ci(release): add GPG signing for release pipeline

2024-12-30 19:14:16 +01:00 · 2024-12-30 19:14:16 +01:00 · d68ef5dc64
commit d68ef5dc64
parent 8ded8423ed
1 changed files with 15 additions and 0 deletions
--- a/.woodpecker/.release.yml
+++ b/.woodpecker/.release.yml
@ -10,6 +10,21 @@ steps:
        from_secret: gitea_token
      GIT_CREDENTIALS:
        from_secret: git_credentials
+      WOODPECKER_GPG:
+        from_secret: woodpecker_gpg
+      WOODPECKER_OWNERTRUST:
+        from_secret: woodpecker_ownertrust
+      GIT_AUTHOR_NAME: "semantic-release"
+      GIT_AUTHOR_EMAIL: "ci@icikowski.pl"
+      GIT_COMMITTER_NAME: "Woodpecker CI"
+      GIT_COMMITTER_EMAIL: "ci@icikowski.pl"
    commands:
+      - echo $WOODPECKER_GPG | base64 -d > /tmp/woodpecker.gpg
+      - echo $WOODPECKER_OWNERTRUST > /tmp/woodpecker-ownertrust.txt
+      - gpg -q --import /tmp/woodpecker.gpg
+      - gpg --import-ownertrust /tmp/woodpecker-ownertrust.txt
+      - git config --global user.signingkey BE8610DF8C393C56F3428A4D3E8CD051908CB569
+      - git config --global commit.gpgsign true
+      - git config --global tag.forceSignAnnotated true
      - npm i
      - npm run release