diff --git a/.github/scripts/bump-versions.sh b/.github/scripts/bump-versions.sh
index 17ff57c3d6..4ae77b34b3 100755
--- a/.github/scripts/bump-versions.sh
+++ b/.github/scripts/bump-versions.sh
@@ -89,13 +89,11 @@ findAndBump() {
 }
 
 commitChanges() {
-    # this will NOT trigger another workflow, because it will use $GITHUB_TOKEN.
-    # so the build-action will run fine with the bumped-up extensions
     if [[ -n "$@" ]]; then
-        git config --global user.email "github-actions[bot]@users.noreply.github.com"
-        git config --global user.name "github-actions[bot]"
+        git config --global user.email "aniyomi-bot@aniyomi.org"
+        git config --global user.name "aniyomi-bot[bot]"
         git add $@
-        git commit -m "Mass-bump on extensions"
+        git commit -S -m "[skip ci] chore: Mass-bump on extensions"
         git push
     fi
 }
diff --git a/.github/workflows/build_push.yml b/.github/workflows/build_push.yml
index ddbf6c9400..4729ea0f88 100644
--- a/.github/workflows/build_push.yml
+++ b/.github/workflows/build_push.yml
@@ -28,6 +28,7 @@ jobs:
         uses: actions/checkout@v3
         with:
           ref: master
+          token: ${{ secrets.ANIYOMIORG_BOT_PAT }}
 
       - name: Find lib changes
         id: modified-libs
@@ -37,6 +38,15 @@ jobs:
           files_ignore: lib/**.md
           files_separator: " "
         # This step is going to commit, but this will not trigger another workflow.
+
+      - name: Import GPG key
+        uses: crazy-max/ghaction-import-gpg@v5
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.GPG_PASSPHRASE }}
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+
       - name: Bump extensions that uses a modified lib
         if: steps.modified-libs.outputs.any_changed == 'true'
         run: |