2020-05-03 14:46:05 -04:00
|
|
|
import * as core from '@actions/core';
|
2020-05-04 14:59:11 -04:00
|
|
|
import * as git from './git';
|
2020-05-03 15:33:19 -04:00
|
|
|
import * as gpg from './gpg';
|
|
|
|
import * as openpgp from './openpgp';
|
2020-05-03 14:46:05 -04:00
|
|
|
import * as stateHelper from './state-helper';
|
|
|
|
|
|
|
|
async function run(): Promise<void> {
|
|
|
|
try {
|
2020-05-05 19:15:33 -04:00
|
|
|
if (!process.env.GPG_PRIVATE_KEY) {
|
|
|
|
core.setFailed('GPG private key required');
|
2020-05-03 14:46:05 -04:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2020-05-05 19:21:41 -04:00
|
|
|
const git_user_signingkey = /true/i.test(core.getInput('git_user_signingkey'));
|
2020-05-05 19:15:33 -04:00
|
|
|
const git_commit_gpgsign = /true/i.test(core.getInput('git_commit_gpgsign'));
|
|
|
|
const git_tag_gpgsign = /true/i.test(core.getInput('git_tag_gpgsign'));
|
|
|
|
const git_push_gpgsign = /true/i.test(core.getInput('git_push_gpgsign'));
|
2020-05-06 12:00:13 -04:00
|
|
|
const git_committer_name: string = core.getInput('git_committer_name') || process.env['GITHUB_ACTOR'] || 'github-actions';
|
|
|
|
const git_committer_email: string = core.getInput('git_committer_email') || `${git_committer_name}@users.noreply.github.com`;
|
2020-05-05 14:01:45 -04:00
|
|
|
|
2020-05-03 15:33:19 -04:00
|
|
|
core.info('📣 GnuPG info');
|
|
|
|
const version = await gpg.getVersion();
|
2020-05-04 10:17:14 -04:00
|
|
|
const dirs = await gpg.getDirs();
|
2020-05-04 10:40:21 -04:00
|
|
|
core.info(`Version : ${version.gnupg} (libgcrypt ${version.libgcrypt})`);
|
|
|
|
core.info(`Libdir : ${dirs.libdir}`);
|
|
|
|
core.info(`Libexecdir : ${dirs.libexecdir}`);
|
|
|
|
core.info(`Datadir : ${dirs.datadir}`);
|
|
|
|
core.info(`Homedir : ${dirs.homedir}`);
|
2020-05-03 14:46:05 -04:00
|
|
|
|
2020-05-05 19:15:33 -04:00
|
|
|
core.info('🔮 Checking GPG private key');
|
|
|
|
const privateKey = await openpgp.readPrivateKey(process.env.GPG_PRIVATE_KEY);
|
2020-05-04 10:17:14 -04:00
|
|
|
core.debug(`Fingerprint : ${privateKey.fingerprint}`);
|
|
|
|
core.debug(`KeyID : ${privateKey.keyID}`);
|
2020-05-05 14:01:45 -04:00
|
|
|
core.debug(`Name : ${privateKey.name}`);
|
|
|
|
core.debug(`Email : ${privateKey.email}`);
|
2020-05-04 10:17:14 -04:00
|
|
|
core.debug(`CreationTime : ${privateKey.creationTime}`);
|
2020-05-03 14:46:05 -04:00
|
|
|
|
2020-05-05 19:15:33 -04:00
|
|
|
core.info('🔑 Importing GPG private key');
|
|
|
|
await gpg.importKey(process.env.GPG_PRIVATE_KEY).then(stdout => {
|
2020-05-04 10:17:14 -04:00
|
|
|
core.debug(stdout);
|
|
|
|
});
|
|
|
|
|
|
|
|
if (process.env.PASSPHRASE) {
|
2020-05-04 14:09:52 -04:00
|
|
|
core.info('⚙️ Configuring GnuPG agent');
|
2020-05-04 10:17:14 -04:00
|
|
|
await gpg.configureAgent(gpg.agentConfig);
|
|
|
|
|
2020-05-04 14:09:52 -04:00
|
|
|
core.info('📌 Getting keygrip');
|
2020-05-04 10:17:14 -04:00
|
|
|
const keygrip = await gpg.getKeygrip(privateKey.fingerprint);
|
|
|
|
core.debug(`${keygrip}`);
|
|
|
|
|
2020-05-04 14:09:52 -04:00
|
|
|
core.info('🔓 Preset passphrase');
|
2020-05-04 10:17:14 -04:00
|
|
|
await gpg.presetPassphrase(keygrip, process.env.PASSPHRASE).then(stdout => {
|
|
|
|
core.debug(stdout);
|
|
|
|
});
|
|
|
|
}
|
2020-05-04 14:59:11 -04:00
|
|
|
|
2020-05-05 19:15:33 -04:00
|
|
|
if (git_user_signingkey) {
|
|
|
|
core.info('🔐 Setting GPG signing keyID for this Git repository');
|
|
|
|
await git.setConfig('user.signingkey', privateKey.keyID);
|
|
|
|
|
2020-05-05 14:01:45 -04:00
|
|
|
if (git_committer_email != privateKey.email) {
|
|
|
|
core.setFailed('Committer email does not match GPG key user address');
|
|
|
|
return;
|
|
|
|
}
|
2020-05-05 19:15:33 -04:00
|
|
|
|
|
|
|
core.info(`🔨 Configuring Git committer (${git_committer_name} <${git_committer_email}>)`);
|
2020-05-05 14:01:45 -04:00
|
|
|
await git.setConfig('user.name', git_committer_name);
|
|
|
|
await git.setConfig('user.email', git_committer_email);
|
|
|
|
|
2020-05-05 19:15:33 -04:00
|
|
|
if (git_commit_gpgsign) {
|
|
|
|
core.info('💎 Sign all commits automatically');
|
|
|
|
await git.setConfig('commit.gpgsign', 'true');
|
|
|
|
}
|
|
|
|
if (git_tag_gpgsign) {
|
|
|
|
core.info('💎 Sign all tags automatically');
|
|
|
|
await git.setConfig('tag.gpgsign', 'true');
|
|
|
|
}
|
|
|
|
if (git_push_gpgsign) {
|
|
|
|
core.info('💎 Sign all pushes automatically');
|
|
|
|
await git.setConfig('push.gpgsign', 'true');
|
|
|
|
}
|
2020-05-04 14:59:11 -04:00
|
|
|
}
|
2020-05-03 14:46:05 -04:00
|
|
|
} catch (error) {
|
|
|
|
core.setFailed(error.message);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
async function cleanup(): Promise<void> {
|
2020-05-05 19:15:33 -04:00
|
|
|
if (!process.env.GPG_PRIVATE_KEY) {
|
|
|
|
core.debug('GPG private key is not defined. Skipping cleanup.');
|
2020-05-03 14:46:05 -04:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
try {
|
2020-05-04 14:09:52 -04:00
|
|
|
core.info('🚿 Removing keys');
|
2020-05-05 19:15:33 -04:00
|
|
|
const privateKey = await openpgp.readPrivateKey(process.env.GPG_PRIVATE_KEY);
|
2020-05-03 15:33:19 -04:00
|
|
|
await gpg.deleteKey(privateKey.fingerprint);
|
2020-05-05 18:23:29 -04:00
|
|
|
|
|
|
|
core.info('💀 Killing GnuPG agent');
|
|
|
|
await gpg.killAgent();
|
2020-05-03 14:46:05 -04:00
|
|
|
} catch (error) {
|
|
|
|
core.warning(error.message);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Main
|
|
|
|
if (!stateHelper.IsPost) {
|
|
|
|
run();
|
|
|
|
}
|
|
|
|
// Post
|
|
|
|
else {
|
|
|
|
cleanup();
|
|
|
|
}
|