mirror of
https://github.com/crazy-max/ghaction-import-gpg.git
synced 2024-12-23 19:52:09 -05:00
Enable signing for Git commits and tags (#4)
This commit is contained in:
parent
becd8c1b3b
commit
feede15671
6 changed files with 97 additions and 1 deletions
2
.github/workflows/ci.yml
vendored
2
.github/workflows/ci.yml
vendored
|
@ -35,6 +35,8 @@ jobs:
|
|||
-
|
||||
name: Import GPG key
|
||||
uses: ./
|
||||
with:
|
||||
git_gpgsign: true
|
||||
env:
|
||||
SIGNING_KEY: ${{ secrets.SIGNING_KEY_TEST }}
|
||||
PASSPHRASE: ${{ secrets.PASSPHRASE_TEST }}
|
||||
|
|
13
README.md
13
README.md
|
@ -17,6 +17,7 @@ If you are interested, [check out](https://git.io/Je09Y) my other :octocat: GitH
|
|||
* Works on Linux and MacOS [virtual environments](https://help.github.com/en/articles/virtual-environments-for-github-actions#supported-virtual-environments-and-hardware-resources)
|
||||
* Allow to seed the internal cache of `gpg-agent` with provided passphrase
|
||||
* Purge imported GPG key and cache information from runner (security)
|
||||
* Enable signing for Git commits and tags
|
||||
|
||||
## Usage
|
||||
|
||||
|
@ -36,7 +37,9 @@ jobs:
|
|||
uses: actions/checkout@v2
|
||||
-
|
||||
name: Import GPG key
|
||||
uses: crazy-max/ghaction-import-gpg@master
|
||||
uses: crazy-max/ghaction-import-gpg@v1
|
||||
with:
|
||||
git_gpgsign: true
|
||||
env:
|
||||
SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
|
||||
PASSPHRASE: ${{ secrets.PASSPHRASE }}
|
||||
|
@ -44,6 +47,14 @@ jobs:
|
|||
|
||||
## Customizing
|
||||
|
||||
### inputs
|
||||
|
||||
Following inputs can be used as `step.with` keys
|
||||
|
||||
| Name | Type | Description |
|
||||
|----------------------|---------|----------------------------------------------------------|
|
||||
| `git_gpgsign` | Bool | Enable signing for this Git repository (default `false`) |
|
||||
|
||||
### environment variables
|
||||
|
||||
Following environment variables can be used as `step.env` keys
|
||||
|
|
|
@ -6,6 +6,11 @@ branding:
|
|||
color: 'yellow'
|
||||
icon: 'lock'
|
||||
|
||||
inputs:
|
||||
git_gpgsign:
|
||||
description: 'Enable signing for this Git repository'
|
||||
default: 'false'
|
||||
|
||||
runs:
|
||||
using: 'node12'
|
||||
main: 'dist/index.js'
|
||||
|
|
53
dist/index.js
generated
vendored
53
dist/index.js
generated
vendored
|
@ -1015,6 +1015,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|||
};
|
||||
Object.defineProperty(exports, "__esModule", { value: true });
|
||||
const core = __importStar(__webpack_require__(470));
|
||||
const git = __importStar(__webpack_require__(453));
|
||||
const gpg = __importStar(__webpack_require__(207));
|
||||
const openpgp = __importStar(__webpack_require__(781));
|
||||
const stateHelper = __importStar(__webpack_require__(153));
|
||||
|
@ -1059,6 +1060,11 @@ function run() {
|
|||
core.debug(stdout);
|
||||
});
|
||||
}
|
||||
if (/true/i.test(core.getInput('git_gpgsign'))) {
|
||||
core.info('💎 Enable signing for this Git repository');
|
||||
yield git.enableCommitGpgsign();
|
||||
yield git.setUserSigningkey(privateKey.keyID);
|
||||
}
|
||||
}
|
||||
catch (error) {
|
||||
core.setFailed(error.message);
|
||||
|
@ -1378,6 +1384,53 @@ function escapeProperty(s) {
|
|||
}
|
||||
//# sourceMappingURL=command.js.map
|
||||
|
||||
/***/ }),
|
||||
|
||||
/***/ 453:
|
||||
/***/ (function(__unusedmodule, exports, __webpack_require__) {
|
||||
|
||||
"use strict";
|
||||
|
||||
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
||||
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
||||
return new (P || (P = Promise))(function (resolve, reject) {
|
||||
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
||||
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
||||
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
||||
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
||||
});
|
||||
};
|
||||
var __importStar = (this && this.__importStar) || function (mod) {
|
||||
if (mod && mod.__esModule) return mod;
|
||||
var result = {};
|
||||
if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
|
||||
result["default"] = mod;
|
||||
return result;
|
||||
};
|
||||
Object.defineProperty(exports, "__esModule", { value: true });
|
||||
const exec = __importStar(__webpack_require__(807));
|
||||
const git = (args = []) => __awaiter(void 0, void 0, void 0, function* () {
|
||||
return yield exec.exec(`git`, args, true).then(res => {
|
||||
if (res.stderr != '' && !res.success) {
|
||||
throw new Error(res.stderr);
|
||||
}
|
||||
return res.stdout.trim();
|
||||
});
|
||||
});
|
||||
function enableCommitGpgsign() {
|
||||
return __awaiter(this, void 0, void 0, function* () {
|
||||
yield git(['config', 'commit.gpgsign', 'true']);
|
||||
});
|
||||
}
|
||||
exports.enableCommitGpgsign = enableCommitGpgsign;
|
||||
function setUserSigningkey(keyid) {
|
||||
return __awaiter(this, void 0, void 0, function* () {
|
||||
yield git(['config', 'user.signingkey', keyid]);
|
||||
});
|
||||
}
|
||||
exports.setUserSigningkey = setUserSigningkey;
|
||||
|
||||
|
||||
/***/ }),
|
||||
|
||||
/***/ 470:
|
||||
|
|
18
src/git.ts
Normal file
18
src/git.ts
Normal file
|
@ -0,0 +1,18 @@
|
|||
import * as exec from './exec';
|
||||
|
||||
const git = async (args: string[] = []): Promise<string> => {
|
||||
return await exec.exec(`git`, args, true).then(res => {
|
||||
if (res.stderr != '' && !res.success) {
|
||||
throw new Error(res.stderr);
|
||||
}
|
||||
return res.stdout.trim();
|
||||
});
|
||||
};
|
||||
|
||||
export async function enableCommitGpgsign(): Promise<void> {
|
||||
await git(['config', 'commit.gpgsign', 'true']);
|
||||
}
|
||||
|
||||
export async function setUserSigningkey(keyid: string): Promise<void> {
|
||||
await git(['config', 'user.signingkey', keyid]);
|
||||
}
|
|
@ -1,4 +1,5 @@
|
|||
import * as core from '@actions/core';
|
||||
import * as git from './git';
|
||||
import * as gpg from './gpg';
|
||||
import * as openpgp from './openpgp';
|
||||
import * as stateHelper from './state-helper';
|
||||
|
@ -50,6 +51,12 @@ async function run(): Promise<void> {
|
|||
core.debug(stdout);
|
||||
});
|
||||
}
|
||||
|
||||
if (/true/i.test(core.getInput('git_gpgsign'))) {
|
||||
core.info('💎 Enable signing for this Git repository');
|
||||
await git.enableCommitGpgsign();
|
||||
await git.setUserSigningkey(privateKey.keyID);
|
||||
}
|
||||
} catch (error) {
|
||||
core.setFailed(error.message);
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue