From a440db3e3ffa487e0a11f17ded7431bb0701b541 Mon Sep 17 00:00:00 2001
From: "Michael B. Gale" <mbg@github.com>
Date: Thu, 14 Aug 2025 16:34:52 +0100
Subject: [PATCH 1/2] Add test workflow

---
 .github/workflows/test-sign.yml | 38 +++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 .github/workflows/test-sign.yml

diff --git a/.github/workflows/test-sign.yml b/.github/workflows/test-sign.yml
new file mode 100644
index 0000000000..bb8fa3a1f8
--- /dev/null
+++ b/.github/workflows/test-sign.yml
@@ -0,0 +1,38 @@
+name: "Test signing"
+
+on:
+  pull_request:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    environment: Automation
+
+    steps:
+      - name: Dump environment
+        run: env
+
+      - name: Dump GitHub context
+        env:
+          GITHUB_CONTEXT: '${{ toJson(github) }}'
+        run: echo "${GITHUB_CONTEXT}"
+
+      - name: Generate token
+        uses: actions/create-github-app-token@v2.1.1
+        id: app-token
+        with:
+          app-id: ${{ vars.AUTOMATION_APP_ID }}
+          private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
+
+      - uses: actions/checkout@v5
+        with:
+          token: ${{ steps.app-token.outputs.token }}
+          fetch-depth: 0  # ensure we have all tags and can push commits
+
+      - name: Test signing
+        shell: bash
+        run: |
+          git tag -s --annotate "vTEST" --message "vTEST"
+          echo "test" > .test
+          git add .test
+          git commit -s -m 'Test commit'

From 9562cca8413157d97c14f3827f1cb51fb92cf0b9 Mon Sep 17 00:00:00 2001
From: "Michael B. Gale" <mbg@github.com>
Date: Thu, 14 Aug 2025 16:40:49 +0100
Subject: [PATCH 2/2] Configure git user

---
 .github/workflows/test-sign.yml | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/test-sign.yml b/.github/workflows/test-sign.yml
index bb8fa3a1f8..e9390a1dd2 100644
--- a/.github/workflows/test-sign.yml
+++ b/.github/workflows/test-sign.yml
@@ -8,6 +8,8 @@ jobs:
     runs-on: ubuntu-latest
     environment: Automation
 
+    permissions: {}
+
     steps:
       - name: Dump environment
         run: env
@@ -24,7 +26,19 @@ jobs:
           app-id: ${{ vars.AUTOMATION_APP_ID }}
           private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
 
-      - uses: actions/checkout@v5
+      - name: Get GitHub App User ID
+        id: get-user-id
+        run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT"
+        env:
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
+
+      - name: Configure git user
+        run: |
+          git config --global user.name '${{ steps.app-token.outputs.app-slug }}[bot]'
+          git config --global user.email '${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com'
+
+      - name: Checkout repository
+        uses: actions/checkout@v5
         with:
           token: ${{ steps.app-token.outputs.token }}
           fetch-depth: 0  # ensure we have all tags and can push commits