Handle if-asked for git-push-gpgsign input (#100)

Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com>
This commit is contained in:
CrazyMax 2021-08-10 08:46:50 +02:00 committed by GitHub
parent 0dd57a5e3b
commit 93f53be329
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 64 additions and 106 deletions

Binary file not shown.

Before

Width:  |  Height:  |  Size: 22 KiB

After

Width:  |  Height:  |  Size: 16 KiB

View file

@ -47,7 +47,7 @@ jobs:
git-user-signingkey: true git-user-signingkey: true
git-commit-gpgsign: true git-commit-gpgsign: true
git-tag-gpgsign: true git-tag-gpgsign: true
git-push-gpgsign: true git-push-gpgsign: if-asked
- -
name: GPG user IDs name: GPG user IDs
run: | run: |
@ -88,7 +88,7 @@ jobs:
git-user-signingkey: true git-user-signingkey: true
git-commit-gpgsign: true git-commit-gpgsign: true
git-tag-gpgsign: true git-tag-gpgsign: true
git-push-gpgsign: true git-push-gpgsign: if-asked
- -
name: GPG user IDs name: GPG user IDs
run: | run: |

View file

@ -1,53 +0,0 @@
#syntax=docker/dockerfile:1.2
FROM node:12 AS deps
WORKDIR /src
COPY package.json yarn.lock ./
RUN --mount=type=cache,target=/src/node_modules \
yarn install
FROM scratch AS update-yarn
COPY --from=deps /src/yarn.lock /
FROM deps AS validate-yarn
COPY .git .git
RUN status=$(git status --porcelain -- yarn.lock); if [ -n "$status" ]; then echo $status; exit 1; fi
FROM deps AS base
COPY . .
FROM base AS build
RUN --mount=type=cache,target=/src/node_modules \
yarn build
FROM deps AS test
ARG GITHUB_REPOSITORY
ENV RUNNER_TEMP=/tmp/github_runner
ENV RUNNER_TOOL_CACHE=/tmp/github_tool_cache
ENV GITHUB_REPOSITORY=${GITHUB_REPOSITORY}
COPY . .
RUN --mount=type=cache,target=/src/node_modules \
yarn run test
FROM scratch AS test-coverage
COPY --from=test /src/coverage /coverage/
FROM base AS run-format
RUN --mount=type=cache,target=/src/node_modules \
yarn run format
FROM scratch AS format
COPY --from=run-format /src/src/*.ts /src/
FROM base AS validate-format
RUN --mount=type=cache,target=/src/node_modules \
yarn run format-check
FROM scratch AS dist
COPY --from=build /src/dist/ /dist/
FROM build AS validate-build
RUN status=$(git status --porcelain -- dist); if [ -n "$status" ]; then echo $status; exit 1; fi
FROM base AS dev
ENTRYPOINT ["bash"]

View file

@ -53,7 +53,8 @@ gpg --armor --export-secret-key joe@foo.bar | xclip -selection clipboard -i
gpg --armor --export-secret-key joe@foo.bar | xclip gpg --armor --export-secret-key joe@foo.bar | xclip
``` ```
Paste your clipboard as a [`secret`](https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets) named `GPG_PRIVATE_KEY` for example. Create another secret with the `PASSPHRASE` if applicable. Paste your clipboard as a [`secret`](https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets)
named `GPG_PRIVATE_KEY` for example. Create another secret with the `PASSPHRASE` if applicable.
## Usage ## Usage
@ -135,7 +136,7 @@ Following inputs can be used as `step.with` keys
| `git-user-signingkey` | Bool | Set GPG signing keyID for this Git repository (default `false`) | | `git-user-signingkey` | Bool | Set GPG signing keyID for this Git repository (default `false`) |
| `git-commit-gpgsign`**¹** | Bool | Sign all commits automatically. (default `false`) | | `git-commit-gpgsign`**¹** | Bool | Sign all commits automatically. (default `false`) |
| `git-tag-gpgsign`**¹** | Bool | Sign all tags automatically. (default `false`) | | `git-tag-gpgsign`**¹** | Bool | Sign all tags automatically. (default `false`) |
| `git-push-gpgsign`**¹** | Bool | Sign all pushes automatically. (default `false`) | | `git-push-gpgsign`**¹** | String | Sign all pushes automatically. (default `if-asked`) |
| `git-committer-name`**¹** | String | Set commit author's name (defaults to the name associated with the GPG key) | | `git-committer-name`**¹** | String | Set commit author's name (defaults to the name associated with the GPG key) |
| `git-committer-email`**¹** | String | Set commit author's email (defaults to the email address associated with the GPG key) | | `git-committer-email`**¹** | String | Set commit author's email (defaults to the email address associated with the GPG key) |
| `workdir` | String | Working directory (below repository root) (default `.`) | | `workdir` | String | Working directory (below repository root) (default `.`) |

View file

@ -27,7 +27,7 @@ inputs:
required: false required: false
git-push-gpgsign: git-push-gpgsign:
description: 'Sign all pushes automatically. git-user-signingkey needs to be enabled' description: 'Sign all pushes automatically. git-user-signingkey needs to be enabled'
default: 'false' default: 'if-asked'
required: false required: false
git-committer-name: git-committer-name:
description: 'Commit author''s name' description: 'Commit author''s name'

27
dist/index.js generated vendored
View file

@ -47,7 +47,7 @@ function getInputs() {
gitUserSigningkey: core.getBooleanInput('git-user-signingkey'), gitUserSigningkey: core.getBooleanInput('git-user-signingkey'),
gitCommitGpgsign: core.getBooleanInput('git-commit-gpgsign'), gitCommitGpgsign: core.getBooleanInput('git-commit-gpgsign'),
gitTagGpgsign: core.getBooleanInput('git-tag-gpgsign'), gitTagGpgsign: core.getBooleanInput('git-tag-gpgsign'),
gitPushGpgsign: core.getBooleanInput('git-push-gpgsign'), gitPushGpgsign: core.getInput('git-push-gpgsign') || 'if-asked',
gitCommitterName: core.getInput('git-committer-name'), gitCommitterName: core.getInput('git-committer-name'),
gitCommitterEmail: core.getInput('git-committer-email'), gitCommitterEmail: core.getInput('git-committer-email'),
workdir: core.getInput('workdir') || '.' workdir: core.getInput('workdir') || '.'
@ -415,35 +415,40 @@ function run() {
core.info(`📂 Using ${inputs.workdir} as working directory...`); core.info(`📂 Using ${inputs.workdir} as working directory...`);
process.chdir(inputs.workdir); process.chdir(inputs.workdir);
} }
core.info('📣 GnuPG info');
const version = yield gpg.getVersion(); const version = yield gpg.getVersion();
const dirs = yield gpg.getDirs(); const dirs = yield gpg.getDirs();
yield core.group(`📣 GnuPG info`, () => __awaiter(this, void 0, void 0, function* () {
core.info(`Version : ${version.gnupg} (libgcrypt ${version.libgcrypt})`); core.info(`Version : ${version.gnupg} (libgcrypt ${version.libgcrypt})`);
core.info(`Libdir : ${dirs.libdir}`); core.info(`Libdir : ${dirs.libdir}`);
core.info(`Libexecdir : ${dirs.libexecdir}`); core.info(`Libexecdir : ${dirs.libexecdir}`);
core.info(`Datadir : ${dirs.datadir}`); core.info(`Datadir : ${dirs.datadir}`);
core.info(`Homedir : ${dirs.homedir}`); core.info(`Homedir : ${dirs.homedir}`);
core.info('🔮 Checking GPG private key'); }));
const privateKey = yield openpgp.readPrivateKey(inputs.gpgPrivateKey); const privateKey = yield openpgp.readPrivateKey(inputs.gpgPrivateKey);
core.debug(`Fingerprint : ${privateKey.fingerprint}`); yield core.group(`🔮 Checking GPG private key`, () => __awaiter(this, void 0, void 0, function* () {
core.debug(`KeyID : ${privateKey.keyID}`); core.info(`Fingerprint : ${privateKey.fingerprint}`);
core.debug(`Name : ${privateKey.name}`); core.info(`KeyID : ${privateKey.keyID}`);
core.debug(`Email : ${privateKey.email}`); core.info(`Name : ${privateKey.name}`);
core.debug(`CreationTime : ${privateKey.creationTime}`); core.info(`Email : ${privateKey.email}`);
core.info('🔑 Importing GPG private key'); core.info(`CreationTime : ${privateKey.creationTime}`);
}));
yield core.group(`🔑 Importing GPG private key`, () => __awaiter(this, void 0, void 0, function* () {
yield gpg.importKey(inputs.gpgPrivateKey).then(stdout => { yield gpg.importKey(inputs.gpgPrivateKey).then(stdout => {
core.debug(stdout); core.info(stdout);
}); });
}));
if (inputs.passphrase) { if (inputs.passphrase) {
core.info('⚙️ Configuring GnuPG agent'); core.info('⚙️ Configuring GnuPG agent');
yield gpg.configureAgent(gpg.agentConfig); yield gpg.configureAgent(gpg.agentConfig);
core.info('📌 Getting keygrips'); core.info('📌 Getting keygrips');
yield core.group(`📌 Getting keygrips`, () => __awaiter(this, void 0, void 0, function* () {
for (let keygrip of yield gpg.getKeygrips(privateKey.fingerprint)) { for (let keygrip of yield gpg.getKeygrips(privateKey.fingerprint)) {
core.info(`🔓 Presetting passphrase for ${keygrip}`); core.info(`🔓 Presetting passphrase for ${keygrip}`);
yield gpg.presetPassphrase(keygrip, inputs.passphrase).then(stdout => { yield gpg.presetPassphrase(keygrip, inputs.passphrase).then(stdout => {
core.debug(stdout); core.debug(stdout);
}); });
} }
}));
} }
core.info('🛒 Setting outputs...'); core.info('🛒 Setting outputs...');
context.setOutput('fingerprint', privateKey.fingerprint); context.setOutput('fingerprint', privateKey.fingerprint);
@ -472,7 +477,7 @@ function run() {
} }
if (inputs.gitPushGpgsign) { if (inputs.gitPushGpgsign) {
core.info('💎 Sign all pushes automatically'); core.info('💎 Sign all pushes automatically');
yield git.setConfig('push.gpgsign', 'true'); yield git.setConfig('push.gpgsign', inputs.gitPushGpgsign);
} }
} }
} }

View file

@ -7,7 +7,7 @@ export interface Inputs {
gitUserSigningkey: boolean; gitUserSigningkey: boolean;
gitCommitGpgsign: boolean; gitCommitGpgsign: boolean;
gitTagGpgsign: boolean; gitTagGpgsign: boolean;
gitPushGpgsign: boolean; gitPushGpgsign: string;
gitCommitterName: string; gitCommitterName: string;
gitCommitterEmail: string; gitCommitterEmail: string;
workdir: string; workdir: string;
@ -20,7 +20,7 @@ export async function getInputs(): Promise<Inputs> {
gitUserSigningkey: core.getBooleanInput('git-user-signingkey'), gitUserSigningkey: core.getBooleanInput('git-user-signingkey'),
gitCommitGpgsign: core.getBooleanInput('git-commit-gpgsign'), gitCommitGpgsign: core.getBooleanInput('git-commit-gpgsign'),
gitTagGpgsign: core.getBooleanInput('git-tag-gpgsign'), gitTagGpgsign: core.getBooleanInput('git-tag-gpgsign'),
gitPushGpgsign: core.getBooleanInput('git-push-gpgsign'), gitPushGpgsign: core.getInput('git-push-gpgsign') || 'if-asked',
gitCommitterName: core.getInput('git-committer-name'), gitCommitterName: core.getInput('git-committer-name'),
gitCommitterEmail: core.getInput('git-committer-email'), gitCommitterEmail: core.getInput('git-committer-email'),
workdir: core.getInput('workdir') || '.' workdir: core.getInput('workdir') || '.'

View file

@ -15,26 +15,29 @@ async function run(): Promise<void> {
process.chdir(inputs.workdir); process.chdir(inputs.workdir);
} }
core.info('📣 GnuPG info');
const version = await gpg.getVersion(); const version = await gpg.getVersion();
const dirs = await gpg.getDirs(); const dirs = await gpg.getDirs();
await core.group(`📣 GnuPG info`, async () => {
core.info(`Version : ${version.gnupg} (libgcrypt ${version.libgcrypt})`); core.info(`Version : ${version.gnupg} (libgcrypt ${version.libgcrypt})`);
core.info(`Libdir : ${dirs.libdir}`); core.info(`Libdir : ${dirs.libdir}`);
core.info(`Libexecdir : ${dirs.libexecdir}`); core.info(`Libexecdir : ${dirs.libexecdir}`);
core.info(`Datadir : ${dirs.datadir}`); core.info(`Datadir : ${dirs.datadir}`);
core.info(`Homedir : ${dirs.homedir}`); core.info(`Homedir : ${dirs.homedir}`);
});
core.info('🔮 Checking GPG private key');
const privateKey = await openpgp.readPrivateKey(inputs.gpgPrivateKey); const privateKey = await openpgp.readPrivateKey(inputs.gpgPrivateKey);
core.debug(`Fingerprint : ${privateKey.fingerprint}`); await core.group(`🔮 Checking GPG private key`, async () => {
core.debug(`KeyID : ${privateKey.keyID}`); core.info(`Fingerprint : ${privateKey.fingerprint}`);
core.debug(`Name : ${privateKey.name}`); core.info(`KeyID : ${privateKey.keyID}`);
core.debug(`Email : ${privateKey.email}`); core.info(`Name : ${privateKey.name}`);
core.debug(`CreationTime : ${privateKey.creationTime}`); core.info(`Email : ${privateKey.email}`);
core.info(`CreationTime : ${privateKey.creationTime}`);
});
core.info('🔑 Importing GPG private key'); await core.group(`🔑 Importing GPG private key`, async () => {
await gpg.importKey(inputs.gpgPrivateKey).then(stdout => { await gpg.importKey(inputs.gpgPrivateKey).then(stdout => {
core.debug(stdout); core.info(stdout);
});
}); });
if (inputs.passphrase) { if (inputs.passphrase) {
@ -42,12 +45,14 @@ async function run(): Promise<void> {
await gpg.configureAgent(gpg.agentConfig); await gpg.configureAgent(gpg.agentConfig);
core.info('📌 Getting keygrips'); core.info('📌 Getting keygrips');
await core.group(`📌 Getting keygrips`, async () => {
for (let keygrip of await gpg.getKeygrips(privateKey.fingerprint)) { for (let keygrip of await gpg.getKeygrips(privateKey.fingerprint)) {
core.info(`🔓 Presetting passphrase for ${keygrip}`); core.info(`🔓 Presetting passphrase for ${keygrip}`);
await gpg.presetPassphrase(keygrip, inputs.passphrase).then(stdout => { await gpg.presetPassphrase(keygrip, inputs.passphrase).then(stdout => {
core.debug(stdout); core.debug(stdout);
}); });
} }
});
} }
core.info('🛒 Setting outputs...'); core.info('🛒 Setting outputs...');
@ -82,7 +87,7 @@ async function run(): Promise<void> {
} }
if (inputs.gitPushGpgsign) { if (inputs.gitPushGpgsign) {
core.info('💎 Sign all pushes automatically'); core.info('💎 Sign all pushes automatically');
await git.setConfig('push.gpgsign', 'true'); await git.setConfig('push.gpgsign', inputs.gitPushGpgsign);
} }
} }
} catch (error) { } catch (error) {