actions/gpg
1
0
Fork 0
mirror of https://github.com/crazy-max/ghaction-import-gpg.git synced 2024-11-05 21:25:50 -05:00
Code Issues Projects Releases Packages Wiki Activity

Handle if-asked for git-push-gpgsign input (#100)

Browse source 
Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com>
This commit is contained in:
CrazyMax 2021-08-10 08:46:50 +02:00 committed by GitHub
parent 0dd57a5e3b
commit 93f53be329
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 64 additions and 106 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

BIN
.github/ghaction-import-gpg.png vendored
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 22 KiB

After

Width:  |  Height:  |  Size: 16 KiB

4
.github/workflows/ci.yml vendored
View file

@ -47,7 +47,7 @@ jobs:
git-user-signingkey: true
git-commit-gpgsign: true
git-tag-gpgsign: true
git-push-gpgsign: true
git-push-gpgsign: if-asked
-
name: GPG user IDs
run: |
@ -88,7 +88,7 @@ jobs:
git-user-signingkey: true
git-commit-gpgsign: true
git-tag-gpgsign: true
git-push-gpgsign: true
git-push-gpgsign: if-asked
-
name: GPG user IDs
run: |

53
Dockerfile.dev
View file

@ -1,53 +0,0 @@
#syntax=docker/dockerfile:1.2
FROM node:12 AS deps
WORKDIR /src
COPY package.json yarn.lock ./
RUN --mount=type=cache,target=/src/node_modules \
yarn install
FROM scratch AS update-yarn
COPY --from=deps /src/yarn.lock /
FROM deps AS validate-yarn
COPY .git .git
RUN status=$(git status --porcelain -- yarn.lock); if [ -n "$status" ]; then echo $status; exit 1; fi
FROM deps AS base
COPY . .
FROM base AS build
RUN --mount=type=cache,target=/src/node_modules \
yarn build
FROM deps AS test
ARG GITHUB_REPOSITORY
ENV RUNNER_TEMP=/tmp/github_runner
ENV RUNNER_TOOL_CACHE=/tmp/github_tool_cache
ENV GITHUB_REPOSITORY=${GITHUB_REPOSITORY}
COPY . .
RUN --mount=type=cache,target=/src/node_modules \
yarn run test
FROM scratch AS test-coverage
COPY --from=test /src/coverage /coverage/
FROM base AS run-format
RUN --mount=type=cache,target=/src/node_modules \
yarn run format
FROM scratch AS format
COPY --from=run-format /src/src/*.ts /src/
FROM base AS validate-format
RUN --mount=type=cache,target=/src/node_modules \
yarn run format-check
FROM scratch AS dist
COPY --from=build /src/dist/ /dist/
FROM build AS validate-build
RUN status=$(git status --porcelain -- dist); if [ -n "$status" ]; then echo $status; exit 1; fi
FROM base AS dev
ENTRYPOINT ["bash"]

5
README.md
View file

@ -53,7 +53,8 @@ gpg --armor --export-secret-key joe@foo.bar | xclip -selection clipboard -i
gpg --armor --export-secret-key joe@foo.bar | xclip
```
Paste your clipboard as a [`secret`](https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets) named `GPG_PRIVATE_KEY` for example. Create another secret with the `PASSPHRASE` if applicable.
Paste your clipboard as a [`secret`](https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets)
named `GPG_PRIVATE_KEY` for example. Create another secret with the `PASSPHRASE` if applicable.
## Usage
@ -135,7 +136,7 @@ Following inputs can be used as `step.with` keys
| `git-user-signingkey` | Bool | Set GPG signing keyID for this Git repository (default `false`) |
| `git-commit-gpgsign`**¹** | Bool | Sign all commits automatically. (default `false`) |
| `git-tag-gpgsign`**¹** | Bool | Sign all tags automatically. (default `false`) |
| `git-push-gpgsign`**¹** | Bool | Sign all pushes automatically. (default `false`) |
| `git-push-gpgsign`**¹** | String | Sign all pushes automatically. (default `if-asked`) |
| `git-committer-name`**¹** | String | Set commit author's name (defaults to the name associated with the GPG key) |
| `git-committer-email`**¹** | String | Set commit author's email (defaults to the email address associated with the GPG key) |
| `workdir` | String | Working directory (below repository root) (default `.`) |

2
action.yml
View file

@ -27,7 +27,7 @@ inputs:
required: false
git-push-gpgsign:
description: 'Sign all pushes automatically. git-user-signingkey needs to be enabled'
default: 'false'
default: 'if-asked'
required: false
git-committer-name:
description: 'Commit author''s name'

27
dist/index.js generated vendored
View file

@ -47,7 +47,7 @@ function getInputs() {
gitUserSigningkey: core.getBooleanInput('git-user-signingkey'),
gitCommitGpgsign: core.getBooleanInput('git-commit-gpgsign'),
gitTagGpgsign: core.getBooleanInput('git-tag-gpgsign'),
gitPushGpgsign: core.getBooleanInput('git-push-gpgsign'),
gitPushGpgsign: core.getInput('git-push-gpgsign') || 'if-asked',
gitCommitterName: core.getInput('git-committer-name'),
gitCommitterEmail: core.getInput('git-committer-email'),
workdir: core.getInput('workdir') || '.'
@ -415,35 +415,40 @@ function run() {
core.info(`📂 Using ${inputs.workdir} as working directory...`);
process.chdir(inputs.workdir);
}
core.info('📣 GnuPG info');
const version = yield gpg.getVersion();
const dirs = yield gpg.getDirs();
yield core.group(`📣 GnuPG info`, () => __awaiter(this, void 0, void 0, function* () {
core.info(`Version : ${version.gnupg} (libgcrypt ${version.libgcrypt})`);
core.info(`Libdir : ${dirs.libdir}`);
core.info(`Libexecdir : ${dirs.libexecdir}`);
core.info(`Datadir : ${dirs.datadir}`);
core.info(`Homedir : ${dirs.homedir}`);
core.info('🔮 Checking GPG private key');
}));
const privateKey = yield openpgp.readPrivateKey(inputs.gpgPrivateKey);
core.debug(`Fingerprint : ${privateKey.fingerprint}`);
core.debug(`KeyID : ${privateKey.keyID}`);
core.debug(`Name : ${privateKey.name}`);
core.debug(`Email : ${privateKey.email}`);
core.debug(`CreationTime : ${privateKey.creationTime}`);
core.info('🔑 Importing GPG private key');
yield core.group(`🔮 Checking GPG private key`, () => __awaiter(this, void 0, void 0, function* () {
core.info(`Fingerprint : ${privateKey.fingerprint}`);
core.info(`KeyID : ${privateKey.keyID}`);
core.info(`Name : ${privateKey.name}`);
core.info(`Email : ${privateKey.email}`);
core.info(`CreationTime : ${privateKey.creationTime}`);
}));
yield core.group(`🔑 Importing GPG private key`, () => __awaiter(this, void 0, void 0, function* () {
yield gpg.importKey(inputs.gpgPrivateKey).then(stdout => {
core.debug(stdout);
core.info(stdout);
});
}));
if (inputs.passphrase) {
core.info('⚙️ Configuring GnuPG agent');
yield gpg.configureAgent(gpg.agentConfig);
core.info('📌 Getting keygrips');
yield core.group(`📌 Getting keygrips`, () => __awaiter(this, void 0, void 0, function* () {
for (let keygrip of yield gpg.getKeygrips(privateKey.fingerprint)) {
core.info(`🔓 Presetting passphrase for ${keygrip}`);
yield gpg.presetPassphrase(keygrip, inputs.passphrase).then(stdout => {
core.debug(stdout);
});
}
}));
}
core.info('🛒 Setting outputs...');
context.setOutput('fingerprint', privateKey.fingerprint);
@ -472,7 +477,7 @@ function run() {
}
if (inputs.gitPushGpgsign) {
core.info('💎 Sign all pushes automatically');
yield git.setConfig('push.gpgsign', 'true');
yield git.setConfig('push.gpgsign', inputs.gitPushGpgsign);
}
}
}

4
src/context.ts
View file

@ -7,7 +7,7 @@ export interface Inputs {
gitUserSigningkey: boolean;
gitCommitGpgsign: boolean;
gitTagGpgsign: boolean;
gitPushGpgsign: boolean;
gitPushGpgsign: string;
gitCommitterName: string;
gitCommitterEmail: string;
workdir: string;
@ -20,7 +20,7 @@ export async function getInputs(): Promise<Inputs> {
gitUserSigningkey: core.getBooleanInput('git-user-signingkey'),
gitCommitGpgsign: core.getBooleanInput('git-commit-gpgsign'),
gitTagGpgsign: core.getBooleanInput('git-tag-gpgsign'),
gitPushGpgsign: core.getBooleanInput('git-push-gpgsign'),
gitPushGpgsign: core.getInput('git-push-gpgsign') || 'if-asked',
gitCommitterName: core.getInput('git-committer-name'),
gitCommitterEmail: core.getInput('git-committer-email'),
workdir: core.getInput('workdir') || '.'

25
src/main.ts
View file

@ -15,26 +15,29 @@ async function run(): Promise<void> {
process.chdir(inputs.workdir);
}
core.info('📣 GnuPG info');
const version = await gpg.getVersion();
const dirs = await gpg.getDirs();
await core.group(`📣 GnuPG info`, async () => {
core.info(`Version : ${version.gnupg} (libgcrypt ${version.libgcrypt})`);
core.info(`Libdir : ${dirs.libdir}`);
core.info(`Libexecdir : ${dirs.libexecdir}`);
core.info(`Datadir : ${dirs.datadir}`);
core.info(`Homedir : ${dirs.homedir}`);
});
core.info('🔮 Checking GPG private key');
const privateKey = await openpgp.readPrivateKey(inputs.gpgPrivateKey);
core.debug(`Fingerprint : ${privateKey.fingerprint}`);
core.debug(`KeyID : ${privateKey.keyID}`);
core.debug(`Name : ${privateKey.name}`);
core.debug(`Email : ${privateKey.email}`);
core.debug(`CreationTime : ${privateKey.creationTime}`);
await core.group(`🔮 Checking GPG private key`, async () => {
core.info(`Fingerprint : ${privateKey.fingerprint}`);
core.info(`KeyID : ${privateKey.keyID}`);
core.info(`Name : ${privateKey.name}`);
core.info(`Email : ${privateKey.email}`);
core.info(`CreationTime : ${privateKey.creationTime}`);
});
core.info('🔑 Importing GPG private key');
await core.group(`🔑 Importing GPG private key`, async () => {
await gpg.importKey(inputs.gpgPrivateKey).then(stdout => {
core.debug(stdout);
core.info(stdout);
});
});
if (inputs.passphrase) {
@ -42,12 +45,14 @@ async function run(): Promise<void> {
await gpg.configureAgent(gpg.agentConfig);
core.info('📌 Getting keygrips');
await core.group(`📌 Getting keygrips`, async () => {
for (let keygrip of await gpg.getKeygrips(privateKey.fingerprint)) {
core.info(`🔓 Presetting passphrase for ${keygrip}`);
await gpg.presetPassphrase(keygrip, inputs.passphrase).then(stdout => {
core.debug(stdout);
});
}
});
}
core.info('🛒 Setting outputs...');
@ -82,7 +87,7 @@ async function run(): Promise<void> {
}
if (inputs.gitPushGpgsign) {
core.info('💎 Sign all pushes automatically');
await git.setConfig('push.gpgsign', 'true');
await git.setConfig('push.gpgsign', inputs.gitPushGpgsign);
}
}
} catch (error) {