From a470453e8bc1ec6834f3adc36238bd618ed40436 Mon Sep 17 00:00:00 2001
From: Shin'ya Ueoka <ueokande@i-beam.org>
Date: Tue, 23 Jul 2024 22:52:35 +0900
Subject: [PATCH] fix: sign published tags and commits

---
 .github/workflows/release.yml | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 23882e5..9d75d31 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -34,9 +34,13 @@ jobs:
           full_version: ${{ steps.release.outputs.major }}.${{ steps.release.outputs.minor }}.${{ steps.release.outputs.patch }}
           tag_name: ${{ steps.release.outputs.tag_name }}
         run: |
+          gpg --allow-secret-key-import --import <<< "${{ secrets.PRIVATE_SIGNING_KEY }}"
           git remote set-url origin https://github-actions:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}
-          git config --global user.name "${GITHUB_ACTOR}"
-          git config --global user.email "${GITHUB_ACTOR}@users.noreply.github.com"
+          git config commit.gpgsign true
+          git config tag.gpgsign true
+          git config --global user.name ueokande
+          git config --global user.email ueokande@i-beam.org
+          git config --global user.signingkey 7F94715D031FDE95
 
           git add .
           git commit --allow-empty --message "Release v${full_version} at ${GITHUB_SHA}"