gpg/README.md

[![GitHub release](https://img.shields.io/github/release/crazy-max/ghaction-import-gpg.svg?style=flat-square)](https://github.com/crazy-max/ghaction-import-gpg/releases/latest)
[![GitHub marketplace](https://img.shields.io/badge/marketplace-import--gpg-blue?logo=github&style=flat-square)](https://github.com/marketplace/actions/import-gpg)
[![Test workflow](https://img.shields.io/github/workflow/status/crazy-max/ghaction-import-gpg/test?label=test&logo=github&style=flat-square)](https://github.com/crazy-max/ghaction-import-gpg/actions?workflow=test)
[![Codecov](https://img.shields.io/codecov/c/github/crazy-max/ghaction-import-gpg?logo=codecov&style=flat-square)](https://codecov.io/gh/crazy-max/ghaction-import-gpg)
[![Become a sponsor](https://img.shields.io/badge/sponsor-crazy--max-181717.svg?logo=github&style=flat-square)](https://github.com/sponsors/crazy-max)
[![Paypal Donate](https://img.shields.io/badge/donate-paypal-00457c.svg?logo=paypal&style=flat-square)](https://www.paypal.me/crazyws)

## About

GitHub Action to easily import a GPG key.

If you are interested, [check out](https://git.io/Je09Y) my other :octocat: GitHub Actions!

![Import GPG](.github/ghaction-import-gpg.png)

___

* [Features](#features)
* [Prerequisites](#prerequisites)
* [Usage](#usage)
  * [Workflow](#workflow)
  * [Sign commits](#sign-commits)
* [Customizing](#customizing)
  * [inputs](#inputs)
  * [outputs](#outputs)
* [Keep up-to-date with GitHub Dependabot](#keep-up-to-date-with-github-dependabot)
* [How can I help?](#how-can-i-help)
* [License](#license)

## Features

* Works on Linux, MacOS and Windows [virtual environments](https://help.github.com/en/articles/virtual-environments-for-github-actions#supported-virtual-environments-and-hardware-resources)
* Allow to seed the internal cache of `gpg-agent` with provided passphrase
* Purge imported GPG key, cache information and kill agent from runner
* (Git) Enable signing for Git commits, tags and pushes
* (Git) Configure and check committer info against GPG key

## Prerequisites

First, [generate a GPG key](https://docs.github.com/en/github/authenticating-to-github/generating-a-new-gpg-key) and
export the GPG private key as an ASCII armored version to your clipboard:

```shell
# macOS
gpg --armor --export-secret-key joe@foo.bar | pbcopy

# Ubuntu (assuming GNU base64)
gpg --armor --export-secret-key joe@foo.bar -w0 | xclip

# Arch
gpg --armor --export-secret-key joe@foo.bar | xclip -selection clipboard -i

# FreeBSD (assuming BSD base64)
gpg --armor --export-secret-key joe@foo.bar | xclip
```

Paste your clipboard as a [`secret`](https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets) named `GPG_PRIVATE_KEY` for example. Create another secret with the `PASSPHRASE` if applicable.

## Usage

### Workflow

```yaml
name: import-gpg

on:
  push:
    branches: master

jobs:
  import-gpg:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v2
      -
        name: Import GPG key
        id: import_gpg
        uses: crazy-max/ghaction-import-gpg@v3
        with:
          gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
          passphrase: ${{ secrets.PASSPHRASE }}
      -
        name: GPG user IDs
        run: |
          echo "fingerprint: ${{ steps.import_gpg.outputs.fingerprint }}"
          echo "keyid:       ${{ steps.import_gpg.outputs.keyid }}"
          echo "name:        ${{ steps.import_gpg.outputs.name }}"
          echo "email:       ${{ steps.import_gpg.outputs.email }}"
```

### Sign commits

```yaml
name: import-gpg

on:
  push:
    branches: master

jobs:
  sign-commit:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v2
      -
        name: Import GPG key
        uses: crazy-max/ghaction-import-gpg@v3
        with:
          gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
          passphrase: ${{ secrets.PASSPHRASE }}
          git-user-signingkey: true
          git-commit-gpgsign: true
      -
        name: Sign commit and push changes
        run: |
          echo foo > bar.txt
          git add .
          git commit -S -m "This commit is signed!"
          git push
```

## Customizing

### inputs

Following inputs can be used as `step.with` keys

| Name                                  | Type    | Description                                    |
|---------------------------------------|---------|------------------------------------------------|
| `gpg-private-key`                     | String  | GPG private key exported as an ASCII armored version or its base64 encoding (**required**) |
| `passphrase`                          | String  | Passphrase of the GPG private key |
| `git-user-signingkey`                 | Bool    | Set GPG signing keyID for this Git repository (default `false`) |
| `git-commit-gpgsign`**¹**             | Bool    | Sign all commits automatically. (default `false`) |
| `git-tag-gpgsign`**¹**                | Bool    | Sign all tags automatically. (default `false`) |
| `git-push-gpgsign`**¹**               | Bool    | Sign all pushes automatically. (default `false`) |
| `git-committer-name`**¹**             | String  | Set commit author's name (defaults to the name associated with the GPG key) |
| `git-committer-email`**¹**            | String  | Set commit author's email (defaults to the email address associated with the GPG key) |
| `workdir`                             | String  | Working directory (below repository root) (default `.`) |

> **¹** `git-user-signingkey` needs to be enabled for these inputs to be used.

### outputs

Following outputs are available

| Name          | Type    | Description                           |
|---------------|---------|---------------------------------------|
| `fingerprint` | String  | Fingerprint of the GPG key (recommended as [user ID](https://www.gnupg.org/documentation/manuals/gnupg/Specify-a-User-ID.html)) |
| `keyid`       | String  | Low 64 bits of the X.509 certificate SHA-1 fingerprint |
| `name`        | String  | Name associated with the GPG key       |
| `email`       | String  | Email address associated with the GPG key |

## Keep up-to-date with GitHub Dependabot

Since [Dependabot](https://docs.github.com/en/github/administering-a-repository/keeping-your-actions-up-to-date-with-github-dependabot)
has [native GitHub Actions support](https://docs.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates#package-ecosystem),
to enable it on your GitHub repo all you need to do is add the `.github/dependabot.yml` file:

```yaml
version: 2
updates:
  # Maintain dependencies for GitHub Actions
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "daily"
```

## How can I help?

All kinds of contributions are welcome :raised_hands:! The most basic way to show your support is to star :star2: the project, or to raise issues :speech_balloon: You can also support this project by [**becoming a sponsor on GitHub**](https://github.com/sponsors/crazy-max) :clap: or by making a [Paypal donation](https://www.paypal.me/crazyws) to ensure this journey continues indefinitely! :rocket:

Thanks again for your support, it is much appreciated! :pray:

## License

MIT. See `LICENSE` for more details.
Initial commit 2020-05-03 14:46:05 -04:00			`[![GitHub release](https://img.shields.io/github/release/crazy-max/ghaction-import-gpg.svg?style=flat-square)](https://github.com/crazy-max/ghaction-import-gpg/releases/latest)`
			`[![GitHub marketplace](https://img.shields.io/badge/marketplace-import--gpg-blue?logo=github&style=flat-square)](https://github.com/marketplace/actions/import-gpg)`
Update badges 2020-05-06 12:06:13 -04:00			`[![Test workflow](https://img.shields.io/github/workflow/status/crazy-max/ghaction-import-gpg/test?label=test&logo=github&style=flat-square)](https://github.com/crazy-max/ghaction-import-gpg/actions?workflow=test)`
			`[![Codecov](https://img.shields.io/codecov/c/github/crazy-max/ghaction-import-gpg?logo=codecov&style=flat-square)](https://codecov.io/gh/crazy-max/ghaction-import-gpg)`
Initial commit 2020-05-03 14:46:05 -04:00			`[![Become a sponsor](https://img.shields.io/badge/sponsor-crazy--max-181717.svg?logo=github&style=flat-square)](https://github.com/sponsors/crazy-max)`
			`[![Paypal Donate](https://img.shields.io/badge/donate-paypal-00457c.svg?logo=paypal&style=flat-square)](https://www.paypal.me/crazyws)`

Update CHANGELOG 2020-08-28 16:35:50 -04:00			`## About`
Initial commit 2020-05-03 14:46:05 -04:00
Add fingerprint, keyid and email outputs 2020-05-07 14:42:27 -04:00			`GitHub Action to easily import a GPG key.`
Initial commit 2020-05-03 14:46:05 -04:00
			`If you are interested, [check out](https://git.io/Je09Y) my other :octocat: GitHub Actions!`

Update README 2020-05-11 13:14:35 -04:00			`![Import GPG](.github/ghaction-import-gpg.png)`
Update README 2020-05-03 15:52:25 -04:00
Update README 2020-05-11 13:20:28 -04:00			`___`

			`* [Features](#features)`
			`* [Prerequisites](#prerequisites)`
			`* [Usage](#usage)`
			`* [Workflow](#workflow)`
			`* [Sign commits](#sign-commits)`
			`* [Customizing](#customizing)`
			`* [inputs](#inputs)`
Add workdir input (#55) 2020-08-28 16:30:49 -04:00			`* [outputs](#outputs)`
Add note about dependabot 2020-08-20 11:33:24 -04:00			`* [Keep up-to-date with GitHub Dependabot](#keep-up-to-date-with-github-dependabot)`
Update README 2020-05-11 13:20:28 -04:00			`* [How can I help?](#how-can-i-help)`
			`* [License](#license)`

Allow to seed the internal cache of gpg-agent with provided passphrase (#5) Better handling of commands output streams 2020-05-04 10:17:14 -04:00			`## Features`

Bring back support for Windows 2020-05-05 18:31:46 -04:00			`* Works on Linux, MacOS and Windows [virtual environments](https://help.github.com/en/articles/virtual-environments-for-github-actions#supported-virtual-environments-and-hardware-resources)`
Allow to seed the internal cache of gpg-agent with provided passphrase (#5) Better handling of commands output streams 2020-05-04 10:17:14 -04:00			* Allow to seed the internal cache of `gpg-agent` with provided passphrase
Kill GnuPG agent at POST step 2020-05-05 18:23:29 -04:00			`* Purge imported GPG key, cache information and kill agent from runner`
Add fingerprint, keyid and email outputs 2020-05-07 14:42:27 -04:00			`* (Git) Enable signing for Git commits, tags and pushes`
			`* (Git) Configure and check committer info against GPG key`
Allow to seed the internal cache of gpg-agent with provided passphrase (#5) Better handling of commands output streams 2020-05-04 10:17:14 -04:00
Update README 2020-05-11 13:20:28 -04:00			`## Prerequisites`
Initial commit 2020-05-03 14:46:05 -04:00
Update README 2020-08-28 16:43:20 -04:00			`First, [generate a GPG key](https://docs.github.com/en/github/authenticating-to-github/generating-a-new-gpg-key) and`
			`export the GPG private key as an ASCII armored version to your clipboard:`
Update README 2020-05-05 18:09:09 -04:00
			```shell
Allow importing GPG key as a base64 string (#14) 2020-05-13 08:10:12 -04:00			`# macOS`
			`gpg --armor --export-secret-key joe@foo.bar \| pbcopy`

			`# Ubuntu (assuming GNU base64)`
			`gpg --armor --export-secret-key joe@foo.bar -w0 \| xclip`

			`# Arch`
This part is no longer needed in Arch Linux instructions (#63) 2020-09-29 10:10:16 -04:00			`gpg --armor --export-secret-key joe@foo.bar \| xclip -selection clipboard -i`
Allow importing GPG key as a base64 string (#14) 2020-05-13 08:10:12 -04:00
			`# FreeBSD (assuming BSD base64)`
			`gpg --armor --export-secret-key joe@foo.bar \| xclip`
Update README 2020-05-05 18:09:09 -04:00			```

Allow importing GPG key as a base64 string (#14) 2020-05-13 08:10:12 -04:00			Paste your clipboard as a [`secret`](https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets) named `GPG_PRIVATE_KEY` for example. Create another secret with the `PASSPHRASE` if applicable.
Update README 2020-05-05 18:09:09 -04:00
Update README 2020-05-11 13:20:28 -04:00			`## Usage`

			`### Workflow`

Initial commit 2020-05-03 14:46:05 -04:00			```yaml
			`name: import-gpg`

			`on:`
			`push:`
			`branches: master`

			`jobs:`
			`import-gpg:`
			`runs-on: ubuntu-latest`
			`steps:`
			`-`
			`name: Checkout`
			`uses: actions/checkout@v2`
			`-`
			`name: Import GPG key`
Update README 2020-05-07 15:01:27 -04:00			`id: import_gpg`
Move GPG_PRIVATE_KEY env var to gpg-private-key input Move PASSPHRASE env var to passphrase input Rename git_user_signingkey input to git-user-signingkey Rename git_commit_gpgsign input to git-commit-gpgsign Rename git_tag_gpgsign input to git-tag-gpgsign Rename git_push_gpgsign input to git-push-gpgsign Rename git_committer_name input to git-committer-name Rename git_committer_email input to git-committer-email 2020-09-06 16:03:16 -04:00			`uses: crazy-max/ghaction-import-gpg@v3`
			`with:`
			`gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}`
			`passphrase: ${{ secrets.PASSPHRASE }}`
Update README 2020-05-07 15:01:27 -04:00			`-`
			`name: GPG user IDs`
			`run: \|`
			`echo "fingerprint: ${{ steps.import_gpg.outputs.fingerprint }}"`
			`echo "keyid: ${{ steps.import_gpg.outputs.keyid }}"`
Update workflow example 2020-05-13 08:34:08 -04:00			`echo "name: ${{ steps.import_gpg.outputs.name }}"`
Update README 2020-05-07 15:01:27 -04:00			`echo "email: ${{ steps.import_gpg.outputs.email }}"`
Update README 2020-05-11 13:20:28 -04:00			```

			`### Sign commits`

			```yaml
			`name: import-gpg`

			`on:`
			`push:`
			`branches: master`

			`jobs:`
			`sign-commit:`
			`runs-on: ubuntu-latest`
			`steps:`
			`-`
			`name: Checkout`
			`uses: actions/checkout@v2`
			`-`
			`name: Import GPG key`
Move GPG_PRIVATE_KEY env var to gpg-private-key input Move PASSPHRASE env var to passphrase input Rename git_user_signingkey input to git-user-signingkey Rename git_commit_gpgsign input to git-commit-gpgsign Rename git_tag_gpgsign input to git-tag-gpgsign Rename git_push_gpgsign input to git-push-gpgsign Rename git_committer_name input to git-committer-name Rename git_committer_email input to git-committer-email 2020-09-06 16:03:16 -04:00			`uses: crazy-max/ghaction-import-gpg@v3`
Update README 2020-05-11 13:20:28 -04:00			`with:`
Move GPG_PRIVATE_KEY env var to gpg-private-key input Move PASSPHRASE env var to passphrase input Rename git_user_signingkey input to git-user-signingkey Rename git_commit_gpgsign input to git-commit-gpgsign Rename git_tag_gpgsign input to git-tag-gpgsign Rename git_push_gpgsign input to git-push-gpgsign Rename git_committer_name input to git-committer-name Rename git_committer_email input to git-committer-email 2020-09-06 16:03:16 -04:00			`gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}`
			`passphrase: ${{ secrets.PASSPHRASE }}`
			`git-user-signingkey: true`
			`git-commit-gpgsign: true`
Add git_tag_gpgsign and git_push_gpgsign inputs Some inputs and secrets have been renamed 2020-05-05 19:15:33 -04:00			`-`
			`name: Sign commit and push changes`
			`run: \|`
			`echo foo > bar.txt`
			`git add .`
			`git commit -S -m "This commit is signed!"`
			`git push`
Initial commit 2020-05-03 14:46:05 -04:00			```

Update README 2020-05-03 15:52:25 -04:00			`## Customizing`

Enable signing for Git commits and tags (#4) 2020-05-04 14:59:11 -04:00			`### inputs`

			Following inputs can be used as `step.with` keys

Move GPG_PRIVATE_KEY env var to gpg-private-key input Move PASSPHRASE env var to passphrase input Rename git_user_signingkey input to git-user-signingkey Rename git_commit_gpgsign input to git-commit-gpgsign Rename git_tag_gpgsign input to git-tag-gpgsign Rename git_push_gpgsign input to git-push-gpgsign Rename git_committer_name input to git-committer-name Rename git_committer_email input to git-committer-email 2020-09-06 16:03:16 -04:00			`\| Name \| Type \| Description \|`
Unfancy 2020-05-12 14:59:41 -04:00			`\|---------------------------------------\|---------\|------------------------------------------------\|`
Move GPG_PRIVATE_KEY env var to gpg-private-key input Move PASSPHRASE env var to passphrase input Rename git_user_signingkey input to git-user-signingkey Rename git_commit_gpgsign input to git-commit-gpgsign Rename git_tag_gpgsign input to git-tag-gpgsign Rename git_push_gpgsign input to git-push-gpgsign Rename git_committer_name input to git-committer-name Rename git_committer_email input to git-committer-email 2020-09-06 16:03:16 -04:00			\| `gpg-private-key` \| String \| GPG private key exported as an ASCII armored version or its base64 encoding (required) \|
			\| `passphrase` \| String \| Passphrase of the GPG private key \|
			\| `git-user-signingkey` \| Bool \| Set GPG signing keyID for this Git repository (default `false`) \|
			\| `git-commit-gpgsign`¹ \| Bool \| Sign all commits automatically. (default `false`) \|
			\| `git-tag-gpgsign`¹ \| Bool \| Sign all tags automatically. (default `false`) \|
			\| `git-push-gpgsign`¹ \| Bool \| Sign all pushes automatically. (default `false`) \|
			\| `git-committer-name`¹ \| String \| Set commit author's name (defaults to the name associated with the GPG key) \|
			\| `git-committer-email`¹ \| String \| Set commit author's email (defaults to the email address associated with the GPG key) \|
Update CHANGELOG 2020-08-28 16:35:50 -04:00			\| `workdir` \| String \| Working directory (below repository root) (default `.`) \|
Unfancy 2020-05-12 14:59:41 -04:00
Move GPG_PRIVATE_KEY env var to gpg-private-key input Move PASSPHRASE env var to passphrase input Rename git_user_signingkey input to git-user-signingkey Rename git_commit_gpgsign input to git-commit-gpgsign Rename git_tag_gpgsign input to git-tag-gpgsign Rename git_push_gpgsign input to git-push-gpgsign Rename git_committer_name input to git-committer-name Rename git_committer_email input to git-committer-email 2020-09-06 16:03:16 -04:00			> ¹ `git-user-signingkey` needs to be enabled for these inputs to be used.
Add fingerprint, keyid and email outputs 2020-05-07 14:42:27 -04:00
			`### outputs`

			`Following outputs are available`

			`\| Name \| Type \| Description \|`
			`\|---------------\|---------\|---------------------------------------\|`
			\| `fingerprint` \| String \| Fingerprint of the GPG key (recommended as [user ID](https://www.gnupg.org/documentation/manuals/gnupg/Specify-a-User-ID.html)) \|
			\| `keyid` \| String \| Low 64 bits of the X.509 certificate SHA-1 fingerprint \|
Update CHANGELOG 2020-08-28 16:35:50 -04:00			\| `name` \| String \| Name associated with the GPG key \|
Add fingerprint, keyid and email outputs 2020-05-07 14:42:27 -04:00			\| `email` \| String \| Email address associated with the GPG key \|
Enable signing for Git commits and tags (#4) 2020-05-04 14:59:11 -04:00
Add note about dependabot 2020-08-20 11:33:24 -04:00			`## Keep up-to-date with GitHub Dependabot`

			`Since [Dependabot](https://docs.github.com/en/github/administering-a-repository/keeping-your-actions-up-to-date-with-github-dependabot)`
			`has [native GitHub Actions support](https://docs.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates#package-ecosystem),`
			to enable it on your GitHub repo all you need to do is add the `.github/dependabot.yml` file:

			```yaml
			`version: 2`
			`updates:`
			`# Maintain dependencies for GitHub Actions`
			`- package-ecosystem: "github-actions"`
			`directory: "/"`
			`schedule:`
			`interval: "daily"`
			```

Initial commit 2020-05-03 14:46:05 -04:00			`## How can I help?`

			`All kinds of contributions are welcome :raised_hands:! The most basic way to show your support is to star :star2: the project, or to raise issues :speech_balloon: You can also support this project by [becoming a sponsor on GitHub](https://github.com/sponsors/crazy-max) :clap: or by making a [Paypal donation](https://www.paypal.me/crazyws) to ensure this journey continues indefinitely! :rocket:`

			`Thanks again for your support, it is much appreciated! :pray:`

			`## License`

			MIT. See `LICENSE` for more details.