gpg/src/main.ts

import * as core from '@actions/core';
import * as git from './git';
import * as gpg from './gpg';
import * as openpgp from './openpgp';
import * as stateHelper from './state-helper';

async function run(): Promise<void> {
  try {
    if (!process.env.SIGNING_KEY) {
      core.setFailed('Signing key required');
      return;
    }

    const git_gpgsign = /true/i.test(core.getInput('git_gpgsign'));
    const git_committer_name: string =
      core.getInput('git_committer_name') || process.env['GITHUB_ACTOR'] || 'github-actions';
    const git_committer_email: string =
      core.getInput('git_committer_email') || `${git_committer_name}@users.noreply.github.com`;

    core.info('📣 GnuPG info');
    const version = await gpg.getVersion();
    const dirs = await gpg.getDirs();
    core.info(`Version    : ${version.gnupg} (libgcrypt ${version.libgcrypt})`);
    core.info(`Libdir     : ${dirs.libdir}`);
    core.info(`Libexecdir : ${dirs.libexecdir}`);
    core.info(`Datadir    : ${dirs.datadir}`);
    core.info(`Homedir    : ${dirs.homedir}`);

    core.info('🔮 Checking signing key');
    const privateKey = await openpgp.readPrivateKey(process.env.SIGNING_KEY);
    core.debug(`Fingerprint  : ${privateKey.fingerprint}`);
    core.debug(`KeyID        : ${privateKey.keyID}`);
    core.debug(`Name         : ${privateKey.name}`);
    core.debug(`Email        : ${privateKey.email}`);
    core.debug(`CreationTime : ${privateKey.creationTime}`);

    core.info('🔑 Importing secret key');
    await gpg.importKey(process.env.SIGNING_KEY).then(stdout => {
      core.debug(stdout);
    });

    if (process.env.PASSPHRASE) {
      core.info('⚙️ Configuring GnuPG agent');
      await gpg.configureAgent(gpg.agentConfig);

      core.info('📌 Getting keygrip');
      const keygrip = await gpg.getKeygrip(privateKey.fingerprint);
      core.debug(`${keygrip}`);

      core.info('🔓 Preset passphrase');
      await gpg.presetPassphrase(keygrip, process.env.PASSPHRASE).then(stdout => {
        core.debug(stdout);
      });
    }

    if (git_gpgsign) {
      core.info(`🔨 Configuring Git committer (${git_committer_name} <${git_committer_email}>)`);
      if (git_committer_email != privateKey.email) {
        core.setFailed('Committer email does not match GPG key user address');
        return;
      }
      await git.setConfig('user.name', git_committer_name);
      await git.setConfig('user.email', git_committer_email);

      core.info('💎 Enable signing for this Git repository');
      await git.setConfig('commit.gpgsign', 'true');
      await git.setConfig('user.signingkey', privateKey.keyID);
    }
  } catch (error) {
    core.setFailed(error.message);
  }
}

async function cleanup(): Promise<void> {
  if (!process.env.SIGNING_KEY) {
    core.debug('Signing key is not defined. Skipping cleanup.');
    return;
  }
  try {
    core.info('🚿 Removing keys');
    const privateKey = await openpgp.readPrivateKey(process.env.SIGNING_KEY);
    await gpg.deleteKey(privateKey.fingerprint);

    core.info('💀 Killing GnuPG agent');
    await gpg.killAgent();
  } catch (error) {
    core.warning(error.message);
  }
}

// Main
if (!stateHelper.IsPost) {
  run();
}
// Post
else {
  cleanup();
}
Initial commit 2020-05-03 14:46:05 -04:00			`import * as core from '@actions/core';`
Enable signing for Git commits and tags (#4) 2020-05-04 14:59:11 -04:00			`import * as git from './git';`
Display GnuPG info 2020-05-03 15:33:19 -04:00			`import * as gpg from './gpg';`
			`import * as openpgp from './openpgp';`
Initial commit 2020-05-03 14:46:05 -04:00			`import * as stateHelper from './state-helper';`

			`async function run(): Promise<void> {`
			`try {`
			`if (!process.env.SIGNING_KEY) {`
			`core.setFailed('Signing key required');`
			`return;`
			`}`

Configure and check committer email against GPG user address 2020-05-05 14:01:45 -04:00			`const git_gpgsign = /true/i.test(core.getInput('git_gpgsign'));`
			`const git_committer_name: string =`
			`core.getInput('git_committer_name') \|\| process.env['GITHUB_ACTOR'] \|\| 'github-actions';`
			`const git_committer_email: string =`
			core.getInput('git_committer_email') \|\| `${git_committer_name}@users.noreply.github.com`;

Display GnuPG info 2020-05-03 15:33:19 -04:00			`core.info('📣 GnuPG info');`
			`const version = await gpg.getVersion();`
Allow to seed the internal cache of gpg-agent with provided passphrase (#5) Better handling of commands output streams 2020-05-04 10:17:14 -04:00			`const dirs = await gpg.getDirs();`
Display libexecdir 2020-05-04 10:40:21 -04:00			core.info(`Version : ${version.gnupg} (libgcrypt ${version.libgcrypt})`);
			core.info(`Libdir : ${dirs.libdir}`);
			core.info(`Libexecdir : ${dirs.libexecdir}`);
			core.info(`Datadir : ${dirs.datadir}`);
			core.info(`Homedir : ${dirs.homedir}`);
Initial commit 2020-05-03 14:46:05 -04:00
Cleanup 2020-05-04 14:09:52 -04:00			`core.info('🔮 Checking signing key');`
Display GnuPG info 2020-05-03 15:33:19 -04:00			`const privateKey = await openpgp.readPrivateKey(process.env.SIGNING_KEY);`
Allow to seed the internal cache of gpg-agent with provided passphrase (#5) Better handling of commands output streams 2020-05-04 10:17:14 -04:00			core.debug(`Fingerprint : ${privateKey.fingerprint}`);
			core.debug(`KeyID : ${privateKey.keyID}`);
Configure and check committer email against GPG user address 2020-05-05 14:01:45 -04:00			core.debug(`Name : ${privateKey.name}`);
			core.debug(`Email : ${privateKey.email}`);
Allow to seed the internal cache of gpg-agent with provided passphrase (#5) Better handling of commands output streams 2020-05-04 10:17:14 -04:00			core.debug(`CreationTime : ${privateKey.creationTime}`);
Initial commit 2020-05-03 14:46:05 -04:00
Cleanup 2020-05-04 14:09:52 -04:00			`core.info('🔑 Importing secret key');`
Allow to seed the internal cache of gpg-agent with provided passphrase (#5) Better handling of commands output streams 2020-05-04 10:17:14 -04:00			`await gpg.importKey(process.env.SIGNING_KEY).then(stdout => {`
			`core.debug(stdout);`
			`});`

			`if (process.env.PASSPHRASE) {`
Cleanup 2020-05-04 14:09:52 -04:00			`core.info('⚙️ Configuring GnuPG agent');`
Allow to seed the internal cache of gpg-agent with provided passphrase (#5) Better handling of commands output streams 2020-05-04 10:17:14 -04:00			`await gpg.configureAgent(gpg.agentConfig);`

Cleanup 2020-05-04 14:09:52 -04:00			`core.info('📌 Getting keygrip');`
Allow to seed the internal cache of gpg-agent with provided passphrase (#5) Better handling of commands output streams 2020-05-04 10:17:14 -04:00			`const keygrip = await gpg.getKeygrip(privateKey.fingerprint);`
			core.debug(`${keygrip}`);

Cleanup 2020-05-04 14:09:52 -04:00			`core.info('🔓 Preset passphrase');`
Allow to seed the internal cache of gpg-agent with provided passphrase (#5) Better handling of commands output streams 2020-05-04 10:17:14 -04:00			`await gpg.presetPassphrase(keygrip, process.env.PASSPHRASE).then(stdout => {`
			`core.debug(stdout);`
			`});`
			`}`
Enable signing for Git commits and tags (#4) 2020-05-04 14:59:11 -04:00
Configure and check committer email against GPG user address 2020-05-05 14:01:45 -04:00			`if (git_gpgsign) {`
Cleanup code 2020-05-05 18:27:45 -04:00			core.info(`🔨 Configuring Git committer (${git_committer_name} <${git_committer_email}>)`);
Configure and check committer email against GPG user address 2020-05-05 14:01:45 -04:00			`if (git_committer_email != privateKey.email) {`
			`core.setFailed('Committer email does not match GPG key user address');`
			`return;`
			`}`
			`await git.setConfig('user.name', git_committer_name);`
			`await git.setConfig('user.email', git_committer_email);`

Enable signing for Git commits and tags (#4) 2020-05-04 14:59:11 -04:00			`core.info('💎 Enable signing for this Git repository');`
Cleanup code 2020-05-05 18:27:45 -04:00			`await git.setConfig('commit.gpgsign', 'true');`
			`await git.setConfig('user.signingkey', privateKey.keyID);`
Enable signing for Git commits and tags (#4) 2020-05-04 14:59:11 -04:00			`}`
Initial commit 2020-05-03 14:46:05 -04:00			`} catch (error) {`
			`core.setFailed(error.message);`
			`}`
			`}`

			`async function cleanup(): Promise<void> {`
Read private key on cleanup 2020-05-03 15:22:08 -04:00			`if (!process.env.SIGNING_KEY) {`
Allow to seed the internal cache of gpg-agent with provided passphrase (#5) Better handling of commands output streams 2020-05-04 10:17:14 -04:00			`core.debug('Signing key is not defined. Skipping cleanup.');`
Initial commit 2020-05-03 14:46:05 -04:00			`return;`
			`}`
			`try {`
Cleanup 2020-05-04 14:09:52 -04:00			`core.info('🚿 Removing keys');`
Display GnuPG info 2020-05-03 15:33:19 -04:00			`const privateKey = await openpgp.readPrivateKey(process.env.SIGNING_KEY);`
			`await gpg.deleteKey(privateKey.fingerprint);`
Kill GnuPG agent at POST step 2020-05-05 18:23:29 -04:00
			`core.info('💀 Killing GnuPG agent');`
			`await gpg.killAgent();`
Initial commit 2020-05-03 14:46:05 -04:00			`} catch (error) {`
			`core.warning(error.message);`
			`}`
			`}`

			`// Main`
			`if (!stateHelper.IsPost) {`
			`run();`
			`}`
			`// Post`
			`else {`
			`cleanup();`
			`}`