From e73523da355f45487cd47ca87cfd334a7327bfd1 Mon Sep 17 00:00:00 2001 From: Ondrej Mirtes Date: Sun, 12 Mar 2023 14:08:23 +0100 Subject: [PATCH] PHAR - sign as PHPStan Bot --- .github/workflows/create-tag.yml | 2 +- .github/workflows/phar.yml | 36 ++++++++++++++++---------------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/.github/workflows/create-tag.yml b/.github/workflows/create-tag.yml index 6b664a48e8..8452d98693 100644 --- a/.github/workflows/create-tag.yml +++ b/.github/workflows/create-tag.yml @@ -24,7 +24,7 @@ jobs: uses: actions/checkout@v3 with: fetch-depth: 0 - token: ${{ secrets.PAT }} + token: ${{ secrets.PHPSTAN_BOT_TOKEN }} - name: 'Get Previous tag' id: previoustag diff --git a/.github/workflows/phar.yml b/.github/workflows/phar.yml index 91fdabde17..ef18479600 100644 --- a/.github/workflows/phar.yml +++ b/.github/workflows/phar.yml @@ -147,17 +147,23 @@ jobs: runs-on: "ubuntu-latest" timeout-minutes: 60 steps: - - name: "Configure GPG signing key" - run: echo "$GPG_SIGNING_KEY" | base64 --decode | gpg --import --no-tty --batch --yes - env: - GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }} + - + name: Import GPG key + id: import-gpg + uses: crazy-max/ghaction-import-gpg@v5 + with: + gpg_private_key: ${{ secrets.GPG_PHPSTANBOT_PRIVATE_KEY }} + passphrase: ${{ secrets.GPG_PHPSTANBOT_KEY_PASSPHRASE }} + git_config_global: true + git_user_signingkey: true + git_commit_gpgsign: true - name: "Checkout phpstan-dist" uses: actions/checkout@v3 with: repository: phpstan/phpstan path: phpstan-dist - token: ${{ secrets.PAT }} + token: ${{ secrets.PHPSTAN_BOT_TOKEN }} ref: 1.10.x - name: "Get previous pushed dist commit" @@ -215,18 +221,12 @@ jobs: working-directory: phpstan-dist run: rm phpstan.phar.asc && gpg --command-fd 0 --pinentry-mode loopback -u "$GPG_ID" --batch --detach-sign --armor --output phpstan.phar.asc phpstan.phar env: - GPG_ID: ${{ secrets.GPG_ID }} + GPG_ID: ${{ steps.import-gpg.outputs.fingerprint }} - name: "Verify PHAR" working-directory: phpstan-dist run: "gpg --verify phpstan.phar.asc" - - name: "Set Git signing key" - working-directory: phpstan-dist - run: git config user.signingkey "$GPG_ID" - env: - GPG_ID: ${{ secrets.GPG_ID }} - - name: "Install lucky_commit" uses: baptiste0928/cargo-install@v1 with: @@ -239,10 +239,10 @@ jobs: env: INPUT_LOG: ${{ steps.git-log.outputs.log }} run: | - git config --global user.name "Ondrej Mirtes" - git config --global user.email "ondrej@mirtes.cz" + git config --global user.name "phpstan-bot" + git config --global user.email "ondrej+phpstanbot@mirtes.cz" git add . - git commit --gpg-sign -m "Updated PHPStan to commit ${{ github.event.after }}" -m "$INPUT_LOG" --author "Ondrej Mirtes " + git commit --gpg-sign -m "Updated PHPStan to commit ${{ github.event.after }}" -m "$INPUT_LOG" --author "phpstan-bot " lucky_commit ${{ steps.short-src-sha.outputs.sha }} git push @@ -250,9 +250,9 @@ jobs: if: "startsWith(github.ref, 'refs/tags/')" uses: stefanzweifel/git-auto-commit-action@v4 with: - commit_user_name: "Ondrej Mirtes" - commit_user_email: "ondrej@mirtes.cz" - commit_author: "Ondrej Mirtes " + commit_user_name: "phpstan-bot" + commit_user_email: "ondrej+phpstanbot@mirtes.cz" + commit_author: "phpstan-bot " commit_options: "--gpg-sign" repository: phpstan-dist commit_message: "PHPStan ${{github.ref_name}}"