From d402d23f795520481b920acd1a4257d261a41d14 Mon Sep 17 00:00:00 2001
From: Vince Grassia <593223+vgrassia@users.noreply.github.com>
Date: Tue, 26 Mar 2024 19:02:15 +0000
Subject: [PATCH] Update update-version workflow (#236)

---
 .github/workflows/update-versions.yml | 33 +++++++++++++++++++++++----
 1 file changed, 28 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/update-versions.yml b/.github/workflows/update-versions.yml
index 0f7891c..dae10e7 100644
--- a/.github/workflows/update-versions.yml
+++ b/.github/workflows/update-versions.yml
@@ -3,7 +3,6 @@ name: Update Versions
 
 on:
   workflow_dispatch:
-    inputs: {}
 
 jobs:
   setup:
@@ -100,6 +99,33 @@ jobs:
     runs-on: ubuntu-22.04
     needs: setup
     steps:
+      - name: Log in to Azure - CI subscription
+        uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
+        with:
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+
+      - name: Retrieve secrets
+        id: retrieve-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: "bitwarden-ci"
+          secrets: "github-gpg-private-key,
+            github-gpg-private-key-passphrase,
+            github-pat-bitwarden-devops-bot-repo-scope"
+
+      - name: Import GPG key
+        uses: crazy-max/ghaction-import-gpg@82a020f1f7f605c65dd2449b392a52c3fcfef7ef # v6.0.0
+        with:
+          gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }}
+          passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+
+      - name: Set up Git
+        run: |
+          git config --local user.email "106330231+bitwarden-devops-bot@users.noreply.github.com"
+          git config --local user.name "bitwarden-devops-bot"
+
       - name: Checkout Branch
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
@@ -138,10 +164,7 @@ jobs:
           sed -i -e '/"keyConnectorVersion":/ s/"keyConnectorVersion":[^,]*/"keyConnectorVersion":"'$VERSION'"/' version.json
 
       - name: Commit updated files
-        run: |
-          git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
-          git config --local user.name "github-actions[bot]"
-          git commit -m "Updated core, web, and key-connector versions" -a
+        run: git commit -m "Updated core, web, and key-connector versions" -a
 
       - name: Push changes
         run: git push -u origin update-versions