From c08a5e8cc6955c2d0fd32ab528c7b9c65546fe40 Mon Sep 17 00:00:00 2001
From: Matthew McEachen <matthew@photostructure.com>
Date: Mon, 16 Dec 2024 22:01:49 -0800
Subject: [PATCH] use crazy-max/ghaction-import-gpg

---
 .github/workflows/build.yml | 32 +++++++++-----------------------
 1 file changed, 9 insertions(+), 23 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index eb7bd7b..30664c7 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -134,29 +134,15 @@ jobs:
         run: ls -laR ./prebuilds
 
       - name: Set up GPG
-        run: |
-          # Import key more securely
-          echo "$GPG_PRIVATE_KEY" | gpg --batch --import 2>/dev/null
-
-          # Configure gpg more securely
-          cat > ~/.gnupg/gpg.conf << EOF
-          default-key ${{ secrets.GPG_KEY_ID }}
-          pinentry-mode loopback
-          use-agent
-          EOF
-
-          # Reload agent
-          gpg-connect-agent RELOADAGENT /bye
-
-          # Add key using configuration file instead of CLI args
-          echo "$GPG_PASSPHRASE" | gpg --batch --passphrase-fd 0 --quick-add-key ${{ secrets.GPG_KEY_ID }}
-
-      - name: Configure Git to use GPG
-        run: |
-          git config --global user.signingkey ${{ secrets.GPG_KEY_ID }}
-          git config --global commit.gpgSign true
-          git config --global gpg.program gpg
-
+        uses: crazy-max/ghaction-import-gpg@v6
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.GPG_PASSPHRASE }}
+          git_config_global: true
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+          git_tag_gpgsign: true
+    
       - name: Configure git for publishing
         run: |
           git config user.name "${GITHUB_ACTOR}"