diff --git a/.github/workflows/megalinter.yml b/.github/workflows/megalinter.yml index 479f0349..b442ec45 100644 --- a/.github/workflows/megalinter.yml +++ b/.github/workflows/megalinter.yml @@ -36,6 +36,15 @@ jobs: token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} fetch-depth: 0 + - name: "Import GPG key" + id: import-gpg + uses: crazy-max/ghaction-import-gpg@v6 + with: + gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.GPG_PRIVATE_KEY_PASSPHRASE }} + git_user_signingkey: true + git_commit_gpgsign: true + # MegaLinter - name: MegaLinter id: ml @@ -74,14 +83,16 @@ jobs: - name: Prepare commit if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) run: sudo chown -Rc $UID .git/ + - name: Commit and push applied linter fixes if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) uses: stefanzweifel/git-auto-commit-action@8621497c8c39c72f3e2a999a26b4ca1b5058a842 # pin@v5 with: branch: ${{ github.event.pull_request.head.ref || github.head_ref || github.ref }} commit_message: "[MegaLinter] Apply linters fixes" - commit_user_name: megalinter-bot - commit_user_email: nicolas.vuillamy@ox.security + commit_author: "${{ steps.import-gpg.outputs.name }} <${{ steps.import-gpg.outputs.email }}>" + commit_user_name: ${{ steps.import-gpg.outputs.name }} + commit_user_email: ${{ steps.import-gpg.outputs.email }} - name: Check to see if the SARIF a was generated id: sarif_file_exists