Chore: [AEA-0000] - add sync copilot and check commit signing pre-commit hook (#2)

anthony-nhs · web-flow · commit ff664c6debd2 · 2026-04-01T10:42:38.000+01:00
## Summary

- Routine Change

### Details

- add sync copilot job
- add check commit signing pre-commit
diff --git a/.github/workflows/sync_copilot.yml b/.github/workflows/sync_copilot.yml
@@ -0,0 +1,22 @@
+name: Sync Copilot Instructions
+
+on:
+    workflow_dispatch:
+    schedule:
+        - cron: "0 6 * * 1"
+
+jobs:
+    sync-copilot-instructions:
+        runs-on: ubuntu-22.04
+        environment: create_pull_request
+        permissions:
+            contents: read
+
+        steps:
+            - name: Sync shared instructions
+              uses: NHSDigital/eps-copilot-instructions@304ab2f4b7cdc15a1d7c0a0fae5290fad41b2451
+              with:
+                  copilot_instructions_ref: main
+                  calling_repo_base_branch: master
+                  CREATE_PULL_REQUEST_APP_ID: ${{ secrets.CREATE_PULL_REQUEST_APP_ID }}
+                  CREATE_PULL_REQUEST_PEM: ${{ secrets.CREATE_PULL_REQUEST_PEM }}
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -49,8 +49,35 @@ repos:
         types_or: [sh, shell]
         pass_filenames: false
 
-  - repo: local
-    hooks:
+      - id: check-commit-signing
+        name: Check commit signing
+        description: Ensures that commits are GPG signed
+        entry: bash
+        args:
+          - -c
+          - |
+            if ! git config --get user.signingkey > /dev/null 2>&1; then
+              echo "Error: Git signing key not configured."
+              echo "Please configure your GPG signing key with:"
+              echo "  git config user.signingkey <YOUR_GPG_KEY_ID>"
+              echo ""
+              echo "To find your GPG key ID, run: gpg --list-secret-keys --keyid-format=long"
+              echo "For more information, see: https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits"
+              exit 1
+            fi
+            if ! git config --get commit.gpgsign | grep -q "true" > /dev/null 2>&1; then
+              echo "Error: Commit signing is not enabled."
+              echo "Please enable commit signing with:"
+              echo "  git config commit.gpgsign true"
+              echo ""
+              echo "For more information, see: https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits"
+              exit 1
+            fi
+            echo "Commit signing is properly configured."
+        language: system
+        pass_filenames: false
+        always_run: true
+
       - id: git-secrets
         name: Git Secrets
         description: git-secrets scans commits, commit messages, and --no-ff merges to prevent adding secrets into your git repositories.
