From f2a27ce5714398ec0d5d15426d973c1bb68a0594 Mon Sep 17 00:00:00 2001
From: Piotr Icikowski <piotrekicikowski@gmail.com>
Date: Mon, 30 Dec 2024 18:58:23 +0100
Subject: [PATCH] ci(release): add GPG signing for release pipeline

---
 .woodpecker/.release.yml | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/.woodpecker/.release.yml b/.woodpecker/.release.yml
index 28485c0..1833958 100644
--- a/.woodpecker/.release.yml
+++ b/.woodpecker/.release.yml
@@ -10,6 +10,19 @@ steps:
         from_secret: gitea_token
       GIT_CREDENTIALS:
         from_secret: git_credentials
+      WOODPECKER_GPG:
+        from_secret: woodpecker_gpg
+      WOODPECKER_OWNERTRUST:
+        from_secret: woodpecker_ownertrust
+      GIT_AUTHOR_NAME: "semantic-release"
+      GIT_AUTHOR_EMAIL: "ci@icikowski.pl"
+      GIT_COMMITTER_NAME: "Woodpecker CI"
+      GIT_COMMITTER_EMAIL: "ci@icikowski.pl"
     commands:
+      - echo $WOODPECKER_GPG | base64 -d > /tmp/woodpecker.gpg
+      - echo $WOODPECKER_OWNERTRUST > /tmp/woodpecker-ownertrust.txt
+      - gpg -q --import /tmp/woodpecker.gpg
+      - gpg --import-ownertrust /tmp/woodpecker-ownertrust.txt
+      - git config --global user.signingkey BE8610DF8C393C56F3428A4D3E8CD051908CB569
       - npm i
       - npm run release