Skip to content

Commit

Permalink
Set GPG trust to full in CI and nightly workflows
Browse files Browse the repository at this point in the history
  • Loading branch information
lopopolo committed Sep 9, 2024
1 parent c7f5020 commit d0446d0
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 0 deletions.
6 changes: 6 additions & 0 deletions .github/workflows/ci.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,12 @@ jobs:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_SIGNING_KEY_PASSPHRASE }}
fingerprint: 1C4A856ACF86EC1EE841180FAF57A37CAC061452
# Set the GPG key to full trust (value 4) to ensure reliable signing
# and verification in CI. Full trust balances security and practicality
# in automated environments, avoiding prompts or failures that can
# occur with marginal trust, while not compromising security like
# ultimate trust.
trust_level: 4

- name: List keys
run: gpg -K
Expand Down
12 changes: 12 additions & 0 deletions .github/workflows/nightly.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -220,6 +220,12 @@ jobs:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_SIGNING_KEY_PASSPHRASE }}
fingerprint: 1C4A856ACF86EC1EE841180FAF57A37CAC061452
# Set the GPG key to full trust (value 4) to ensure reliable signing
# and verification in CI. Full trust balances security and practicality
# in automated environments, avoiding prompts or failures that can
# occur with marginal trust, while not compromising security like
# ultimate trust.
trust_level: 4

- name: List keys
run: gpg -K
Expand Down Expand Up @@ -439,6 +445,12 @@ jobs:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_SIGNING_KEY_PASSPHRASE }}
fingerprint: 1C4A856ACF86EC1EE841180FAF57A37CAC061452
# Set the GPG key to full trust (value 4) to ensure reliable signing
# and verification in CI. Full trust balances security and practicality
# in automated environments, avoiding prompts or failures that can
# occur with marginal trust, while not compromising security like
# ultimate trust.
trust_level: 4

- name: List keys
run: gpg -K
Expand Down

0 comments on commit d0446d0

Please sign in to comment.