diff --git a/.github/workflows/package-release.yml b/.github/workflows/package-release.yml index 8dcc52cc..3a62c95d 100644 --- a/.github/workflows/package-release.yml +++ b/.github/workflows/package-release.yml @@ -28,6 +28,16 @@ jobs: with: fetch-depth: 0 token: ${{ secrets.TEK_OPENSOURCE_TOKEN }} + persist-credentials: false + - name: Import GPG key for signing commits + id: import-gpg + uses: crazy-max/ghaction-import-gpg@v4 + with: + gpg_private_key: ${{ secrets.TEK_OPENSOURCE_GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.TEK_OPENSOURCE_GPG_PASSPHRASE }} + git_config_global: true + git_user_signingkey: true + git_commit_gpgsign: true - name: Set up Python uses: actions/setup-python@v4 with: @@ -39,15 +49,13 @@ jobs: run: cp CHANGELOG.md python_semantic_release_templates/.previous_changelog_for_template.md - name: Python Semantic Release id: release - uses: python-semantic-release/python-semantic-release@v8.0.0 + uses: python-semantic-release/python-semantic-release@v8.1.2 with: root_options: --verbose --strict force: ${{ inputs.release_level }} - github_token: ${{ secrets.GITHUB_TOKEN }} - git_committer_name: Tektronix - git_committer_email: opensource@tektronix.com - ssh_public_signing_key: ${{ secrets.TEK_OPENSOURCE_PUBLIC_KEY }} - ssh_private_signing_key: ${{ secrets.TEK_OPENSOURCE_PRIVATE_KEY }} + github_token: ${{ secrets.TEK_OPENSOURCE_TOKEN }} + git_committer_name: ${{ steps.import-gpg.outputs.name }} + git_committer_email: ${{ steps.import-gpg.outputs.email }} outputs: built-version: ${{ steps.release.outputs.version }} pypi-build: