chore(ci): add signed commits

2025-12-01 01:25:14 +01:00 · 2025-10-12 19:40:32 +02:00
parent 40c353ff4e
commit 61fc8af54d
2 changed files with 26 additions and 4 deletions
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -24,6 +24,27 @@ jobs:
        uses: actions/checkout@v5
        with:
          fetch-depth: 0
+      - name: Import GPG key and configure signing
+        env:
+          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+        run: |
+          echo "$GPG_PRIVATE_KEY" | gpg --batch --import
+          KEY_ID=$(gpg --list-secret-keys --keyid-format LONG | grep sec | tail -n1 | awk '{print $2}' | cut -d'/' -f2)
+
+          echo "use-agent" >> ~/.gnupg/gpg.conf
+          echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf
+          echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf
+
+          git config --global user.signingkey "$KEY_ID"
+          git config --global commit.gpgsign true
+          git config --global gpg.program gpg
+          git config --global gpg.format openpgp
+
+          export GPG_TTY=$(tty)
+          echo "test" | gpg --batch --yes --passphrase "$GPG_PASSPHRASE" --pinentry-mode loopback -u "$KEY_ID" -s >/dev/null
+
+          echo "Using GPG key: $KEY_ID"

      - name: Run semantic-release
        id: semantic
@@ -38,7 +59,10 @@ jobs:
            conventional-changelog-conventionalcommits
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
+          GIT_AUTHOR_NAME: semantic-release-bot
+          GIT_COMMITTER_NAME: semantic-release-bot
+          GIT_AUTHOR_EMAIL: arlind@sulej.ch
+          GIT_COMMITTER_EMAIL: arlind@sulej.ch
  docker:
    runs-on: ubuntu-24.04
    needs: release
--- a/README.md
+++ b/README.md
@@ -1,5 +1,3 @@
 # sulej.ch

 Welcome to the official repository of **[sulej.ch](https://sulej.ch/)**, my personal website.
-
-I have future plans for this repository, but that is a project for the future.