diff --git a/.github/workflows/auto-cherrypick.yaml b/.github/workflows/auto-cherrypick.yaml index 4cb45bbf9e..76ea388cfc 100644 --- a/.github/workflows/auto-cherrypick.yaml +++ b/.github/workflows/auto-cherrypick.yaml @@ -30,7 +30,13 @@ jobs: with: fetch-depth: 0 - # ${{ secrets.GITHUB_TOKEN }} is forbidden to create or approve pull requests + - uses: crazy-max/ghaction-import-gpg@v5 + with: + gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.GPG_PASSPHRASE }} + git_user_signingkey: true + git_commit_gpgsign: true + - name: cherry pick env: GITHUB_TOKEN: ${{ secrets.WELAN_PAT}} @@ -108,7 +114,7 @@ jobs: echo "============ begin to cherry pick ============ " FINAL_FAILURE=false git branch - git config user.email "robot@example.com" + git config user.email "tao.yang@daocloud.io" git config user.name "robot" gh label create ${{ env.CHERRYPICK_LABEL }} || true for BRANCH in $WANT_MERGE_BRANCH_LIST ; do @@ -185,6 +191,7 @@ jobs: if [ "$UPDATE" == "true" ] ; then echo "succeeded to cherry pick to branch $BRANCH " # create a pr + git commit -s -S --amend --no-edit git push origin ${PR_BRANCH}:${PR_BRANCH} -f gh pr create --title "${PR_TITLE}" \ --assignee "${PR_AUTHOR},${{ env.DEFAULT_REVIEWER }}" \ diff --git a/.github/workflows/call-release-chart.yaml b/.github/workflows/call-release-chart.yaml index 4c3df8e970..cbcff6f3ea 100644 --- a/.github/workflows/call-release-chart.yaml +++ b/.github/workflows/call-release-chart.yaml @@ -127,6 +127,13 @@ jobs: helm repo index ./charts --url ${{ steps.get_base_url.outputs.url }}/charts mv ./charts/index.yaml ./index.yaml + - uses: crazy-max/ghaction-import-gpg@v5 + with: + gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.GPG_PASSPHRASE }} + git_user_signingkey: true + git_commit_gpgsign: true + - name: Create Pull Request uses: peter-evans/create-pull-request@v5.0.2 with: @@ -134,6 +141,7 @@ jobs: commit-message: "robot Update chart from ${{ needs.get_ref.outputs.ref }} to branch ${{ env.MERGE_BRANCH }} " branch-suffix: timestamp branch: robot/update_chart + committer: ty-dc delete-branch: true base: ${{ env.MERGE_BRANCH }} signoff: true diff --git a/.github/workflows/call-release-doc.yaml b/.github/workflows/call-release-doc.yaml index e6ab1c48f0..14264738e9 100644 --- a/.github/workflows/call-release-doc.yaml +++ b/.github/workflows/call-release-doc.yaml @@ -161,6 +161,13 @@ jobs: tar -xzvf site.tar.gz rm -f site.tar.gz + - uses: crazy-max/ghaction-import-gpg@v5 + with: + gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.GPG_PASSPHRASE }} + git_user_signingkey: true + git_commit_gpgsign: true + # Allow auto-merge on general - name: Create Pull Request id: create_pr @@ -169,6 +176,7 @@ jobs: title: "robot update website from ${{ needs.release_doc.outputs.ref }} to branch ${{ env.MERGE_BRANCH }} with tag ${{ needs.release_doc.outputs.doc_tag }}" commit-message: "robot update website from ${{ needs.release_doc.outputs.ref }} to branch ${{ env.MERGE_BRANCH }} with tag ${{ needs.release_doc.outputs.doc_tag }}" branch-suffix: timestamp + committer: ty-dc branch: robot/update_doc delete-branch: true base: ${{ env.MERGE_BRANCH }} diff --git a/.github/workflows/call-update-githubpages.yaml b/.github/workflows/call-update-githubpages.yaml index afbde33ec1..6e158819b3 100644 --- a/.github/workflows/call-update-githubpages.yaml +++ b/.github/workflows/call-update-githubpages.yaml @@ -76,6 +76,13 @@ jobs: helm repo index ./charts --url ${{ steps.get_base_url.outputs.url }}/charts mv ./charts/index.yaml ./index.yaml + - uses: crazy-max/ghaction-import-gpg@v5 + with: + gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.GPG_PASSPHRASE }} + git_user_signingkey: true + git_commit_gpgsign: true + # ========= finally, create PR # Allow auto-merge on general - name: Create Pull Request @@ -86,6 +93,7 @@ jobs: commit-message: "robot update chart and website from ${{ needs.prepare_doc.outputs.ref }} to branch ${{ env.MERGE_BRANCH }} " branch-suffix: timestamp branch: robot/update_doc + committer: ty-dc delete-branch: true base: ${{ env.MERGE_BRANCH }} signoff: true