Build: set up CI commit signing

gordonmleigh · Oct 4, 2024 · 4913974 · 4913974
1 parent a34c41a
commit 4913974
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -43,12 +43,24 @@ jobs:
       - name: Configure Git
         shell: bash
         run: |
+          git config gpg.format ssh
+          git config user.signingkey "${SSH_SIGNING_KEY_PUB}"
+          git config commit.gpgsign true
           git config user.name "${{ github.actor }}"
           git config user.email "${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com"
 
+      - name: Add signing key
+        shell: bash
+        run: |
+          ssh-agent -a /tmp/ssh-agent-sock
+          ssh-add - <<< "${SSH_SIGNING_KEY}"
+        env:
+          SSH_SIGNING_KEY: ${{ secrets.SSH_SIGNING_KEY }}
+
       - name: Release
         run: npm run release
         env:
+          SSH_AUTH_SOCK: /tmp/ssh-agent-sock
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
           NPM_CONFIG_PROVENANCE: true