Sign git tag as one of the last steps

If it fails then the whole release should not fail,
signing git tag can be tried again.

bin/build-helper

@@ -313,11 +313,6 @@ eof
         # Tag the current commit
         "$0" release-git-tag
 
-        # sign git tag
-        printf "Enter upstream repository authentication token: "
-        read token
-        "$0" sign-git-release "${target_version}" "${token}"
-
         # Also merge back the version branch
         if [ "$masterbranch" = yes ]; then
             git checkout master
@@ -343,6 +338,11 @@ eof
         # Archlinux release is based on pypi
         make archlinux-release
 
+        # sign git tag
+        printf "Enter upstream repository authentication token: "
+        read token
+        "$0" sign-git-release "${target_version}" "${token}"
+
         # Announce change on ML
         make ml-release
 

bin/build-helper.freebsd

@@ -347,11 +347,6 @@ eof
         # Tag the current commit
         "$0" release-git-tag
 
-        # sign git tag
-        printf "Enter upstream repository authentication token: "
-        read token
-        "$0" sign-git-release "${target_version}" "${token}"
-
         # Also merge back the version branch
         if [ "$masterbranch" = yes ]; then
             git checkout master
@@ -393,6 +388,11 @@ eof
             ;;
         esac
 
+        # sign git tag
+        printf "Enter upstream repository authentication token: "
+        read token
+        "$0" sign-git-release "${target_version}" "${token}"
+
         # Announce change on ML
         make helper=${helper} WEBDIR=${WEBDIR} ml-release
     ;;