From ca143cc54fa7b905350ac1b101b60a9e172c8e39 Mon Sep 17 00:00:00 2001
From: oSumAtrIX <johan.melkonyan1@web.de>
Date: Mon, 13 Jan 2025 19:39:14 +0100
Subject: [PATCH 1/4] docs: Fix mistake in setup docs

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 8158173521..16f727fea0 100644
--- a/README.md
+++ b/README.md
@@ -83,7 +83,7 @@ and the [About](patches/build.gradle.kts#L5-L11))
 4. [Create a pass-phrased GPG master key and subkey](https://mikeross.xyz/create-gpg-key-pair-with-subkeys/)
    1. Add the private key as a secret named [GPG_PRIVATE_KEY](.github/workflows/release.yml#L52) to your repository
    2. Add the passphrase as a secret named [GPG_PASSPHRASE](.github/workflows/release.yml#L53) to your repository
-   3. Add the fingerprint of the GPG subkey as a secret named [GPG_FINGERPRINT](.github/workflows/release.yml#L54) to your repository
+   3. Add the fingerprint of the GPG subkey as a variable named [GPG_FINGERPRINT](.github/workflows/release.yml#L54) to your repository
 5. Set up the [README.md](README.md) file[^1] (e.g, title, description, license, summary of the patches
 that are included in the repository), the [issue templates](.github/ISSUE_TEMPLATE)[^2]  and the [contribution guidelines](CONTRIBUTING.md)[^3]
 

From 57b63f791304aa3f8131b7954f61c8415aba8ca3 Mon Sep 17 00:00:00 2001
From: Pun Butrach <pun.butrach@gmail.com>
Date: Tue, 27 May 2025 20:33:11 +0700
Subject: [PATCH 2/4] ci: Attest release artifacts (#3462)

---
 .github/workflows/build_pull_request.yml |  4 ++--
 .github/workflows/release.yml            | 23 +++++++++++++++--------
 .releaserc                               |  8 ++++----
 3 files changed, 21 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/build_pull_request.yml b/.github/workflows/build_pull_request.yml
index 536b6614a7..c6bc0e0b84 100644
--- a/.github/workflows/build_pull_request.yml
+++ b/.github/workflows/build_pull_request.yml
@@ -19,8 +19,8 @@ jobs:
       - name: Setup Java
         uses: actions/setup-java@v4
         with:
-          distribution: "temurin"
-          java-version: "17"
+          distribution: 'temurin'
+          java-version: '17'
 
       - name: Cache Gradle
         uses: burrunan/gradle-cache-action@v2
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 83c1a310ff..2ebe879db3 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -13,24 +13,23 @@ jobs:
     permissions:
       contents: write
       packages: write
+      id-token: write
+      attestations: write
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v4
         with:
-          # Make sure the release step uses its own credentials:
-          # https://github.com/cycjimmy/semantic-release-action#private-packages
-          persist-credentials: false
           fetch-depth: 0
 
       - name: Setup Java
         uses: actions/setup-java@v4
         with:
-          distribution: "temurin"
-          java-version: "17"
+          distribution: 'temurin'
+          java-version: '17'
 
       - name: Cache Gradle
-        uses: burrunan/gradle-cache-action@v2
+        uses: burrunan/gradle-cache-action@v3
 
       - name: Build
         env:
@@ -40,7 +39,7 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: "lts/*"
+          node-version: 'lts/*'
           cache: 'npm'
 
       - name: Install dependencies
@@ -54,6 +53,14 @@ jobs:
           fingerprint: ${{ vars.GPG_FINGERPRINT }}
 
       - name: Release
+        uses: cycjimmy/semantic-release-action@v4
+        id: release
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: npm exec semantic-release
+
+      - name: Attest
+        if: steps.release.outputs.new_release_published == 'true'
+        uses: actions/attest-build-provenance@v2
+        with:
+          subject-name: 'Patches ${{ steps.release.outputs.new_release_git_tag }}'
+          subject-path: patches/build/libs/patches-*.rvp
diff --git a/.releaserc b/.releaserc
index 19eb00e819..5c242908b4 100644
--- a/.releaserc
+++ b/.releaserc
@@ -23,7 +23,7 @@
         "assets": [
           "README.md",
           "CHANGELOG.md",
-          "gradle.properties",
+          "gradle.properties"
         ],
         "message": "chore: Release v${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
       }
@@ -36,14 +36,14 @@
             "path": "patches/build/libs/patches-!(*sources*|*javadoc*).rvp?(.asc)"
           }
         ],
-        successComment: false
+        "successComment": false
       }
     ],
     [
       "@saithodev/semantic-release-backmerge",
       {
-        backmergeBranches: [{"from": "main", "to": "dev"}],
-        clearWorkspace: true
+        "backmergeBranches": [{"from": "main", "to": "dev"}],
+        "clearWorkspace": true
       }
     ]
   ]

From 65fbf9777ce927bf9fcaa447368904fb0721d41d Mon Sep 17 00:00:00 2001
From: Pun Butrach <pun.butrach@gmail.com>
Date: Tue, 8 Jul 2025 23:10:52 +0700
Subject: [PATCH 3/4] ci: Use default fetch-depth of 1 for checkout step
 (#3466)

---
 .github/workflows/build_pull_request.yml | 2 --
 .github/workflows/release.yml            | 2 --
 2 files changed, 4 deletions(-)

diff --git a/.github/workflows/build_pull_request.yml b/.github/workflows/build_pull_request.yml
index c6bc0e0b84..492c28ec25 100644
--- a/.github/workflows/build_pull_request.yml
+++ b/.github/workflows/build_pull_request.yml
@@ -13,8 +13,6 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
 
       - name: Setup Java
         uses: actions/setup-java@v4
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 2ebe879db3..19e6e85c97 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -19,8 +19,6 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
 
       - name: Setup Java
         uses: actions/setup-java@v4

From e066de39f37bb0641859b7784eea571857cf4798 Mon Sep 17 00:00:00 2001
From: brosssh <44944126+brosssh@users.noreply.github.com>
Date: Mon, 27 Oct 2025 18:04:40 +0100
Subject: [PATCH 4/4] docs: Correct GPG setup instructions (#3464)

Co-authored-by: oSumAtrIX <johan.melkonyan1@web.de>
---
 README.md | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 16f727fea0..ae418d8506 100644
--- a/README.md
+++ b/README.md
@@ -81,10 +81,12 @@ To start using this template, follow these steps:
 and the [About](patches/build.gradle.kts#L5-L11))
 3. Update dependencies in the [libs.versions.toml](gradle/libs.versions.toml) file
 4. [Create a pass-phrased GPG master key and subkey](https://mikeross.xyz/create-gpg-key-pair-with-subkeys/)
-   1. Add the private key as a secret named [GPG_PRIVATE_KEY](.github/workflows/release.yml#L52) to your repository
-   2. Add the passphrase as a secret named [GPG_PASSPHRASE](.github/workflows/release.yml#L53) to your repository
-   3. Add the fingerprint of the GPG subkey as a variable named [GPG_FINGERPRINT](.github/workflows/release.yml#L54) to your repository
-5. Set up the [README.md](README.md) file[^1] (e.g, title, description, license, summary of the patches
+5. Add the following GitHub secrets:
+   1. [GPG_PRIVATE_KEY](.github/workflows/release.yml#L52): The ASCII-armored GPG key
+   2. [GPG_PASSPHRASE](.github/workflows/release.yml#L53): The passphrase for the GPG key
+6. Add the following GitHub variables:
+   1. [GPG_FINGERPRINT](.github/workflows/release.yml#L54): The fingerprint of the GPG key
+7. Set up the [README.md](README.md) file[^1] (e.g, title, description, license, summary of the patches
 that are included in the repository), the [issue templates](.github/ISSUE_TEMPLATE)[^2]  and the [contribution guidelines](CONTRIBUTING.md)[^3]
 
 🎉 You are now ready to start creating patches!