From 5edb9393ec6f279328eca4d12f013898350bcc42 Mon Sep 17 00:00:00 2001
From: RoyalOughtness <129108030+RoyalOughtness@users.noreply.github.com>
Date: Mon, 6 Oct 2025 09:16:32 -0700
Subject: [PATCH] fix(build) ensure signingkey is defined for all repos

---
 .github/workflows/upstream-sync.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/upstream-sync.yml b/.github/workflows/upstream-sync.yml
index d88a6ce0ff..080014f49f 100644
--- a/.github/workflows/upstream-sync.yml
+++ b/.github/workflows/upstream-sync.yml
@@ -40,6 +40,7 @@ jobs:
           passphrase: ${{ secrets.PASSPHRASE }}
           git_user_signingkey: true
           git_commit_gpgsign: true
+          git_push_gpgsign: true
 
       - name: Pull tags from upstream and rebase
         shell: bash
@@ -49,6 +50,10 @@ jobs:
           set -euxo pipefail
           git config user.email '236124859+secureblue-bot@users.noreply.github.com'
           git config user.name 'secureblue-bot'
+          git config --global user.signingkey E216FE5D67C3E057
+          git config --global commit.gpgsign true
+          git config --global tag.gpgSign true
+
           git remote add 'upstream' 'https://github.com/fedora-selinux/selinux-policy.git'
           git fetch --tags 'upstream'