add commit signing on PR [no ci]

YaroShkvorets · YaroShkvorets · commit 9239c30dc8cc · 2025-06-21T12:05:38.000-04:00
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
@@ -9,9 +9,14 @@ permissions: write-all
 jobs:
   dependencies:
     uses: ./.github/workflows/shared-changesets-dependencies.yml
+    with:
+      gitUserEmail: ops@pinax.network
+      gitUserName: pinax-bot
     if: ${{ github.event.pull_request.title != 'Upcoming Release Changes' }}
     secrets:
-      githubToken: ${{ secrets.GITHUB_TOKEN }}
+      githubToken: ${{ secrets.PINAX_BOT_GITHUB_TOKEN }}
+      pgpPrivateKey: ${{ secrets.PINAX_BOT_PGP_PRIVATE_KEY }}
+      pgpPassphrase: ${{ secrets.PINAX_BOT_PGP_PASSPHRASE }}
 
   alpha:
     uses: ./.github/workflows/shared-release-snapshot.yml
diff --git a/.github/workflows/shared-changesets-dependencies.yml b/.github/workflows/shared-changesets-dependencies.yml
@@ -23,9 +23,21 @@ on:
         required: false
         type: string
         default: '20'
+      gitUserEmail:
+        required: false
+        type: string
+        default: ''
+      gitUserName:
+        required: false
+        type: string
+        default: ''
     secrets:
       githubToken:
         required: true
+      pgpPrivateKey:
+        required: true
+      pgpPassphrase:
+        required: true
 
 jobs:
   changeset:
@@ -38,6 +50,16 @@ jobs:
           fetch-depth: 0
           token: ${{ secrets.githubToken }}
 
+      - name: Import bot's GPG key for signing commits
+        id: import-gpg
+        uses: crazy-max/ghaction-import-gpg@v4
+        with:
+          gpg_private_key: ${{ secrets.pgpPrivateKey }}
+          passphrase: ${{ secrets.pgpPassphrase }}
+          git_config_global: true
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+
       - uses: ./.github/actions/setup-node
         name: setup env and install dependencies
         if: ${{ inputs.installDependencies }}
@@ -47,8 +69,10 @@ jobs:
           packageManagerVersion: ${{ inputs.packageManagerVersion }}
 
       - name: Create/Update Changesets
-        uses: pinax-network/changesets-dependencies-action@v1.2.2
+        uses: pinax-network/changesets-dependencies-action@v1.3.0
         with:
           preCommit: ${{ inputs.preCommit }}
+          gitUserEmail: ${{ inputs.gitUserEmail }}
+          gitUserName: ${{ inputs.gitUserName }}
         env:
           GITHUB_TOKEN: ${{ secrets.githubToken }}
