build: sign commits via stdlib-bot GPG key

Planeshifter · Planeshifter · commit 573918babede · 2023-12-25T17:13:31.000-06:00
diff --git a/.github/workflows/markdown_related_packages.yml b/.github/workflows/markdown_related_packages.yml
@@ -99,6 +99,16 @@ jobs:
         run: |
           rm -rf .git/hooks
 
+      # Import GPG key to sign commits:
+      - name: 'Import GPG key to sign commits'
+        # Pin action to full length commit SHA
+        uses: crazy-max/ghaction-import-gpg@82a020f1f7f605c65dd2449b392a52c3fcfef7ef # v6.0.0
+        with:
+          gpg_private_key: ${{ secrets.STDLIB_BOT_GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.STDLIB_BOT_GPG_PASSPHRASE }}
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+
       # Pick random READMEs from the `lib/node_modules/@stdlib` directory:
       - name: 'Pick random READMEs from the `lib/node_modules/@stdlib` directory'
         id: random-readmes
@@ -130,17 +140,6 @@ jobs:
           fi
         timeout-minutes: 10
 
-      # Import GPG key to sign commits:
-      - name: 'Import GPG key to sign commits'
-        if: steps.update-related-packages.outputs.changed == 'true'
-        # Pin action to full length commit SHA
-        uses: crazy-max/ghaction-import-gpg@82a020f1f7f605c65dd2449b392a52c3fcfef7ef # v6.0.0
-        with:
-          gpg_private_key: ${{ secrets.STDLIB_BOT_GPG_PRIVATE_KEY }}
-          passphrase: ${{ secrets.STDLIB_BOT_GPG_PASSPHRASE }}
-          git_user_signingkey: true
-          git_commit_gpgsign: true
-
       # Create a pull request with the changes:
       - name: 'Create pull request'
         id: cpr
@@ -156,6 +155,7 @@ jobs:
 
           commit-message: 'docs: update related packages sections'
           committer: 'stdlib-bot <82920195+stdlib-bot@users.noreply.github.com>'
+          signoff: true
           token: ${{ secrets.PULL_REQUEST_TOKEN }}
           labels: |
             documentation
diff --git a/.github/workflows/markdown_tocs.yml b/.github/workflows/markdown_tocs.yml
@@ -106,6 +106,16 @@ jobs:
         run: |
           rm -rf .git/hooks
 
+      # Import GPG key to sign commits:
+      - name: 'Import GPG key to sign commits'
+        # Pin action to full length commit SHA
+        uses: crazy-max/ghaction-import-gpg@82a020f1f7f605c65dd2449b392a52c3fcfef7ef # v6.0.0
+        with:
+          gpg_private_key: ${{ secrets.STDLIB_BOT_GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.STDLIB_BOT_GPG_PASSPHRASE }}
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+
       # Create a pull request with the updated tables of contents:
       - name: 'Create pull request'
         id: cpr
@@ -119,7 +129,8 @@ jobs:
             -   updates namespace table of contents
 
           commit-message: 'docs: update namespace table of contents'
-          committer: 'stdlib-bot <noreply@stdlib.io>'
+          signoff: true
+          committer: 'stdlib-bot <82920195+stdlib-bot@users.noreply.github.com>'
           token: ${{ secrets.PULL_REQUEST_TOKEN }}
           labels: |
             documentation
diff --git a/.github/workflows/namespace_declarations.yml b/.github/workflows/namespace_declarations.yml
@@ -90,6 +90,11 @@ jobs:
         run: |
           make list-pkgs-namespaces | node lib/node_modules/@stdlib/_tools/scripts/create_namespace_types.js
 
+      # Disable Git hooks:
+      - name: 'Disable Git hooks'
+        run: |
+          rm -rf .git/hooks
+
       # Import GPG key to sign commits:
       - name: 'Import GPG key to sign commits'
         # Pin action to full length commit SHA
@@ -100,11 +105,6 @@ jobs:
           git_user_signingkey: true
           git_commit_gpgsign: true
 
-      # Disable Git hooks:
-      - name: 'Disable Git hooks'
-        run: |
-          rm -rf .git/hooks
-
       # Create a pull request with the updated declarations:
       - name: 'Create pull request'
         id: cpr
@@ -118,7 +118,8 @@ jobs:
             -   updates namespace TypeScript declarations
 
           commit-message: 'feat: update namespace TypeScript declarations'
-          committer: 'stdlib-bot <noreply@stdlib.io>'
+          committer: 'stdlib-bot <82920195+stdlib-bot@users.noreply.github.com>'
+          signoff: true
           token: ${{ secrets.PULL_REQUEST_TOKEN }}
           labels: |
             documentation
diff --git a/.github/workflows/update_cli_permissions.yml b/.github/workflows/update_cli_permissions.yml
@@ -77,6 +77,16 @@ jobs:
         run: |
           rm -rf .git/hooks
 
+      # Import GPG key to sign commits:
+      - name: 'Import GPG key to sign commits'
+        # Pin action to full length commit SHA
+        uses: crazy-max/ghaction-import-gpg@82a020f1f7f605c65dd2449b392a52c3fcfef7ef # v6.0.0
+        with:
+          gpg_private_key: ${{ secrets.STDLIB_BOT_GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.STDLIB_BOT_GPG_PASSPHRASE }}
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+
       # Create a pull request with the updated files:
       - name: 'Create pull request'
         id: cpr
@@ -85,7 +95,8 @@ jobs:
         with:
           title: 'fix: make CLI scripts executable'
           commit-message: 'fix: make CLI scripts executable'
-          committer: 'stdlib-bot <noreply@stdlib.io>'
+          committer: 'stdlib-bot <82920195+stdlib-bot@users.noreply.github.com>'
+          signoff: true
           body: |
             This PR changes the permissions of project `cli` scripts to be executable.
           token: ${{ secrets.PULL_REQUEST_TOKEN }}
