# [Action] Signed Commits

This GitHub Action sets up GPG and Git configuration for repositories, enabling signed commits.

## Features

- Imports a GPG key and configures it for commit signing
- Sets global Git configurations for `user.name`, `user.email`, and GPG signing key

## Usage

### Step 1: Add the Action to Your Workflow

To use this action in a repository, include it as a step in your workflow YAML file, specifying the required secrets:

```yaml
jobs:
  setup-gpg-git:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Configure GPG and Git for Signed Commits
        uses: https://git.kasper.onl/automations/verified-commit@v0.0.1
        with:
          GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }}
          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
          GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }}
          GIT_USERNAME: "Jane Doe"
          GIT_EMAIL: "jane.doe@example.com"
```

### Step 2: Add Required Secrets

For this action to work, you'll need to add the following secrets to your GitHub repository:

1. **GPG_SIGNING_KEY**: Your GPG signing key, base64-encoded.
2. **GPG_PASSPHRASE**: The passphrase associated with your GPG key.
3. **GPG_KEY_ID**: The ID of the GPG key used for signing
4. **GIT_USERNAME**: The username for the Git Config
5. **GIT_EMAIL**: The E-Mail for the Git Config