fix: use release-plz bot signing identity #113

Merged

jwilger merged 1 commit from fix/release-plz-bot-signing-identity into main 2026-06-11 21:08:32 -07:00

Conversation 2 Commits 1 Files changed 2 +4 -3

jwilger commented 2026-06-11 20:57:09 -07:00

Owner

Copy link

Summary

• Default release PR commits to release-plz-bot as the author/committer identity.
• Keep RELEASE_SIGNING_NAME and RELEASE_SIGNING_EMAIL available as overrides.
• Document that the signing key belongs to release-plz-bot.

Rationale
The RELEASE_SIGNING_KEY belongs to the release-plz-bot Forgejo account. The previous default identity used John Wilger, so Forgejo still rejected the signed release PR commit as unverified. Aligning the commit identity with the signing-key owner should satisfy branch protection.

Verification

• actionlint .forgejo/workflows/release-plz.yml
• sh -n .forgejo/scripts/create-release-plz-release-pr.sh .forgejo/scripts/configure-release-plz-git-signing.sh
• just copyright-headers
• git diff --check

Summary - Default release PR commits to release-plz-bot as the author/committer identity. - Keep RELEASE_SIGNING_NAME and RELEASE_SIGNING_EMAIL available as overrides. - Document that the signing key belongs to release-plz-bot. Rationale The RELEASE_SIGNING_KEY belongs to the release-plz-bot Forgejo account. The previous default identity used John Wilger, so Forgejo still rejected the signed release PR commit as unverified. Aligning the commit identity with the signing-key owner should satisfy branch protection. Verification - actionlint .forgejo/workflows/release-plz.yml - sh -n .forgejo/scripts/create-release-plz-release-pr.sh .forgejo/scripts/configure-release-plz-git-signing.sh - just copyright-headers - git diff --check

jwilger added 1 commit 2026-06-11 20:57:09 -07:00

fix: use release-plz bot signing identity b5dfe91c80

auto-review approved these changes 2026-06-11 20:59:38 -07:00

auto-review left a comment

Copy link

This PR updates the release workflow to use the release-plz-bot identity for signing commits, aligning the commit identity with the signing key owner. This change should resolve issues with unverified commits due to mismatched identities.

Walkthrough

• .forgejo/workflows/release-plz.yml:
  • Updated the default git user name and email to release-plz-bot to match the signing key owner, ensuring that commits are verified correctly.
• README.md:
  • Documented the default identity for release PR commits as release-plz-bot, clarifying the relationship between the signing key and the commit identity.

LLM usage and cost

• Reasoning (gpt-4o) in=1306 out=205 cost=$0.009605
• Cheap (gpt-4o-mini) in=1190 out=100 cost=$0.000238
  Estimated total USD: $0.009844 via https://api.openai.com and https://api.openai.com

This PR updates the release workflow to use the release-plz-bot identity for signing commits, aligning the commit identity with the signing key owner. This change should resolve issues with unverified commits due to mismatched identities. ## Walkthrough - **.forgejo/workflows/release-plz.yml**: - Updated the default git user name and email to `release-plz-bot` to match the signing key owner, ensuring that commits are verified correctly. - **README.md**: - Documented the default identity for release PR commits as `release-plz-bot`, clarifying the relationship between the signing key and the commit identity. ## LLM usage and cost - Reasoning (gpt-4o) in=1306 out=205 cost=$0.009605 - Cheap (gpt-4o-mini) in=1190 out=100 cost=$0.000238 Estimated total USD: $0.009844 via https://api.openai.com and https://api.openai.com

.forgejo/workflows/release-plz.yml

auto-review commented 2026-06-11 20:59:38 -07:00

Owner

Copy link

🟡 Warning: Ensure that the email domain noreply.git.johnwilger.com is correctly configured to avoid potential issues with email verification or delivery.

🟡 **Warning:** Ensure that the email domain `noreply.git.johnwilger.com` is correctly configured to avoid potential issues with email verification or delivery.

jwilger commented 2026-06-11 21:01:14 -07:00

Author

Owner

Copy link

Handled auto_review warning on noreply.git.johnwilger.com: the release commit email now matches the Forgejo account email returned by /users/release-plz-bot, release-plz-bot@noreply.git.johnwilger.com. This is used for Forgejo commit verification, not external email delivery.

Handled auto_review warning on noreply.git.johnwilger.com: the release commit email now matches the Forgejo account email returned by /users/release-plz-bot, release-plz-bot@noreply.git.johnwilger.com. This is used for Forgejo commit verification, not external email delivery.

jwilger merged commit a7fd970d9f into main 2026-06-11 21:08:32 -07:00

jwilger referenced this pull request from a commit 2026-06-11 21:08:34 -07:00

fix: use release-plz bot signing identity

Sign in to join this conversation.

Reviewers

No reviewers

auto-review

Labels

Clear labels

  

bug

Something is not working

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

help wanted

Need some help

  

invalid

Something is wrong

  

question

More information is needed

  

wontfix

This won't be fixed

No labels

bug

duplicate

enhancement

help wanted

invalid

question

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

2 participants

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

Slipstream/emc!113

No description provided.