From 97a1459929e79d7dc25c78d34319994ee50443a0 Mon Sep 17 00:00:00 2001
From: itsRevela <rexmarek@gmail.com>
Date: Sun, 29 Mar 2026 14:47:53 -0500
Subject: [PATCH] feat: GPG-sign release tags for verified badge

Use crazy-max/ghaction-import-gpg to sign Nightly and
Nightly-Dedicated-Server tags with a GPG key so releases
show the green Verified badge on GitHub.
---
 .github/workflows/nightly.yml | 32 ++++++++++++++++++++------------
 1 file changed, 20 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index 492cbbd1..f6ed36b2 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -192,14 +192,18 @@ jobs:
         GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       run: gh api repos/${{ github.repository }}/git/refs/tags/Nightly-Dedicated-Server --method DELETE || true
 
+    - name: Import GPG key
+      uses: crazy-max/ghaction-import-gpg@v6
+      with:
+        gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+        passphrase: ${{ secrets.GPG_PASSPHRASE }}
+        git_user_signingkey: true
+        git_tag_gpgsign: true
+
     - name: Create signed tag
-      env:
-        GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       run: |
-        gh api repos/${{ github.repository }}/git/refs \
-          --method POST \
-          --field ref="refs/tags/Nightly-Dedicated-Server" \
-          --field sha="${{ github.sha }}"
+        git tag -s -f Nightly -m "Nightly release ${{ steps.sha.outputs.short }}"
+        git push origin Nightly --force
 
     - name: Create release
       env:
@@ -248,14 +252,18 @@ jobs:
         GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       run: gh api repos/${{ github.repository }}/git/refs/tags/Nightly --method DELETE || true
 
+    - name: Import GPG key
+      uses: crazy-max/ghaction-import-gpg@v6
+      with:
+        gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+        passphrase: ${{ secrets.GPG_PASSPHRASE }}
+        git_user_signingkey: true
+        git_tag_gpgsign: true
+
     - name: Create signed tag
-      env:
-        GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       run: |
-        gh api repos/${{ github.repository }}/git/refs \
-          --method POST \
-          --field ref="refs/tags/Nightly" \
-          --field sha="${{ github.sha }}"
+        git tag -s -f Nightly -m "Nightly release ${{ steps.sha.outputs.short }}"
+        git push origin Nightly --force
 
     - name: Write release notes
       run: |