary build

.github/workflows/test.yaml

@@ -125,5 +125,4 @@ jobs:
       with:
         version: v1.4.1
         args: release --skip-sign --snapshot --rm-dist --skip-publish --timeout 90m
-      env:
-        GPG_FILE: "nofile"
+

docs/getting-started/installation.md

@@ -15,9 +15,8 @@ In this section you will find an aggregation of the different ways to install Tr
     [trivy]
     name=Trivy repository
     baseurl=https://aquasecurity.github.io/trivy-repo/rpm/releases/$RELEASE_VERSION/\$basearch/
-    gpgcheck=1
+    gpgcheck=0
     enabled=1
-    gpgkey=https://aquasecurity.github.io/trivy-repo/rpm/public.key
     EOF
     sudo yum -y update
     sudo yum -y install trivy

goreleaser.yml

@@ -74,9 +74,6 @@ nfpms:
     contents:
      - src: contrib/*.tpl
        dst: /usr/local/share/trivy/templates
-    rpm:
-      signature:
-         key_file: '{{ .Env.GPG_FILE }}'
 
 archives:
   -