Import the GPG key after generating the new content.

provenance-io · Jul 29, 2024 · 0f56206 · 0f56206
1 parent 800eb34
commit 0f56206
Showing 1 changed file with 11 additions and 11 deletions.
diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml
@@ -23,17 +23,6 @@ jobs:
           # See https://github.com/stefanzweifel/git-auto-commit-action#commits-made-by-this-action-do-not-trigger-new-workflow-runs
           token: ${{ secrets.BOT_CPR_PAT }}
 
-      # All commits must be signed, import key and sign commit of updated change log.
-      - name: Import GPG key
-        id: import_gpg
-        uses: crazy-max/ghaction-import-gpg@v6
-        with:
-          # Use a key associated with the provenanceio-bot github account.
-          gpg_private_key: ${{ secrets.BOT_GPG_PRIVATE_KEY }}
-          passphrase: ${{ secrets.BOT_GPG_PRIVATE_KEY_PW }}
-          git_user_signingkey: true
-          git_commit_gpgsign: true
-
       - name: Generate entry
         env:
           # Getting the title directly in the run script opens an injection vulnerability.
@@ -51,6 +40,17 @@ jobs:
             --head-branch "$GITHUB_HEAD_REF" \
             --target-branch "$GITHUB_BASE_REF"
 
+      # All commits must be signed, import key and sign commit of updated change log.
+      - name: Import GPG key
+        id: import_gpg
+        uses: crazy-max/ghaction-import-gpg@v6
+        with:
+          # Use a key associated with the provenanceio-bot github account.
+          gpg_private_key: ${{ secrets.BOT_GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.BOT_GPG_PRIVATE_KEY_PW }}
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+
       # This step is required for committing the changes to your branch.
       # See https://github.com/stefanzweifel/git-auto-commit-action#commits-made-by-this-action-do-not-trigger-new-workflow-runs
       - uses: stefanzweifel/git-auto-commit-action@v5