From 632bf6967bf2d99bd86adc4d1f9e6a186ac0b21b Mon Sep 17 00:00:00 2001
From: Benjamin DeMann <benjamin.demann@gmail.com>
Date: Mon, 14 Oct 2024 16:20:15 -0600
Subject: [PATCH] add secrets

---
 .github/workflows/release.yml          |  3 +++
 .github/workflows/release_parallel.yml | 18 ++++++++++++------
 2 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 7e9f4eb82e..ebf92c11e3 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -135,3 +135,6 @@ jobs:
             - get-test-infos
 
         uses: ./.github/workflows/release_parallel.yml
+        secrets:
+            GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }} # All commits must be verified
+            GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/release_parallel.yml b/.github/workflows/release_parallel.yml
index 782584f4df..cd614427be 100644
--- a/.github/workflows/release_parallel.yml
+++ b/.github/workflows/release_parallel.yml
@@ -1,6 +1,11 @@
 name: Parallel Release
 on:
     workflow_call:
+        secrets:
+            GPG_SIGNING_KEY:
+                required: true
+            GH_TOKEN:
+                required: true
 
 jobs:
     prepare-release:
@@ -63,6 +68,7 @@ jobs:
             #       git add --all
             #       git commit -m "Prepare release ${{ steps.get-version.outputs.release-version }}"
             #       git push origin "${{ github.event.pull_request.head.ref || github.ref_name }}"
+
             # TODO we should use some Action-specific bot account
             - name: Configure git for publishing release
               run: |
@@ -71,12 +77,12 @@ jobs:
                   git config --global user.email 'jordan.michael.last@gmail.com'
                   git config --global commit.gpgsign true
                   echo "GPG_SIGNING_KEY length: ${#GPG_SIGNING_KEY}"
-              #   echo -n "$GPG_SIGNING_KEY" | base64 --decode | gpg --import
-              #   if [ $? -ne 0 ]; then
-              #     echo "GPG key import failed"
-              #     exit 1
-              #   fi
-              #   git config --global user.signingkey C8B77BCBE16CD2B94B43F9C8757397B82D4ED7B0
+                  echo -n "$GPG_SIGNING_KEY" | base64 --decode | gpg --import
+                  if [ $? -ne 0 ]; then
+                    echo "GPG key import failed"
+                    exit 1
+                  fi
+                  git config --global user.signingkey C8B77BCBE16CD2B94B43F9C8757397B82D4ED7B0
 
             - name: Update version and build templates
               run: |