use webfactory/ssh-agent to sign commits

author: Franck Cuny <franck@fcuny.net> 2023-12-03 08:38:47 -0800
committer: Franck Cuny <franck@fcuny.net> 2023-12-03 08:38:47 -0800
commit: 4695263698294b94ebb0c78ea0a5145cd296e852 (patch)
tree: 50e58c728f3f4d38a21ac6bea9c0a55a7ebe5d0b /.github
parent: sign the commit when updating flake.lock (diff)
download: fcuny.net-4695263698294b94ebb0c78ea0a5145cd296e852.tar.gz
1 files changed, 5 insertions, 3 deletions
diff --git a/.github/workflows/update.yml b/.github/workflows/update.yml
index 471f2c9..b6ba6a7 100644
--- a/.github/workflows/update.yml
+++ b/.github/workflows/update.yml
@@ -17,9 +17,11 @@ jobs:
         with:
           extra_nix_config: |
             access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
-      # sign the commit:
-      # https://www.chainguard.dev/unchained/keyless-git-commit-signing-with-gitsign-and-github-actions
-      - uses: chainguard-dev/actions/setup-gitsign@main
+      # sign commits with a ssh key
+      # https://github.com/webfactory/ssh-agent
+      - uses: webfactory/ssh-agent@v0.8.0
+        with:
+          ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
       - name: Update flake.lock
         id: update-flake-lock
         uses: DeterminateSystems/update-flake-lock@v20
author	Franck Cuny <franck@fcuny.net>	2023-12-03 08:38:47 -0800
committer	Franck Cuny <franck@fcuny.net>	2023-12-03 08:38:47 -0800
commit	4695263698294b94ebb0c78ea0a5145cd296e852 (patch)
tree	50e58c728f3f4d38a21ac6bea9c0a55a7ebe5d0b /.github
parent	sign the commit when updating flake.lock (diff)
download	fcuny.net-4695263698294b94ebb0c78ea0a5145cd296e852.tar.gz