From 58c333a842ad504950eb16e8fa2db270f5b6f2a4 Mon Sep 17 00:00:00 2001
From: Jonathan Remy <jremy@scaleway.com>
Date: Fri, 17 Oct 2025 05:56:41 +0200
Subject: [PATCH 1/2] chore: configure lerna to sign commits and tags with GPG

---
 .github/workflows/deploy-package.yml | 11 +++++++++++
 lerna.json                           |  4 +++-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/deploy-package.yml b/.github/workflows/deploy-package.yml
index c0e5a6ea8..fc7817e13 100644
--- a/.github/workflows/deploy-package.yml
+++ b/.github/workflows/deploy-package.yml
@@ -20,6 +20,17 @@ jobs:
           persist-credentials: false
           token: ${{ secrets.GH_TOKEN }}
       - run: git fetch --depth=1 origin +refs/tags/*:refs/tags/*
+
+      - name: Import GPG key
+        run: |
+          echo "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --batch --import
+          GPG_KEY_ID=$(gpg --list-secret-keys --keyid-format=long | grep sec | head -n1 | awk '{print $2}' | cut -d'/' -f2)
+          git config --global user.signingkey "$GPG_KEY_ID"
+          git config --global commit.gpgsign true
+          git config --global tag.gpgsign true
+        env:
+          GPG_TTY: $(tty)
+
       - name: Git Identity
         run: |
           git config --global user.name 'scaleway-bot'
diff --git a/lerna.json b/lerna.json
index 602b5455e..e5ad23a65 100644
--- a/lerna.json
+++ b/lerna.json
@@ -7,7 +7,9 @@
       "conventionalCommits": true,
       "message": "chore(release): publish",
       "createRelease": "github",
-      "loglevel": "verbose"
+      "loglevel": "verbose",
+      "signGitCommit": true,
+      "signGitTag": true
     }
   },
   "$schema": "node_modules/lerna/schemas/lerna-schema.json"

From 672b13106f7d2ceb600175753b1c00b9d7c74524 Mon Sep 17 00:00:00 2001
From: Jonathan Remy <jremy@scaleway.com>
Date: Fri, 17 Oct 2025 06:21:47 +0200
Subject: [PATCH 2/2] chore: use SSH signing instead of GPG for lerna commits

---
 .github/workflows/deploy-package.yml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/deploy-package.yml b/.github/workflows/deploy-package.yml
index fc7817e13..c89a0c641 100644
--- a/.github/workflows/deploy-package.yml
+++ b/.github/workflows/deploy-package.yml
@@ -21,15 +21,15 @@ jobs:
           token: ${{ secrets.GH_TOKEN }}
       - run: git fetch --depth=1 origin +refs/tags/*:refs/tags/*
 
-      - name: Import GPG key
+      - name: Configure SSH signing
         run: |
-          echo "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --batch --import
-          GPG_KEY_ID=$(gpg --list-secret-keys --keyid-format=long | grep sec | head -n1 | awk '{print $2}' | cut -d'/' -f2)
-          git config --global user.signingkey "$GPG_KEY_ID"
+          mkdir -p ~/.ssh
+          echo "${{ secrets.SSH_SIGNING_PRIVATE_KEY }}" > ~/.ssh/signing_key
+          chmod 600 ~/.ssh/signing_key
+          git config --global gpg.format ssh
+          git config --global user.signingkey ~/.ssh/signing_key
           git config --global commit.gpgsign true
           git config --global tag.gpgsign true
-        env:
-          GPG_TTY: $(tty)
 
       - name: Git Identity
         run: |