From 054d1483bb19e8415745033853ae0fa6943f01d9 Mon Sep 17 00:00:00 2001
From: Steve Myers <steve@notmandatory.org>
Date: Tue, 27 Aug 2024 23:07:48 -0500
Subject: [PATCH 1/2] ci: add token for cron-update-rust.yml

---
 .github/workflows/cron-update-rust.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/cron-update-rust.yml b/.github/workflows/cron-update-rust.yml
index 3801f78a8..918bea07e 100644
--- a/.github/workflows/cron-update-rust.yml
+++ b/.github/workflows/cron-update-rust.yml
@@ -10,6 +10,11 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - uses: dtolnay/rust-toolchain@stable
+      - uses: tibdex/github-app-token@v1
+        id: generate-token
+        with:
+          app_id: ${{ secrets.APP_ID }}
+          private_key: ${{ secrets.APP_PRIVATE_KEY }}
       - name: Update rust-version to use latest stable
         run: |
           set -x
@@ -30,7 +35,7 @@ jobs:
         if: env.changes_made == 'true'
         uses: peter-evans/create-pull-request@v6
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+          token: ${{ steps.generate-token.outputs.token }}
           author: Update Rustc Bot <bot@example.com>
           committer: Update Rustc Bot <bot@example.com>
           branch: create-pull-request/update-rust-version

From b140b32648241884e0e5e222fd7a0fc4e05908f1 Mon Sep 17 00:00:00 2001
From: Steve Myers <steve@notmandatory.org>
Date: Tue, 27 Aug 2024 23:54:01 -0500
Subject: [PATCH 2/2] ci: gpg commit signing for cron-update-rust.yml

---
 .github/workflows/cron-update-rust.yml | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/cron-update-rust.yml b/.github/workflows/cron-update-rust.yml
index 918bea07e..5741aa6b8 100644
--- a/.github/workflows/cron-update-rust.yml
+++ b/.github/workflows/cron-update-rust.yml
@@ -15,6 +15,11 @@ jobs:
         with:
           app_id: ${{ secrets.APP_ID }}
           private_key: ${{ secrets.APP_PRIVATE_KEY }}
+      - uses: crazy-max/ghaction-import-gpg@v5
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          git_user_signingkey: true
+          git_commit_gpgsign: true
       - name: Update rust-version to use latest stable
         run: |
           set -x
@@ -36,8 +41,8 @@ jobs:
         uses: peter-evans/create-pull-request@v6
         with:
           token: ${{ steps.generate-token.outputs.token }}
-          author: Update Rustc Bot <bot@example.com>
-          committer: Update Rustc Bot <bot@example.com>
+          author: Github Action <github@bitcoindevkit.org>
+          committer: Github Action <github@bitcoindevkit.org>
           branch: create-pull-request/update-rust-version
           title: |
             ci: automated update to rustc ${{ env.rust_version }}