Enable signing for Git commits and tags (#4)

This commit is contained in:
CrazyMax 2020-05-04 20:59:11 +02:00
parent becd8c1b3b
commit feede15671
No known key found for this signature in database
GPG key ID: 3248E46B6BB8C7F7
6 changed files with 97 additions and 1 deletions

View file

@ -35,6 +35,8 @@ jobs:
- -
name: Import GPG key name: Import GPG key
uses: ./ uses: ./
with:
git_gpgsign: true
env: env:
SIGNING_KEY: ${{ secrets.SIGNING_KEY_TEST }} SIGNING_KEY: ${{ secrets.SIGNING_KEY_TEST }}
PASSPHRASE: ${{ secrets.PASSPHRASE_TEST }} PASSPHRASE: ${{ secrets.PASSPHRASE_TEST }}

View file

@ -17,6 +17,7 @@ If you are interested, [check out](https://git.io/Je09Y) my other :octocat: GitH
* Works on Linux and MacOS [virtual environments](https://help.github.com/en/articles/virtual-environments-for-github-actions#supported-virtual-environments-and-hardware-resources) * Works on Linux and MacOS [virtual environments](https://help.github.com/en/articles/virtual-environments-for-github-actions#supported-virtual-environments-and-hardware-resources)
* Allow to seed the internal cache of `gpg-agent` with provided passphrase * Allow to seed the internal cache of `gpg-agent` with provided passphrase
* Purge imported GPG key and cache information from runner (security) * Purge imported GPG key and cache information from runner (security)
* Enable signing for Git commits and tags
## Usage ## Usage
@ -36,7 +37,9 @@ jobs:
uses: actions/checkout@v2 uses: actions/checkout@v2
- -
name: Import GPG key name: Import GPG key
uses: crazy-max/ghaction-import-gpg@master uses: crazy-max/ghaction-import-gpg@v1
with:
git_gpgsign: true
env: env:
SIGNING_KEY: ${{ secrets.SIGNING_KEY }} SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
PASSPHRASE: ${{ secrets.PASSPHRASE }} PASSPHRASE: ${{ secrets.PASSPHRASE }}
@ -44,6 +47,14 @@ jobs:
## Customizing ## Customizing
### inputs
Following inputs can be used as `step.with` keys
| Name | Type | Description |
|----------------------|---------|----------------------------------------------------------|
| `git_gpgsign` | Bool | Enable signing for this Git repository (default `false`) |
### environment variables ### environment variables
Following environment variables can be used as `step.env` keys Following environment variables can be used as `step.env` keys

View file

@ -6,6 +6,11 @@ branding:
color: 'yellow' color: 'yellow'
icon: 'lock' icon: 'lock'
inputs:
git_gpgsign:
description: 'Enable signing for this Git repository'
default: 'false'
runs: runs:
using: 'node12' using: 'node12'
main: 'dist/index.js' main: 'dist/index.js'

53
dist/index.js generated vendored
View file

@ -1015,6 +1015,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
}; };
Object.defineProperty(exports, "__esModule", { value: true }); Object.defineProperty(exports, "__esModule", { value: true });
const core = __importStar(__webpack_require__(470)); const core = __importStar(__webpack_require__(470));
const git = __importStar(__webpack_require__(453));
const gpg = __importStar(__webpack_require__(207)); const gpg = __importStar(__webpack_require__(207));
const openpgp = __importStar(__webpack_require__(781)); const openpgp = __importStar(__webpack_require__(781));
const stateHelper = __importStar(__webpack_require__(153)); const stateHelper = __importStar(__webpack_require__(153));
@ -1059,6 +1060,11 @@ function run() {
core.debug(stdout); core.debug(stdout);
}); });
} }
if (/true/i.test(core.getInput('git_gpgsign'))) {
core.info('💎 Enable signing for this Git repository');
yield git.enableCommitGpgsign();
yield git.setUserSigningkey(privateKey.keyID);
}
} }
catch (error) { catch (error) {
core.setFailed(error.message); core.setFailed(error.message);
@ -1378,6 +1384,53 @@ function escapeProperty(s) {
} }
//# sourceMappingURL=command.js.map //# sourceMappingURL=command.js.map
/***/ }),
/***/ 453:
/***/ (function(__unusedmodule, exports, __webpack_require__) {
"use strict";
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
result["default"] = mod;
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
const exec = __importStar(__webpack_require__(807));
const git = (args = []) => __awaiter(void 0, void 0, void 0, function* () {
return yield exec.exec(`git`, args, true).then(res => {
if (res.stderr != '' && !res.success) {
throw new Error(res.stderr);
}
return res.stdout.trim();
});
});
function enableCommitGpgsign() {
return __awaiter(this, void 0, void 0, function* () {
yield git(['config', 'commit.gpgsign', 'true']);
});
}
exports.enableCommitGpgsign = enableCommitGpgsign;
function setUserSigningkey(keyid) {
return __awaiter(this, void 0, void 0, function* () {
yield git(['config', 'user.signingkey', keyid]);
});
}
exports.setUserSigningkey = setUserSigningkey;
/***/ }), /***/ }),
/***/ 470: /***/ 470:

18
src/git.ts Normal file
View file

@ -0,0 +1,18 @@
import * as exec from './exec';
const git = async (args: string[] = []): Promise<string> => {
return await exec.exec(`git`, args, true).then(res => {
if (res.stderr != '' && !res.success) {
throw new Error(res.stderr);
}
return res.stdout.trim();
});
};
export async function enableCommitGpgsign(): Promise<void> {
await git(['config', 'commit.gpgsign', 'true']);
}
export async function setUserSigningkey(keyid: string): Promise<void> {
await git(['config', 'user.signingkey', keyid]);
}

View file

@ -1,4 +1,5 @@
import * as core from '@actions/core'; import * as core from '@actions/core';
import * as git from './git';
import * as gpg from './gpg'; import * as gpg from './gpg';
import * as openpgp from './openpgp'; import * as openpgp from './openpgp';
import * as stateHelper from './state-helper'; import * as stateHelper from './state-helper';
@ -50,6 +51,12 @@ async function run(): Promise<void> {
core.debug(stdout); core.debug(stdout);
}); });
} }
if (/true/i.test(core.getInput('git_gpgsign'))) {
core.info('💎 Enable signing for this Git repository');
await git.enableCommitGpgsign();
await git.setUserSigningkey(privateKey.keyID);
}
} catch (error) { } catch (error) {
core.setFailed(error.message); core.setFailed(error.message);
} }