From c66f2c946faf9c269eba29552df137f77f9bd547 Mon Sep 17 00:00:00 2001
From: RoyalOughtness <129108030+RoyalOughtness@users.noreply.github.com>
Date: Sat, 4 Oct 2025 16:28:45 -0700
Subject: [PATCH 1/2] chore: add bot for rebasing

---
 .github/workflows/upstream-sync.yml | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/upstream-sync.yml b/.github/workflows/upstream-sync.yml
index d34c056297..6f3786520d 100644
--- a/.github/workflows/upstream-sync.yml
+++ b/.github/workflows/upstream-sync.yml
@@ -27,11 +27,18 @@ jobs:
       contents: write # Needed to modify repository contents
 
     steps:
+      - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
+        id: app-token
+        with:
+          app-id: ${{ vars.REBASE_BOT_APPID }}
+          private-key: ${{ secrets.REBASE_BOT_SECRET }}
+
       - name: Checkout repository
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: true # zizmor: ignore[artipacked]
           fetch-depth: 0
+          token: ${{ steps.app-token.outputs.token }}
 
       - name: Pull tags from upstream and rebase
         shell: bash
@@ -39,8 +46,8 @@ jobs:
           FEDORA_VERSION: 42
         run: |
           set -euxo pipefail
-          git config user.email '41898282+github-actions[bot]@users.noreply.github.com'
-          git config user.name 'github-actions[bot]'
+          git config user.email 'relinux-rebase-bot@users.noreply.github.com'
+          git config user.name 'selinux-rebase-bot'
           git remote add 'upstream' 'https://github.com/fedora-selinux/selinux-policy.git'
           git fetch --tags 'upstream'
 

From a46a95323df7e74e68addd7b95d2c9b0759f4562 Mon Sep 17 00:00:00 2001
From: RoyalOughtness <129108030+RoyalOughtness@users.noreply.github.com>
Date: Sat, 4 Oct 2025 16:55:01 -0700
Subject: [PATCH 2/2] newbotmethod

---
 .github/workflows/upstream-sync.yml | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/upstream-sync.yml b/.github/workflows/upstream-sync.yml
index 6f3786520d..d88a6ce0ff 100644
--- a/.github/workflows/upstream-sync.yml
+++ b/.github/workflows/upstream-sync.yml
@@ -27,18 +27,19 @@ jobs:
       contents: write # Needed to modify repository contents
 
     steps:
-      - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
-        id: app-token
-        with:
-          app-id: ${{ vars.REBASE_BOT_APPID }}
-          private-key: ${{ secrets.REBASE_BOT_SECRET }}
-
       - name: Checkout repository
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: true # zizmor: ignore[artipacked]
           fetch-depth: 0
-          token: ${{ steps.app-token.outputs.token }}
+
+      - name: Import GPG key
+        uses: crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec # v6.3.0
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.PASSPHRASE }}
+          git_user_signingkey: true
+          git_commit_gpgsign: true
 
       - name: Pull tags from upstream and rebase
         shell: bash
@@ -46,8 +47,8 @@ jobs:
           FEDORA_VERSION: 42
         run: |
           set -euxo pipefail
-          git config user.email 'relinux-rebase-bot@users.noreply.github.com'
-          git config user.name 'selinux-rebase-bot'
+          git config user.email '236124859+secureblue-bot@users.noreply.github.com'
+          git config user.name 'secureblue-bot'
           git remote add 'upstream' 'https://github.com/fedora-selinux/selinux-policy.git'
           git fetch --tags 'upstream'