From 8649ca1e8392dc7cbd3e7da6cac0114e67e6cc56 Mon Sep 17 00:00:00 2001
From: rug <rmfgoncalves@gmail.com>
Date: Fri, 21 Feb 2025 16:48:19 +0100
Subject: [PATCH] Fix access to secrets

---
 .github/os-git-actions/setup-gpg/action.yml     | 14 ++++++++++++--
 .github/os-git-actions/signed-commit/action.yml | 11 +++++++++++
 .github/workflows/PreRelease.yml                |  2 ++
 3 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/.github/os-git-actions/setup-gpg/action.yml b/.github/os-git-actions/setup-gpg/action.yml
index ca8bd97b2c..ef21470e18 100644
--- a/.github/os-git-actions/setup-gpg/action.yml
+++ b/.github/os-git-actions/setup-gpg/action.yml
@@ -1,13 +1,23 @@
 name: 'setup-gpg'
 description: 'Prepare to get following commits signed'
 
+inputs:
+    gpgPriv:
+        description: 'GPG Private key'
+        required: true
+        default: ''
+    gpgPassPhrase:
+        description: 'GPG passphrase'
+        required: false
+        default: '""'
+
 runs:
     using: composite
     steps:
         - name: Import and load GPG key
           uses: crazy-max/ghaction-import-gpg@v6
           with:
-              gpg_private_key: ${{ secrets.GPG_SIGN_KEY }}
-              passphrase: ${{ secrets.GPG_PASSPHRASE }}
+              gpg_private_key: ${{ inputs.gpgPriv }}
+              passphrase: ${{ inputs.gpgPassPhrase }}
               git_user_signingkey: true
               git_commit_gpgsign: true
diff --git a/.github/os-git-actions/signed-commit/action.yml b/.github/os-git-actions/signed-commit/action.yml
index 6dfad31142..f200b112d8 100644
--- a/.github/os-git-actions/signed-commit/action.yml
+++ b/.github/os-git-actions/signed-commit/action.yml
@@ -13,12 +13,23 @@ inputs:
         description: 'Defines if a `git add.` should be made or not.'
         required: false
         default: false
+    gpgPriv:
+        description: 'GPG Private key'
+        required: true
+        default: ''
+    gpgPassPhrase:
+        description: 'GPG passphrase'
+        required: false
+        default: '""'
 
 runs:
     using: composite
     steps:
         - name: Setup GPG to sign commits
           uses: ./.github/os-git-actions/setup-gpg/
+          with:
+              gpgPriv: ${{ inputs.gpgPriv }}
+              gpgPassPhrase: ${{ inputs.gpgPassPhrase }}
 
         - name: Perform git commit
           uses: ./.github/os-git-actions/manual-commit/
diff --git a/.github/workflows/PreRelease.yml b/.github/workflows/PreRelease.yml
index 46e6dcba34..516514ab8c 100644
--- a/.github/workflows/PreRelease.yml
+++ b/.github/workflows/PreRelease.yml
@@ -119,3 +119,5 @@ jobs:
                   branch: dev
                   message: 'Updated into v${{ inputs.new-dev-release }} [skip ci]'
                   newFiles: true
+                  gpgPriv: ${{ secrets.GPG_SIGN_KEY }}
+                  gpgPassPhrase: ${{ secrets.GPG_PASSPHRASE }}