From b86137f0b8eea9287d7ef03645c4c229c0794fbe Mon Sep 17 00:00:00 2001
From: Andrew <andrewmurray@ezscale.cloud>
Date: Mon, 16 Mar 2026 02:33:31 -0400
Subject: [PATCH] Make GPG signing optional in release workflow

Skip GPG import and pass --skip sign to GoReleaser when
GPG_PRIVATE_KEY secret is not configured. Allows releases
to proceed without signing until keys are set up.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .gitea/workflows/release.yaml | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/.gitea/workflows/release.yaml b/.gitea/workflows/release.yaml
index 2f559b3..3f0f0e8 100644
--- a/.gitea/workflows/release.yaml
+++ b/.gitea/workflows/release.yaml
@@ -18,6 +18,7 @@ jobs:
           go-version-file: go.mod
 
       - name: Import GPG key
+        if: ${{ secrets.GPG_PRIVATE_KEY != '' }}
         id: import_gpg
         uses: crazy-max/ghaction-import-gpg@v6
         with:
@@ -27,10 +28,19 @@ jobs:
       - name: Check endpoint drift
         run: go run ./scripts/check-endpoint-drift.go
 
-      - name: Run GoReleaser
+      - name: Run GoReleaser (signed)
+        if: ${{ steps.import_gpg.outputs.fingerprint != '' }}
         uses: goreleaser/goreleaser-action@v6
         with:
           args: release --clean
         env:
           GITEA_TOKEN: ${{ secrets.RELEASE_TOKEN }}
           GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
+
+      - name: Run GoReleaser (unsigned)
+        if: ${{ steps.import_gpg.outputs.fingerprint == '' }}
+        uses: goreleaser/goreleaser-action@v6
+        with:
+          args: release --clean --skip sign
+        env:
+          GITEA_TOKEN: ${{ secrets.RELEASE_TOKEN }}