ci: use gpg to sign commit [skip ci]

.github/workflows/insider-linux.yml

@@ -18,6 +18,7 @@ on:
     branches: [ insider ]
     paths-ignore:
     - '**/*.md'
+    - 'upstream/*.json'
   pull_request:
     branches: [ insider ]
     paths-ignore:

.github/workflows/insider-macos.yml

@@ -18,6 +18,7 @@ on:
     branches: [ insider ]
     paths-ignore:
     - '**/*.md'
+    - 'upstream/*.json'
   pull_request:
     branches: [ insider ]
     paths-ignore:

.github/workflows/insider-spearhead.yml

@@ -56,19 +56,28 @@ jobs:
         run: ./build.sh
         if: env.SHOULD_BUILD == 'yes'
 
+      - name: Import GPG key
+        uses: crazy-max/ghaction-import-gpg@v6
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.GPG_PASSPHRASE }}
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+        if: env.SHOULD_BUILD == 'yes' && github.event.inputs.dont_update != 'true'
+
       - name: Update upstream version
         run: ./update_upstream.sh
         if: env.SHOULD_BUILD == 'yes' && github.event.inputs.dont_update != 'true'
 
-      - name: Commit changes
-        uses: iarekylew00t/verified-bot-commit@v1
-        with:
-          ref: ${{ env.COMMIT_REF }}
-          message: ${{ env.COMMIT_MESSAGE }}
-          token: ${{ secrets.STRONGER_GITHUB_TOKEN }}
-          files: |
-            upstream/*.json
-        if: env.SHOULD_BUILD == 'yes' && env.SHOULD_COMMIT == 'yes'
+      # - name: Commit changes
+      #   uses: iarekylew00t/verified-bot-commit@v1
+      #   with:
+      #     ref: ${{ env.COMMIT_REF }}
+      #     message: ${{ env.COMMIT_MESSAGE }}
+      #     token: ${{ secrets.STRONGER_GITHUB_TOKEN }}
+      #     files: |
+      #       upstream/*.json
+      #   if: env.SHOULD_BUILD == 'yes' && env.SHOULD_COMMIT == 'yes'
 
       - name: Prepare source
         run: ./prepare_src.sh

.github/workflows/insider-windows.yml

@@ -18,6 +18,7 @@ on:
     branches: [ insider ]
     paths-ignore:
     - '**/*.md'
+    - 'upstream/*.json'
   pull_request:
     branches: [ insider ]
     paths-ignore:

.github/workflows/stable-linux.yml

@@ -18,6 +18,7 @@ on:
     branches: [ master ]
     paths-ignore:
     - '**/*.md'
+    - 'upstream/*.json'
   pull_request:
     branches: [ master ]
     paths-ignore:

.github/workflows/stable-macos.yml

@@ -18,6 +18,7 @@ on:
     branches: [ master ]
     paths-ignore:
     - '**/*.md'
+    - 'upstream/*.json'
   pull_request:
     branches: [ master ]
     paths-ignore:

.github/workflows/stable-windows.yml

@@ -18,6 +18,7 @@ on:
     branches: [ master ]
     paths-ignore:
     - '**/*.md'
+    - 'upstream/*.json'
   pull_request:
     branches: [ master ]
     paths-ignore:

update_upstream.sh

@@ -16,12 +16,20 @@ git add .
 CHANGES=$( git status --porcelain )
 
 if [[ -n "${CHANGES}" ]]; then
-  COMMIT_MESSAGE="build(${VSCODE_QUALITY}): update to commit ${MS_COMMIT:0:7}"
-  COMMIT_REF=$( git rev-parse --abbrev-ref HEAD )
+  # COMMIT_MESSAGE="build(${VSCODE_QUALITY}): update to commit ${MS_COMMIT:0:7}"
+  # COMMIT_REF=$( git rev-parse --abbrev-ref HEAD )
 
-  if [[ "${GITHUB_ENV}" ]]; then
-    echo "SHOULD_COMMIT=yes" >> "${GITHUB_ENV}"
-    echo "COMMIT_MESSAGE=${COMMIT_MESSAGE}" >> "${GITHUB_ENV}"
-    echo "COMMIT_REF=${COMMIT_REF}" >> "${GITHUB_ENV}"
+  # if [[ "${GITHUB_ENV}" ]]; then
+  #   echo "SHOULD_COMMIT=yes" >> "${GITHUB_ENV}"
+  #   echo "COMMIT_MESSAGE=${COMMIT_MESSAGE}" >> "${GITHUB_ENV}"
+  #   echo "COMMIT_REF=${COMMIT_REF}" >> "${GITHUB_ENV}"
+  # fi
+  git commit -S -m "build(${VSCODE_QUALITY}): update to commit ${MS_COMMIT:0:7}"
+
+  BRANCH_NAME=$( git rev-parse --abbrev-ref HEAD )
+
+  if ! git push origin "${BRANCH_NAME}" --quiet; then
+    git pull origin "${BRANCH_NAME}"
+    git push origin "${BRANCH_NAME}" --quiet
   fi
 fi