add GPG key signing to the action

Signed-off-by: Andrew Brandt <[email protected]>

Author: andrewb1269

action.yaml

@@ -138,9 +138,37 @@ runs:
     - name: Commit values to repo-properties.yaml
       if: ${{ inputs.dry-run-enabled != 'true' }}
       shell: bash
+      env:
+        GPG_PRIVATE_KEY: ${{ secrets.GPG_KEY_CONTENTS }}
+        GPG_PASSPHRASE: ${{ secrets.GPG_KEY_PASSPHRASE }}
       run: |
-        git config user.name "${{ inputs.commit-author-name }}"
-        git config user.email "${{ inputs.commit-author-email }}"
+        # Import GPG key
+        echo "$GPG_PRIVATE_KEY" | gpg --batch --import
+
+        # Get the GPG key ID
+        KEY_ID=$(gpg --list-secret-keys --with-colons | awk -F: '/^sec/{print $5}' | head -n1)
+
+        # Trust the key (avoid interactive trust prompts)
+        echo -e "5\ny\n" | gpg --command-fd 0 --expert --edit-key "$KEY_ID" trust
+
+        # Configure Git to use this key
+        git config --global user.name "${{ inputs.commit-author-name }}"
+        git config --global user.email "${{ inputs.commit-author-email }}"
+        git config --global commit.gpgsign true
+        git config --global user.signingkey "$KEY_ID"
+        git config --global gpg.program gpg
+
+        # Prevent pinentry prompt (for passphrase-protected keys)
+        echo "allow-loopback-pinentry" >> ~/.gnupg/gpg.conf
+        echo "use-agent" >> ~/.gnupg/gpg.conf
+        echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf
+        echo RELOADAGENT | gpg-connect-agent
+        export GPG_TTY=$(tty)
+
+        # Make the commit
         git add repo-properties.yaml
-        git commit -m "chore: commit repo custom properties to properties file" || echo "Nothing to commit"
+        echo "$GPG_PASSPHRASE" | \
+          gpg --batch --yes --passphrase-fd 0 \
+          git commit -S -m "chore: commit repo custom properties to properties file" || echo "Nothing to commit"
+
         git push