How to best sign an app that has a .git folder in it?

I am in the process of signing a nextcloud app and my app folder contains a .git and .idea folder. If I sign the app these directories and their content get signed too and I can’t remove them afterwards without signature errors.

I tried copying the folder to a temporary location deleted both hidden folders and signed it then. But now I need to commit signature.json. I could probably copy .git back and commit it then. But this all seems to be cumbersome and complicated.

I did not find a --ignore-folder parameter for occ ot use during signing.

What is the best practice here? Or does everyone keep their app folders in a subfolder so that .git is not directly inside it?

Just copy the makefile of some other apps, e.g.:

It copies everything to a new directory, removes a couple of files and then signs the build dir instead of the current app dir.

How do you work around the fact that occ to run if config.php does not belong to the same user, i.e. www-data? I don’t want to make my private key readable by www-data.

At the moment I am just chowning config.php for the signing process.

I added my own user to the www-data group, that works fine