encrypt file with sops with github workflow

Question

I'm trying to encrypt a file with sops with github actions, my workflow code is

name: Encrypt application secrets
on:
  workflow_dispatch:
jobs:
  encrypt:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout code
      uses: actions/checkout@v2
      with:
        fetch-depth: 1
    - name: sops install
      run: |
        curl -O -L -C - https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.darwin
        sudo mv sops-v3.7.1.darwin /usr/bin/sops
        sudo chmod +x /usr/bin/sops
    - name: upload keystore
      run: gpg --import .github/.gpg
    - name: encrypt file
      run: |
        sudo chmod +x /usr/bin/sops
        sudo sops --encrypt --in-place .github/application.secrets.yaml

But I get this error

Run sudo chmod +x /usr/bin/sops
  sudo chmod +x /usr/bin/sops
  sudo sops --encrypt --in-place .github/application.secrets.yaml
  shell: /usr/bin/bash -e {0}
/usr/bin/sops: 1: ����
�: not found
/usr/bin/sops: 8: Syntax error: word unexpected (expecting ")")

Is there someone who can help please ?

Answer 1

Following worked for my github pipline (though for decryption purposes):

# main.yaml
...
jobs:
    build-publish-deploy:
        name: Build, Publish and Deploy
        runs-on: ubuntu-latest

        steps:
        ...
            - name: Decrypt secret
              run: |-
                  curl -O -L -C - https://github.com/mozilla/sops/releases/download/v3.7.3/sops-v3.7.3.linux
                  sudo mv sops-v3.7.3.linux /usr/bin/sops
                  sudo chmod +x /usr/bin/sops
                  export SOPS_AGE_KEY=${{ secrets.GKE_DWK_SOPS_AGE_KEY }}
                  sops --decrypt manifests/secret.enc.yaml > manifests/secret.yaml
...

Darwin files are usually for MacOS and you are requesting to run on ubuntu-latest.