feat(gpg): git commits are signed by gpg

Author: Rastusik

Dockerfile

@@ -1,7 +1,7 @@
 ARG NODE_TAG="20-alpine3.18"
 FROM node:${NODE_TAG} as Runner
 WORKDIR /usr/src/app
-RUN apk add --no-cache bash git curl jq openssh-client gpg
+RUN apk add --no-cache bash git curl jq openssh-client gpg gpg-agent
 RUN yarn global add conventional-changelog-cli conventional-recommended-bump
 COPY release-version.sh /usr/local/bin/release-version
 RUN chmod a+x /usr/local/bin/release-version

docker-compose.yml

@@ -18,7 +18,7 @@ services:
       GH_RELEASE_DRAFT: "${GH_RELEASE_DRAFT:-true}"
       GH_RELEASE_PRERELEASE: "${GH_RELEASE_PRERELEASE:-false}"
     volumes:
-      - "~/.gnupg:/root/.gnupg:r"
+      - "~/.gnupg:/root/.gnupg_host:r"
       - "./.git:/usr/src/app/.git:rw"
       - "./CHANGELOG.md:/usr/src/app/CHANGELOG.md:rw"
       - "./release-version.sh:/usr/local/bin/release-version:rw"

release-version.sh

@@ -185,6 +185,12 @@ $(conventional-changelog | awk 'NR > 1 { print }')
 "
 
 if [ "0" = "$DRY_RUN" ]; then
+    # init and run GPG
+    mkdir -p /root/.gnupg
+    cp -R /root/.gnupg_host/* /root/.gnupg/
+    gpg-agent --verbose --daemon --log-file /tmp/gpg-agent.log --allow-preset-passphrase --default-cache-ttl=31536000
+
+    # commit changes with GPG signature
     git add CHANGELOG.md
     git commit -m "${COMMIT_MESSAGE}"
 else