From d4b5b1444620c07580325916f1599179dfd141f3 Mon Sep 17 00:00:00 2001
From: DerDavidBohl <david@davidbohl.org>
Date: Mon, 6 Oct 2025 17:58:38 +0200
Subject: [PATCH] Sign Tags and Commits

---
 .github/workflows/publish.yml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index c1636d8..57ea0d4 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -43,15 +43,18 @@ jobs:
 
       - name: Commit and push changes
         run: |
+          git config --global user.signingkey $GITHUB_GPG_KEY
+          git config --global commit.gpgsign true
           git config user.name "GitHub Actions"
           git config user.email "actions@github.com"
           git add ./backend/pom.xml ./frontend/package.json ./frontend/package-lock.json
-          git commit -m "Bump version to ${{ github.event.inputs.version }}"
-          git tag v${{ github.event.inputs.version }}
+          git commit -S -m "Bump version to ${{ github.event.inputs.version }}"
+          git tag -s v${{ github.event.inputs.version }}
           git push https://x-access-token:${GH_PAT}@github.com/${GITHUB_REPOSITORY}.git HEAD:${GITHUB_REF_NAME}
           # Tag pushen
           git push https://x-access-token:${GH_PAT}@github.com/${GITHUB_REPOSITORY}.git v${{ github.event.inputs.version }}
         env:
+          GITHUB_GPG_KEY: ${{ env.GITHUB_GPG_KEY }}
           GH_PAT: ${{ secrets.GITHUB_TOKEN }}
           GITHUB_REPOSITORY: ${{ github.repository }}
           GITHUB_REF_NAME: ${{ github.ref_name }}