From 209566518c1ae138e5701bb94a597f454393c0ec Mon Sep 17 00:00:00 2001
From: Markus Fritsche <mfritsche@reauktion.de>
Date: Tue, 14 Apr 2026 19:44:54 +0000
Subject: [PATCH] ci: wipe stale gpg state at each build start

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .gitea/workflows/build.yml | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml
index 2d0eeedfe..c2ec85b7c 100644
--- a/.gitea/workflows/build.yml
+++ b/.gitea/workflows/build.yml
@@ -27,12 +27,14 @@ jobs:
           PASS: ${{ secrets.MARFRIT_REPO_PASSPHRASE }}
         run: |
           set -e
+          # Runner container persists between runs; wipe any stale gpg state
+          # so old gpg.conf / socket paths can't confuse this build.
+          rm -rf /root/.gnupg /root/repo_pass
           mkdir -m700 -p /root/.gnupg
-          printf '%s\n' "$PRIV" | gpg --batch --import
-          # echo trust so gpg doesn't complain during signing
-          echo "92D5E96D8F63C75E4116AA1FF5C8C4603D0D250C:6:" | gpg --import-ownertrust
           printf '%s' "$PASS" > /root/repo_pass
           chmod 600 /root/repo_pass
+          printf '%s\n' "$PRIV" | gpg --batch --import
+          echo "92D5E96D8F63C75E4116AA1FF5C8C4603D0D250C:6:" | gpg --import-ownertrust
 
       - name: install deploy ssh key
         env: