Merge pull request #268 from artichoke/lopopolo/gpg-ci-trust

Set GPG trust to full in CI and nightly workflows
artichoke · Sep 9, 2024 · 33b2384 · 33b2384
2 parents c7f5020 + d0446d0
commit 33b2384
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 0 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -61,6 +61,12 @@ jobs:
           gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
           passphrase: ${{ secrets.GPG_SIGNING_KEY_PASSPHRASE }}
           fingerprint: 1C4A856ACF86EC1EE841180FAF57A37CAC061452
+          # Set the GPG key to full trust (value 4) to ensure reliable signing
+          # and verification in CI. Full trust balances security and practicality
+          # in automated environments, avoiding prompts or failures that can
+          # occur with marginal trust, while not compromising security like
+          # ultimate trust.
+          trust_level: 4
 
       - name: List keys
         run: gpg -K

diff --git a/.github/workflows/nightly.yaml b/.github/workflows/nightly.yaml
@@ -220,6 +220,12 @@ jobs:
           gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
           passphrase: ${{ secrets.GPG_SIGNING_KEY_PASSPHRASE }}
           fingerprint: 1C4A856ACF86EC1EE841180FAF57A37CAC061452
+          # Set the GPG key to full trust (value 4) to ensure reliable signing
+          # and verification in CI. Full trust balances security and practicality
+          # in automated environments, avoiding prompts or failures that can
+          # occur with marginal trust, while not compromising security like
+          # ultimate trust.
+          trust_level: 4
 
       - name: List keys
         run: gpg -K
@@ -439,6 +445,12 @@ jobs:
           gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
           passphrase: ${{ secrets.GPG_SIGNING_KEY_PASSPHRASE }}
           fingerprint: 1C4A856ACF86EC1EE841180FAF57A37CAC061452
+          # Set the GPG key to full trust (value 4) to ensure reliable signing
+          # and verification in CI. Full trust balances security and practicality
+          # in automated environments, avoiding prompts or failures that can
+          # occur with marginal trust, while not compromising security like
+          # ultimate trust.
+          trust_level: 4
 
       - name: List keys
         run: gpg -K