gpg/.github/workflows/ci.yml

name: ci

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

on:
  schedule:
    - cron: '0 10 * * *'
  push:
    branches:
      - 'master'
      - 'releases/v*'
    tags:
      - 'v*'
  pull_request:
    branches:
      - 'master'
      - 'releases/v*'

jobs:
  gpg:
    runs-on: ubuntu-latest
    steps:
      -
        name: GPG conf
        run: |
          cat ~/.gnupg/gpg.conf || true

  armored:
    runs-on: ${{ matrix.os }}
    strategy:
      fail-fast: false
      matrix:
        key:
          - test-key
          - test-subkey
        global:
          - false
          - true
        os:
          - ubuntu-latest
          - macOS-latest
          - windows-latest
        include:
          - key: test-subkey
            fingerprint: C17D11ADF199F12A30A0910F1F80449BE0B08CB8
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: GPG conf
        uses: actions/github-script@v6
        with:
          script: |
            const fs = require('fs');
            const gnupgfolder = `${require('os').homedir()}/.gnupg`;
            if (!fs.existsSync(gnupgfolder)){
                fs.mkdirSync(gnupgfolder);
            }
            fs.chmodSync(gnupgfolder, '0700');
            fs.copyFile('__tests__/fixtures/gpg.conf', `${gnupgfolder}/gpg.conf`, (err) => {
                if (err) throw err;
            });
      -
        name: Get test key and passphrase
        uses: actions/github-script@v6
        id: test
        with:
          script: |
            const fs = require('fs');
            core.setOutput('pgp', fs.readFileSync('__tests__/fixtures/${{ matrix.key }}.pgp', {encoding: 'utf8'}));
            core.setOutput('passphrase', fs.readFileSync('__tests__/fixtures/${{ matrix.key }}.pass', {encoding: 'utf8'}));
      -
        name: Import GPG
        uses: ./
        with:
          gpg_private_key: ${{ steps.test.outputs.pgp }}
          passphrase: ${{ steps.test.outputs.passphrase }}
          trust_level: 5
          git_config_global: ${{ matrix.global }}
          git_user_signingkey: true
          git_commit_gpgsign: true
          git_tag_gpgsign: true
          git_push_gpgsign: if-asked
          fingerprint: ${{ matrix.fingerprint }}
      -
        name: List keys
        run: |
          gpg -K
        shell: bash

  base64:
    runs-on: ${{ matrix.os }}
    strategy:
      fail-fast: false
      matrix:
        key:
          - test-key
          - test-subkey
        os:
          - ubuntu-latest
          - macOS-latest
          - windows-latest
        include:
          - key: test-subkey
            fingerprint: C17D11ADF199F12A30A0910F1F80449BE0B08CB8
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Get test key and passphrase
        uses: actions/github-script@v6
        id: test
        with:
          script: |
            const fs = require('fs');
            core.setOutput('pgp-base64', fs.readFileSync('__tests__/fixtures/${{ matrix.key }}-base64.pgp', {encoding: 'utf8'}));
            core.setOutput('passphrase', fs.readFileSync('__tests__/fixtures/${{ matrix.key }}.pass', {encoding: 'utf8'}));
      -
        name: Import GPG
        uses: ./
        with:
          gpg_private_key: ${{ steps.test.outputs.pgp-base64 }}
          passphrase: ${{ steps.test.outputs.passphrase }}
          git_user_signingkey: true
          git_commit_gpgsign: true
          git_tag_gpgsign: true
          git_push_gpgsign: if-asked
          fingerprint: ${{ matrix.fingerprint }}

  trust:
    runs-on: ${{ matrix.os }}
    strategy:
      fail-fast: false
      matrix:
        key:
          - test-key
        level:
          - ''
          - 5
          - 4
          - 3
          - 2
          - 1
        os:
          - ubuntu-latest
          - macOS-latest
          - windows-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: GPG conf
        uses: actions/github-script@v6
        with:
          script: |
            const fs = require('fs');
            const gnupgfolder = `${require('os').homedir()}/.gnupg`;
            if (!fs.existsSync(gnupgfolder)){
                fs.mkdirSync(gnupgfolder);
            }
            fs.chmodSync(gnupgfolder, '0700');
            fs.copyFile('__tests__/fixtures/gpg.conf', `${gnupgfolder}/gpg.conf`, (err) => {
                if (err) throw err;
            });
      -
        name: Get test key and passphrase
        uses: actions/github-script@v6
        id: test
        with:
          script: |
            const fs = require('fs');
            core.setOutput('pgp', fs.readFileSync('__tests__/fixtures/${{ matrix.key }}.pgp', {encoding: 'utf8'}));
            core.setOutput('passphrase', fs.readFileSync('__tests__/fixtures/${{ matrix.key }}.pass', {encoding: 'utf8'}));
      -
        name: Import GPG
        id: import_gpg
        uses: ./
        with:
          gpg_private_key: ${{ steps.test.outputs.pgp }}
          passphrase: ${{ steps.test.outputs.passphrase }}
          trust_level: ${{ matrix.level }}
      -
        name: List trust values
        run: |
          gpg --export-ownertrust
        shell: bash
Add CI, master and test workflows 2020-05-03 15:09:41 -04:00			`name: ci`

ci: concurrency check 2023-05-06 17:46:50 -04:00			`concurrency:`
			`group: ${{ github.workflow }}-${{ github.ref }}`
			`cancel-in-progress: true`

Add CI, master and test workflows 2020-05-03 15:09:41 -04:00			`on:`
Update workflows 2020-05-23 19:14:15 -04:00			`schedule:`
Handle signing-only subkeys (#112) Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com> 2021-10-15 07:40:04 -04:00			`- cron: '0 10 * * *'`
Add CI, master and test workflows 2020-05-03 15:09:41 -04:00			`push:`
			`branches:`
Container based developer flow (#76) Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com> 2021-01-29 06:29:31 -05:00			`- 'master'`
			`- 'releases/v*'`
Enhance workflow (#77) Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com> 2021-03-30 14:00:40 -04:00			`tags:`
			`- 'v*'`
Container based developer flow (#76) Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com> 2021-01-29 06:29:31 -05:00			`pull_request:`
			`branches:`
			`- 'master'`
Enhance workflow (#77) Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com> 2021-03-30 14:00:40 -04:00			`- 'releases/v*'`
Add CI, master and test workflows 2020-05-03 15:09:41 -04:00
			`jobs:`
Cleanup (#117) Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com> 2021-11-19 06:54:41 -05:00			`gpg:`
			`runs-on: ubuntu-latest`
			`steps:`
			`-`
			`name: GPG conf`
			`run: \|`
			`cat ~/.gnupg/gpg.conf \|\| true`

Dedicated CI job for base64 2020-05-18 11:18:07 -04:00			`armored:`
Matrix OS 2020-05-03 15:35:54 -04:00			`runs-on: ${{ matrix.os }}`
			`strategy:`
			`fail-fast: false`
			`matrix:`
Handle signing-only subkeys (#112) Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com> 2021-10-15 07:40:04 -04:00			`key:`
			`- test-key`
			`- test-subkey`
Add `git-config-global` input (#103) Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com> 2021-08-10 03:28:13 -04:00			`global:`
			`- false`
			`- true`
Matrix OS 2020-05-03 15:35:54 -04:00			`os:`
			`- ubuntu-latest`
			`- macOS-latest`
Bring back support for Windows 2020-05-05 18:31:46 -04:00			`- windows-latest`
Handle signing-only subkeys (#112) Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com> 2021-10-15 07:40:04 -04:00			`include:`
			`- key: test-subkey`
			`fingerprint: C17D11ADF199F12A30A0910F1F80449BE0B08CB8`
Add CI, master and test workflows 2020-05-03 15:09:41 -04:00			`steps:`
			`-`
			`name: Checkout`
Bump actions/checkout from 3 to 4 Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> 2023-09-05 01:14:02 -04:00			`uses: actions/checkout@v4`
Handle signing-only subkeys (#112) Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com> 2021-10-15 07:40:04 -04:00			`-`
			`name: GPG conf`
Bump actions/github-script from 5 to 6 (#121) Bumps [actions/github-script](https://github.com/actions/github-script) from 5 to 6. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/github-script dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2022-02-14 06:06:02 -05:00			`uses: actions/github-script@v6`
Handle signing-only subkeys (#112) Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com> 2021-10-15 07:40:04 -04:00			`with:`
			`script: \|`
			`const fs = require('fs');`
			const gnupgfolder = `${require('os').homedir()}/.gnupg`;
			`if (!fs.existsSync(gnupgfolder)){`
			`fs.mkdirSync(gnupgfolder);`
			`}`
input to set private key trust level 2023-05-06 12:20:11 -04:00			`fs.chmodSync(gnupgfolder, '0700');`
Handle signing-only subkeys (#112) Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com> 2021-10-15 07:40:04 -04:00			fs.copyFile('__tests__/fixtures/gpg.conf', `${gnupgfolder}/gpg.conf`, (err) => {
			`if (err) throw err;`
			`});`
Use GPG key name/email as default values (#13) 2020-05-12 14:18:51 -04:00			`-`
Update CI workflow 2020-05-12 14:48:02 -04:00			`name: Get test key and passphrase`
Bump actions/github-script from 5 to 6 (#121) Bumps [actions/github-script](https://github.com/actions/github-script) from 5 to 6. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/github-script dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2022-02-14 06:06:02 -05:00			`uses: actions/github-script@v6`
Centralize test key/passphrase 2020-05-12 14:30:44 -04:00			`id: test`
Maybe maybe maybe 2020-05-12 14:36:05 -04:00			`with:`
			`script: \|`
Fix CI workflow 2020-05-12 14:37:28 -04:00			`const fs = require('fs');`
Handle signing-only subkeys (#112) Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com> 2021-10-15 07:40:04 -04:00			`core.setOutput('pgp', fs.readFileSync('__tests__/fixtures/${{ matrix.key }}.pgp', {encoding: 'utf8'}));`
			`core.setOutput('passphrase', fs.readFileSync('__tests__/fixtures/${{ matrix.key }}.pass', {encoding: 'utf8'}));`
Add CI, master and test workflows 2020-05-03 15:09:41 -04:00			`-`
Dedicated CI job for base64 2020-05-18 11:18:07 -04:00			`name: Import GPG`
Add CI, master and test workflows 2020-05-03 15:09:41 -04:00			`uses: ./`
Enable signing for Git commits and tags (#4) 2020-05-04 14:59:11 -04:00			`with:`
POSIX-compliant inputs names (#109) Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com> 2021-09-04 19:12:28 -04:00			`gpg_private_key: ${{ steps.test.outputs.pgp }}`
Move GPG_PRIVATE_KEY env var to gpg-private-key input Move PASSPHRASE env var to passphrase input Rename git_user_signingkey input to git-user-signingkey Rename git_commit_gpgsign input to git-commit-gpgsign Rename git_tag_gpgsign input to git-tag-gpgsign Rename git_push_gpgsign input to git-push-gpgsign Rename git_committer_name input to git-committer-name Rename git_committer_email input to git-committer-email 2020-09-06 16:03:16 -04:00			`passphrase: ${{ steps.test.outputs.passphrase }}`
input to set private key trust level 2023-05-06 12:20:11 -04:00			`trust_level: 5`
POSIX-compliant inputs names (#109) Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com> 2021-09-04 19:12:28 -04:00			`git_config_global: ${{ matrix.global }}`
			`git_user_signingkey: true`
			`git_commit_gpgsign: true`
			`git_tag_gpgsign: true`
			`git_push_gpgsign: if-asked`
Handle signing-only subkeys (#112) Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com> 2021-10-15 07:40:04 -04:00			`fingerprint: ${{ matrix.fingerprint }}`
Update CI workflow 2020-05-07 14:46:52 -04:00			`-`
Handle signing-only subkeys (#112) Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com> 2021-10-15 07:40:04 -04:00			`name: List keys`
Update CI workflow 2020-05-07 14:46:52 -04:00			`run: \|`
Handle signing-only subkeys (#112) Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com> 2021-10-15 07:40:04 -04:00			`gpg -K`
			`shell: bash`
Dedicated CI job for base64 2020-05-18 11:18:07 -04:00
			`base64:`
			`runs-on: ${{ matrix.os }}`
			`strategy:`
			`fail-fast: false`
			`matrix:`
Handle signing-only subkeys (#112) Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com> 2021-10-15 07:40:04 -04:00			`key:`
			`- test-key`
			`- test-subkey`
Dedicated CI job for base64 2020-05-18 11:18:07 -04:00			`os:`
			`- ubuntu-latest`
			`- macOS-latest`
			`- windows-latest`
Handle signing-only subkeys (#112) Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com> 2021-10-15 07:40:04 -04:00			`include:`
			`- key: test-subkey`
			`fingerprint: C17D11ADF199F12A30A0910F1F80449BE0B08CB8`
Dedicated CI job for base64 2020-05-18 11:18:07 -04:00			`steps:`
			`-`
			`name: Checkout`
Bump actions/checkout from 3 to 4 Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> 2023-09-05 01:14:02 -04:00			`uses: actions/checkout@v4`
Fix importing of base64 armored string (#18) 2020-05-18 11:15:05 -04:00			`-`
Dedicated CI job for base64 2020-05-18 11:18:07 -04:00			`name: Get test key and passphrase`
Bump actions/github-script from 5 to 6 (#121) Bumps [actions/github-script](https://github.com/actions/github-script) from 5 to 6. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/github-script dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2022-02-14 06:06:02 -05:00			`uses: actions/github-script@v6`
Dedicated CI job for base64 2020-05-18 11:18:07 -04:00			`id: test`
			`with:`
			`script: \|`
			`const fs = require('fs');`
Handle signing-only subkeys (#112) Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com> 2021-10-15 07:40:04 -04:00			`core.setOutput('pgp-base64', fs.readFileSync('__tests__/fixtures/${{ matrix.key }}-base64.pgp', {encoding: 'utf8'}));`
			`core.setOutput('passphrase', fs.readFileSync('__tests__/fixtures/${{ matrix.key }}.pass', {encoding: 'utf8'}));`
Dedicated CI job for base64 2020-05-18 11:18:07 -04:00			`-`
			`name: Import GPG`
Fix importing of base64 armored string (#18) 2020-05-18 11:15:05 -04:00			`uses: ./`
			`with:`
POSIX-compliant inputs names (#109) Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com> 2021-09-04 19:12:28 -04:00			`gpg_private_key: ${{ steps.test.outputs.pgp-base64 }}`
Move GPG_PRIVATE_KEY env var to gpg-private-key input Move PASSPHRASE env var to passphrase input Rename git_user_signingkey input to git-user-signingkey Rename git_commit_gpgsign input to git-commit-gpgsign Rename git_tag_gpgsign input to git-tag-gpgsign Rename git_push_gpgsign input to git-push-gpgsign Rename git_committer_name input to git-committer-name Rename git_committer_email input to git-committer-email 2020-09-06 16:03:16 -04:00			`passphrase: ${{ steps.test.outputs.passphrase }}`
POSIX-compliant inputs names (#109) Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com> 2021-09-04 19:12:28 -04:00			`git_user_signingkey: true`
			`git_commit_gpgsign: true`
			`git_tag_gpgsign: true`
			`git_push_gpgsign: if-asked`
Handle signing-only subkeys (#112) Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com> 2021-10-15 07:40:04 -04:00			`fingerprint: ${{ matrix.fingerprint }}`
input to set private key trust level 2023-05-06 12:20:11 -04:00
			`trust:`
			`runs-on: ${{ matrix.os }}`
			`strategy:`
			`fail-fast: false`
			`matrix:`
			`key:`
			`- test-key`
			`level:`
			`- ''`
			`- 5`
			`- 4`
			`- 3`
			`- 2`
			`- 1`
			`os:`
			`- ubuntu-latest`
			`- macOS-latest`
			`- windows-latest`
			`steps:`
			`-`
			`name: Checkout`
Bump actions/checkout from 3 to 4 Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> 2023-09-05 01:14:02 -04:00			`uses: actions/checkout@v4`
input to set private key trust level 2023-05-06 12:20:11 -04:00			`-`
			`name: GPG conf`
			`uses: actions/github-script@v6`
			`with:`
			`script: \|`
			`const fs = require('fs');`
			const gnupgfolder = `${require('os').homedir()}/.gnupg`;
			`if (!fs.existsSync(gnupgfolder)){`
			`fs.mkdirSync(gnupgfolder);`
			`}`
			`fs.chmodSync(gnupgfolder, '0700');`
			fs.copyFile('__tests__/fixtures/gpg.conf', `${gnupgfolder}/gpg.conf`, (err) => {
			`if (err) throw err;`
			`});`
			`-`
			`name: Get test key and passphrase`
			`uses: actions/github-script@v6`
			`id: test`
			`with:`
			`script: \|`
			`const fs = require('fs');`
			`core.setOutput('pgp', fs.readFileSync('__tests__/fixtures/${{ matrix.key }}.pgp', {encoding: 'utf8'}));`
			`core.setOutput('passphrase', fs.readFileSync('__tests__/fixtures/${{ matrix.key }}.pass', {encoding: 'utf8'}));`
			`-`
			`name: Import GPG`
			`id: import_gpg`
			`uses: ./`
			`with:`
			`gpg_private_key: ${{ steps.test.outputs.pgp }}`
			`passphrase: ${{ steps.test.outputs.passphrase }}`
			`trust_level: ${{ matrix.level }}`
			`-`
			`name: List trust values`
			`run: \|`
			`gpg --export-ownertrust`
			`shell: bash`