ci: add GPG signing for release-please commits

[justin-layerv]

Summary

Fix merge blocking on release-please PRs by adding GPG commit signing.

Problem

PR #1385 is blocked because release-please commits aren't GPG signed, but the repo requires signed commits.

Solution

Use crazy-max/ghaction-import-gpg to import a GPG key and configure git to sign commits before release-please runs.

Setup Required

Add these secrets to the repo:

Secret	Description
GPG_PRIVATE_KEY	ASCII-armored GPG private key (gpg --armor --export-secret-key EMAIL)
GPG_PASSPHRASE	Passphrase for the key

Generate a bot GPG key (recommended)

# Generate key (use a bot email like bot@opennhp.org)
gpg --full-generate-key

# Export private key
gpg --armor --export-secret-key bot@opennhp.org | pbcopy

# Add as secret
gh secret set GPG_PRIVATE_KEY --repo OpenNHP/opennhp
gh secret set GPG_PASSPHRASE --repo OpenNHP/opennhp

After Merge

Once this is merged and secrets are configured, close and reopen PR #1385 (or push a new commit) to trigger a new release-please run with signed commits.

🤖 Generated with Claude Code

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.
❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

@@          Coverage Diff          @@
##            main   #1405   +/-   ##
=====================================
  Coverage   0.57%   0.57%           
=====================================
  Files         87      87           
  Lines      12523   12523           
=====================================
  Hits          72      72           
  Misses     12445   12445           
  Partials       6       6           

Flag	Coverage Δ
unittests	0.57% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.