use crazy-max/ghaction-import-gpg

.github/workflows/build.yml

@@ -134,29 +134,15 @@ jobs:
         run: ls -laR ./prebuilds
 
       - name: Set up GPG
-        run: |
-          # Import key more securely
-          echo "$GPG_PRIVATE_KEY" | gpg --batch --import 2>/dev/null
-
-          # Configure gpg more securely
-          cat > ~/.gnupg/gpg.conf << EOF
-          default-key ${{ secrets.GPG_KEY_ID }}
-          pinentry-mode loopback
-          use-agent
-          EOF
-
-          # Reload agent
-          gpg-connect-agent RELOADAGENT /bye
-
-          # Add key using configuration file instead of CLI args
-          echo "$GPG_PASSPHRASE" | gpg --batch --passphrase-fd 0 --quick-add-key ${{ secrets.GPG_KEY_ID }}
-
-      - name: Configure Git to use GPG
-        run: |
-          git config --global user.signingkey ${{ secrets.GPG_KEY_ID }}
-          git config --global commit.gpgSign true
-          git config --global gpg.program gpg
-
+        uses: crazy-max/ghaction-import-gpg@v6
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.GPG_PASSPHRASE }}
+          git_config_global: true
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+          git_tag_gpgsign: true
+
       - name: Configure git for publishing
         run: |
           git config user.name "${GITHUB_ACTOR}"