fix: use verified release signing identity #112

Merged

jwilger merged 1 commit from fix/release-pr-signing-identity into main

2026-06-11 20:30:19 -07:00

jwilger commented

2026-06-11 20:15:57 -07:00

Owner

Summary

Configure release PR commits with the signing-key identity instead of the synthetic release-plz identity.
Add optional RELEASE_SIGNING_NAME and RELEASE_SIGNING_EMAIL variables for future overrides.
Document the optional signing identity variables.

Rationale
Run #269 proved the wrapper created a signed commit, but Forgejo still rejected it as unverified. The remaining mismatch is the commit identity used for the signature verification path. Using the identity tied to the signing key should let Forgejo verify the release PR commit.

Verification

actionlint .forgejo/workflows/release-plz.yml
sh -n .forgejo/scripts/create-release-plz-release-pr.sh .forgejo/scripts/configure-release-plz-git-signing.sh
just copyright-headers
git diff --check

Summary - Configure release PR commits with the signing-key identity instead of the synthetic release-plz identity. - Add optional RELEASE_SIGNING_NAME and RELEASE_SIGNING_EMAIL variables for future overrides. - Document the optional signing identity variables. Rationale Run #269 proved the wrapper created a signed commit, but Forgejo still rejected it as unverified. The remaining mismatch is the commit identity used for the signature verification path. Using the identity tied to the signing key should let Forgejo verify the release PR commit. Verification - actionlint .forgejo/workflows/release-plz.yml - sh -n .forgejo/scripts/create-release-plz-release-pr.sh .forgejo/scripts/configure-release-plz-git-signing.sh - just copyright-headers - git diff --check

jwilger added 1 commit

2026-06-11 20:15:57 -07:00

fix: use verified release signing identity

CI / Nix flake check (pull_request) Successful in 2m43s

Details

CI / Request auto_review semantic review (pull_request) Successful in 2s

Details

auto_review auto_review: no findings

CI / Rust CI (pull_request) Successful in 12m53s

Details

5fce921111

auto-review approved these changes

2026-06-11 20:27:02 -07:00

auto-review left a comment

Walkthrough

.forgejo/workflows/release-plz.yml:
- Added RELEASE_SIGNING_NAME and RELEASE_SIGNING_EMAIL as environment variables to allow for customizable signing identities.
- Updated the git configuration to use these variables, defaulting to a specific identity if they are not set.
README.md:
- Documented the new optional variables RELEASE_SIGNING_NAME and RELEASE_SIGNING_EMAIL, explaining their purpose and default behavior.

LLM usage and cost

Reasoning (gpt-4o) in=1407 out=227 cost=$0.010440
Cheap (gpt-4o-mini) in=425 out=45 cost=$0.000091
Estimated total USD: $0.010531 via https://api.openai.com and https://api.openai.com

This PR updates the release workflow to use a verified signing identity, addressing an issue where commits were previously rejected as unverified. The changes appear safe to merge, with optional variables added for flexibility in signing identity configuration. ## Walkthrough - **.forgejo/workflows/release-plz.yml**: - Added `RELEASE_SIGNING_NAME` and `RELEASE_SIGNING_EMAIL` as environment variables to allow for customizable signing identities. - Updated the git configuration to use these variables, defaulting to a specific identity if they are not set. - **README.md**: - Documented the new optional variables `RELEASE_SIGNING_NAME` and `RELEASE_SIGNING_EMAIL`, explaining their purpose and default behavior. ## LLM usage and cost - Reasoning (gpt-4o) in=1407 out=227 cost=$0.010440 - Cheap (gpt-4o-mini) in=425 out=45 cost=$0.000091 Estimated total USD: $0.010531 via https://api.openai.com and https://api.openai.com

jwilger merged commit 6a1fbdfb36 into main

2026-06-11 20:30:19 -07:00

jwilger referenced this pull request from a commit

2026-06-11 20:30:21 -07:00

fix: use verified release signing identity