From 260f12d477f8a4a0f294b539daba9baa10c4ce85 Mon Sep 17 00:00:00 2001
From: Ricardo Zanini <ricardozanini@gmail.com>
Date: Thu, 23 Oct 2025 14:55:06 -0400
Subject: [PATCH] Add guardrails to GPG keys

Signed-off-by: fjtirado <ftirados@redhat.com>
---
 .github/workflows/release.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 806f2b34..5c313af3 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -18,6 +18,7 @@ jobs:
       MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
       MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
       MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+      MAVEN_GPG_FINGERPRINT: ${{ secrets.GPG_FINGERPRINT }}
 
     steps:
       - uses: radcortez/project-metadata-action@main
@@ -43,6 +44,14 @@ jobs:
           gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
           gpg-passphrase: MAVEN_GPG_PASSPHRASE
 
+      - name: GPG sanity check
+        run: |
+          gpg --list-secret-keys --keyid-format LONG
+          echo "test" | gpg --batch --yes --pinentry-mode loopback \
+          --passphrase "$MAVEN_GPG_PASSPHRASE" \
+          --local-user "$MAVEN_GPG_FINGERPRINT" \
+          --clearsign > /dev/null
+
       - name: Configure Git author
         run: |
           git config --local user.email "action@github.com"