Create a bot Github profile for nix-community

[brianmcgee]

trafficstars

We have a workflow in ethereum.nix that needs to sign commits: https://github.com/nix-community/ethereum.nix/pull/165

Ideally there would be a Github profile for a nix-community account against which gpg keys can be added. If a repository requires signing they would generate a gpg key and set it as a repo secret, then also create a PR against this project to have that GPG key added to the bot profile.

Relevant background:

• https://github.com/Nautilus-Cyberneering/pygithub/blob/main/docs/how_to_sign_automatic_commits_in_github_actions.md#solution-02-using-your-own-pgp-key-as-a-secret
• https://registry.terraform.io/providers/integrations/github/latest/docs/resources/user_gpg_key

[brianmcgee]

Some relevant concerns as pointed out by @Mic92

One issue still. When we have one bot with multiple private keys than each private key would be still recognized as valid... So that means that if ethereum.nix commits could be still signed from a different's project gnupg keys.

In the short term I'm going to create a bot account just for ethereum.nix. Ideally though there would be a better way of managing this.

Anyone have a better idea?

[zimbatm]

We can automate the creation of bot accounts using Terraform, but essentially it requires one account per repo to be on the safe side.