gpg/src/main.ts

import * as core from '@actions/core';
import * as git from './git';
import * as gpg from './gpg';
import * as openpgp from './openpgp';
import * as stateHelper from './state-helper';

async function run(): Promise<void> {
  try {
    if (!process.env.GPG_PRIVATE_KEY) {
      core.setFailed('GPG private key required');
      return;
    }

    const git_user_signingkey = /true/i.test(core.getInput('git_user_signingkey'));
    const git_commit_gpgsign = /true/i.test(core.getInput('git_commit_gpgsign'));
    const git_tag_gpgsign = /true/i.test(core.getInput('git_tag_gpgsign'));
    const git_push_gpgsign = /true/i.test(core.getInput('git_push_gpgsign'));
    const git_committer_name: string = core.getInput('git_committer_name');
    const git_committer_email: string = core.getInput('git_committer_email');
    const workdir: string = core.getInput('workdir') || '.';

    if (workdir && workdir !== '.') {
      core.info(`📂 Using ${workdir} as working directory...`);
      process.chdir(workdir);
    }

    core.info('📣 GnuPG info');
    const version = await gpg.getVersion();
    const dirs = await gpg.getDirs();
    core.info(`Version    : ${version.gnupg} (libgcrypt ${version.libgcrypt})`);
    core.info(`Libdir     : ${dirs.libdir}`);
    core.info(`Libexecdir : ${dirs.libexecdir}`);
    core.info(`Datadir    : ${dirs.datadir}`);
    core.info(`Homedir    : ${dirs.homedir}`);

    core.info('🔮 Checking GPG private key');
    const privateKey = await openpgp.readPrivateKey(process.env.GPG_PRIVATE_KEY);
    core.debug(`Fingerprint  : ${privateKey.fingerprint}`);
    core.debug(`KeyID        : ${privateKey.keyID}`);
    core.debug(`Name         : ${privateKey.name}`);
    core.debug(`Email        : ${privateKey.email}`);
    core.debug(`CreationTime : ${privateKey.creationTime}`);

    core.info('🔑 Importing GPG private key');
    await gpg.importKey(process.env.GPG_PRIVATE_KEY).then(stdout => {
      core.debug(stdout);
    });

    if (process.env.PASSPHRASE) {
      core.info('⚙️ Configuring GnuPG agent');
      await gpg.configureAgent(gpg.agentConfig);

      core.info('📌 Getting keygrips');
      for (let keygrip of await gpg.getKeygrips(privateKey.fingerprint)) {
        core.info(`🔓 Presetting passphrase for ${keygrip}`);
        await gpg.presetPassphrase(keygrip, process.env.PASSPHRASE).then(stdout => {
          core.debug(stdout);
        });
      }
    }

    core.info('🛒 Setting outputs...');
    core.setOutput('fingerprint', privateKey.fingerprint);
    core.setOutput('keyid', privateKey.keyID);
    core.setOutput('name', privateKey.name);
    core.setOutput('email', privateKey.email);

    if (git_user_signingkey) {
      core.info('🔐 Setting GPG signing keyID for this Git repository');
      await git.setConfig('user.signingkey', privateKey.keyID);

      const user_email = git_committer_email || privateKey.email;
      const user_name = git_committer_name || privateKey.name;

      if (user_email != privateKey.email) {
        core.setFailed('Committer email does not match GPG key user address');
        return;
      }

      core.info(`🔨 Configuring Git committer (${user_name} <${user_email}>)`);
      await git.setConfig('user.name', user_name);
      await git.setConfig('user.email', user_email);

      if (git_commit_gpgsign) {
        core.info('💎 Sign all commits automatically');
        await git.setConfig('commit.gpgsign', 'true');
      }
      if (git_tag_gpgsign) {
        core.info('💎 Sign all tags automatically');
        await git.setConfig('tag.gpgsign', 'true');
      }
      if (git_push_gpgsign) {
        core.info('💎 Sign all pushes automatically');
        await git.setConfig('push.gpgsign', 'true');
      }
    }
  } catch (error) {
    core.setFailed(error.message);
  }
}

async function cleanup(): Promise<void> {
  if (!process.env.GPG_PRIVATE_KEY) {
    core.debug('GPG private key is not defined. Skipping cleanup.');
    return;
  }
  try {
    core.info('🚿 Removing keys');
    const privateKey = await openpgp.readPrivateKey(process.env.GPG_PRIVATE_KEY);
    await gpg.deleteKey(privateKey.fingerprint);

    core.info('💀 Killing GnuPG agent');
    await gpg.killAgent();
  } catch (error) {
    core.warning(error.message);
  }
}

// Main
if (!stateHelper.IsPost) {
  run();
}
// Post
else {
  cleanup();
}
Initial commit 2020-05-03 14:46:05 -04:00			`import * as core from '@actions/core';`
Enable signing for Git commits and tags (#4) 2020-05-04 14:59:11 -04:00			`import * as git from './git';`
Display GnuPG info 2020-05-03 15:33:19 -04:00			`import * as gpg from './gpg';`
			`import * as openpgp from './openpgp';`
Initial commit 2020-05-03 14:46:05 -04:00			`import * as stateHelper from './state-helper';`

			`async function run(): Promise<void> {`
			`try {`
Add git_tag_gpgsign and git_push_gpgsign inputs Some inputs and secrets have been renamed 2020-05-05 19:15:33 -04:00			`if (!process.env.GPG_PRIVATE_KEY) {`
			`core.setFailed('GPG private key required');`
Initial commit 2020-05-03 14:46:05 -04:00			`return;`
			`}`

Fix inputs 2020-05-05 19:21:41 -04:00			`const git_user_signingkey = /true/i.test(core.getInput('git_user_signingkey'));`
Add git_tag_gpgsign and git_push_gpgsign inputs Some inputs and secrets have been renamed 2020-05-05 19:15:33 -04:00			`const git_commit_gpgsign = /true/i.test(core.getInput('git_commit_gpgsign'));`
			`const git_tag_gpgsign = /true/i.test(core.getInput('git_tag_gpgsign'));`
			`const git_push_gpgsign = /true/i.test(core.getInput('git_push_gpgsign'));`
Use GPG key name/email as default values (#13) 2020-05-12 14:18:51 -04:00			`const git_committer_name: string = core.getInput('git_committer_name');`
			`const git_committer_email: string = core.getInput('git_committer_email');`
Add workdir input (#55) 2020-08-28 16:30:49 -04:00			`const workdir: string = core.getInput('workdir') \|\| '.';`

			`if (workdir && workdir !== '.') {`
			core.info(`📂 Using ${workdir} as working directory...`);
			`process.chdir(workdir);`
			`}`
Configure and check committer email against GPG user address 2020-05-05 14:01:45 -04:00
Display GnuPG info 2020-05-03 15:33:19 -04:00			`core.info('📣 GnuPG info');`
			`const version = await gpg.getVersion();`
Allow to seed the internal cache of gpg-agent with provided passphrase (#5) Better handling of commands output streams 2020-05-04 10:17:14 -04:00			`const dirs = await gpg.getDirs();`
Display libexecdir 2020-05-04 10:40:21 -04:00			core.info(`Version : ${version.gnupg} (libgcrypt ${version.libgcrypt})`);
			core.info(`Libdir : ${dirs.libdir}`);
			core.info(`Libexecdir : ${dirs.libexecdir}`);
			core.info(`Datadir : ${dirs.datadir}`);
			core.info(`Homedir : ${dirs.homedir}`);
Initial commit 2020-05-03 14:46:05 -04:00
Add git_tag_gpgsign and git_push_gpgsign inputs Some inputs and secrets have been renamed 2020-05-05 19:15:33 -04:00			`core.info('🔮 Checking GPG private key');`
			`const privateKey = await openpgp.readPrivateKey(process.env.GPG_PRIVATE_KEY);`
Allow to seed the internal cache of gpg-agent with provided passphrase (#5) Better handling of commands output streams 2020-05-04 10:17:14 -04:00			core.debug(`Fingerprint : ${privateKey.fingerprint}`);
			core.debug(`KeyID : ${privateKey.keyID}`);
Configure and check committer email against GPG user address 2020-05-05 14:01:45 -04:00			core.debug(`Name : ${privateKey.name}`);
			core.debug(`Email : ${privateKey.email}`);
Allow to seed the internal cache of gpg-agent with provided passphrase (#5) Better handling of commands output streams 2020-05-04 10:17:14 -04:00			core.debug(`CreationTime : ${privateKey.creationTime}`);
Initial commit 2020-05-03 14:46:05 -04:00
Add git_tag_gpgsign and git_push_gpgsign inputs Some inputs and secrets have been renamed 2020-05-05 19:15:33 -04:00			`core.info('🔑 Importing GPG private key');`
			`await gpg.importKey(process.env.GPG_PRIVATE_KEY).then(stdout => {`
Allow to seed the internal cache of gpg-agent with provided passphrase (#5) Better handling of commands output streams 2020-05-04 10:17:14 -04:00			`core.debug(stdout);`
			`});`

			`if (process.env.PASSPHRASE) {`
Cleanup 2020-05-04 14:09:52 -04:00			`core.info('⚙️ Configuring GnuPG agent');`
Allow to seed the internal cache of gpg-agent with provided passphrase (#5) Better handling of commands output streams 2020-05-04 10:17:14 -04:00			`await gpg.configureAgent(gpg.agentConfig);`

Set passphrase for all key keygrips (#57) Co-authored-by: yann degat <yann.degat@corp.ovh.com> 2020-09-03 11:19:11 -04:00			`core.info('📌 Getting keygrips');`
			`for (let keygrip of await gpg.getKeygrips(privateKey.fingerprint)) {`
			core.info(`🔓 Presetting passphrase for ${keygrip}`);
			`await gpg.presetPassphrase(keygrip, process.env.PASSPHRASE).then(stdout => {`
			`core.debug(stdout);`
			`});`
			`}`
Allow to seed the internal cache of gpg-agent with provided passphrase (#5) Better handling of commands output streams 2020-05-04 10:17:14 -04:00			`}`
Enable signing for Git commits and tags (#4) 2020-05-04 14:59:11 -04:00
Add fingerprint, keyid and email outputs 2020-05-07 14:42:27 -04:00			`core.info('🛒 Setting outputs...');`
			`core.setOutput('fingerprint', privateKey.fingerprint);`
			`core.setOutput('keyid', privateKey.keyID);`
Use GPG key name/email as default values (#13) 2020-05-12 14:18:51 -04:00			`core.setOutput('name', privateKey.name);`
Update index 2020-05-12 14:48:57 -04:00			`core.setOutput('email', privateKey.email);`
Add fingerprint, keyid and email outputs 2020-05-07 14:42:27 -04:00
Add git_tag_gpgsign and git_push_gpgsign inputs Some inputs and secrets have been renamed 2020-05-05 19:15:33 -04:00			`if (git_user_signingkey) {`
			`core.info('🔐 Setting GPG signing keyID for this Git repository');`
			`await git.setConfig('user.signingkey', privateKey.keyID);`

Update index 2020-05-12 14:48:57 -04:00			`const user_email = git_committer_email \|\| privateKey.email;`
			`const user_name = git_committer_name \|\| privateKey.name;`
Use GPG key name/email as default values (#13) 2020-05-12 14:18:51 -04:00
Committer email does not match 2020-05-12 18:31:51 -04:00			`if (user_email != privateKey.email) {`
Configure and check committer email against GPG user address 2020-05-05 14:01:45 -04:00			`core.setFailed('Committer email does not match GPG key user address');`
			`return;`
			`}`
Add git_tag_gpgsign and git_push_gpgsign inputs Some inputs and secrets have been renamed 2020-05-05 19:15:33 -04:00
Use GPG key name/email as default values (#13) 2020-05-12 14:18:51 -04:00			core.info(`🔨 Configuring Git committer (${user_name} <${user_email}>)`);
			`await git.setConfig('user.name', user_name);`
			`await git.setConfig('user.email', user_email);`
Configure and check committer email against GPG user address 2020-05-05 14:01:45 -04:00
Add git_tag_gpgsign and git_push_gpgsign inputs Some inputs and secrets have been renamed 2020-05-05 19:15:33 -04:00			`if (git_commit_gpgsign) {`
			`core.info('💎 Sign all commits automatically');`
			`await git.setConfig('commit.gpgsign', 'true');`
			`}`
			`if (git_tag_gpgsign) {`
			`core.info('💎 Sign all tags automatically');`
			`await git.setConfig('tag.gpgsign', 'true');`
			`}`
			`if (git_push_gpgsign) {`
			`core.info('💎 Sign all pushes automatically');`
			`await git.setConfig('push.gpgsign', 'true');`
			`}`
Enable signing for Git commits and tags (#4) 2020-05-04 14:59:11 -04:00			`}`
Initial commit 2020-05-03 14:46:05 -04:00			`} catch (error) {`
			`core.setFailed(error.message);`
			`}`
			`}`

			`async function cleanup(): Promise<void> {`
Add git_tag_gpgsign and git_push_gpgsign inputs Some inputs and secrets have been renamed 2020-05-05 19:15:33 -04:00			`if (!process.env.GPG_PRIVATE_KEY) {`
			`core.debug('GPG private key is not defined. Skipping cleanup.');`
Initial commit 2020-05-03 14:46:05 -04:00			`return;`
			`}`
			`try {`
Cleanup 2020-05-04 14:09:52 -04:00			`core.info('🚿 Removing keys');`
Add git_tag_gpgsign and git_push_gpgsign inputs Some inputs and secrets have been renamed 2020-05-05 19:15:33 -04:00			`const privateKey = await openpgp.readPrivateKey(process.env.GPG_PRIVATE_KEY);`
Display GnuPG info 2020-05-03 15:33:19 -04:00			`await gpg.deleteKey(privateKey.fingerprint);`
Kill GnuPG agent at POST step 2020-05-05 18:23:29 -04:00
			`core.info('💀 Killing GnuPG agent');`
			`await gpg.killAgent();`
Initial commit 2020-05-03 14:46:05 -04:00			`} catch (error) {`
			`core.warning(error.message);`
			`}`
			`}`

			`// Main`
			`if (!stateHelper.IsPost) {`
			`run();`
			`}`
			`// Post`
			`else {`
			`cleanup();`
			`}`