Enable signing for Git commits and tags (#4)

.github/workflows/ci.yml

@@ -35,6 +35,8 @@ jobs:
       -
         name: Import GPG key
         uses: ./
+        with:
+          git_gpgsign: true
         env:
           SIGNING_KEY: ${{ secrets.SIGNING_KEY_TEST }}
           PASSPHRASE: ${{ secrets.PASSPHRASE_TEST }}

README.md

@@ -17,6 +17,7 @@ If you are interested, [check out](https://git.io/Je09Y) my other :octocat: GitH
 * Works on Linux and MacOS [virtual environments](https://help.github.com/en/articles/virtual-environments-for-github-actions#supported-virtual-environments-and-hardware-resources)
 * Allow to seed the internal cache of `gpg-agent` with provided passphrase
 * Purge imported GPG key and cache information from runner (security)
+* Enable signing for Git commits and tags
 
 ## Usage
 
@@ -36,7 +37,9 @@ jobs:
         uses: actions/checkout@v2
       -
         name: Import GPG key
-        uses: crazy-max/ghaction-import-gpg@master
+        uses: crazy-max/ghaction-import-gpg@v1
+        with:
+          git_gpgsign: true
         env:
           SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
           PASSPHRASE: ${{ secrets.PASSPHRASE }}
@@ -44,6 +47,14 @@ jobs:
 
 ## Customizing
 
+### inputs
+
+Following inputs can be used as `step.with` keys
+
+| Name                 | Type    | Description                                              |
+|----------------------|---------|----------------------------------------------------------|
+| `git_gpgsign`        | Bool    | Enable signing for this Git repository (default `false`) |
+
 ### environment variables
 
 Following environment variables can be used as `step.env` keys

action.yml

@@ -6,6 +6,11 @@ branding:
   color: 'yellow'
   icon: 'lock'
 
+inputs:
+  git_gpgsign:
+    description: 'Enable signing for this Git repository'
+    default: 'false'
+
 runs:
   using: 'node12'
   main: 'dist/index.js'

dist/index.js

@@ -1015,6 +1015,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(__webpack_require__(470));
+const git = __importStar(__webpack_require__(453));
 const gpg = __importStar(__webpack_require__(207));
 const openpgp = __importStar(__webpack_require__(781));
 const stateHelper = __importStar(__webpack_require__(153));
@@ -1059,6 +1060,11 @@ function run() {
                     core.debug(stdout);
                 });
             }
+            if (/true/i.test(core.getInput('git_gpgsign'))) {
+                core.info('💎 Enable signing for this Git repository');
+                yield git.enableCommitGpgsign();
+                yield git.setUserSigningkey(privateKey.keyID);
+            }
         }
         catch (error) {
             core.setFailed(error.message);
@@ -1378,6 +1384,53 @@ function escapeProperty(s) {
 }
 //# sourceMappingURL=command.js.map
 
+/***/ }),
+
+/***/ 453:
+/***/ (function(__unusedmodule, exports, __webpack_require__) {
+
+"use strict";
+
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
+    result["default"] = mod;
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const exec = __importStar(__webpack_require__(807));
+const git = (args = []) => __awaiter(void 0, void 0, void 0, function* () {
+    return yield exec.exec(`git`, args, true).then(res => {
+        if (res.stderr != '' && !res.success) {
+            throw new Error(res.stderr);
+        }
+        return res.stdout.trim();
+    });
+});
+function enableCommitGpgsign() {
+    return __awaiter(this, void 0, void 0, function* () {
+        yield git(['config', 'commit.gpgsign', 'true']);
+    });
+}
+exports.enableCommitGpgsign = enableCommitGpgsign;
+function setUserSigningkey(keyid) {
+    return __awaiter(this, void 0, void 0, function* () {
+        yield git(['config', 'user.signingkey', keyid]);
+    });
+}
+exports.setUserSigningkey = setUserSigningkey;
+
+
 /***/ }),
 
 /***/ 470:

src/git.ts

@@ -0,0 +1,18 @@
+import * as exec from './exec';
+
+const git = async (args: string[] = []): Promise<string> => {
+  return await exec.exec(`git`, args, true).then(res => {
+    if (res.stderr != '' && !res.success) {
+      throw new Error(res.stderr);
+    }
+    return res.stdout.trim();
+  });
+};
+
+export async function enableCommitGpgsign(): Promise<void> {
+  await git(['config', 'commit.gpgsign', 'true']);
+}
+
+export async function setUserSigningkey(keyid: string): Promise<void> {
+  await git(['config', 'user.signingkey', keyid]);
+}

src/main.ts

@@ -1,4 +1,5 @@
 import * as core from '@actions/core';
+import * as git from './git';
 import * as gpg from './gpg';
 import * as openpgp from './openpgp';
 import * as stateHelper from './state-helper';
@@ -50,6 +51,12 @@ async function run(): Promise<void> {
         core.debug(stdout);
       });
     }
+
+    if (/true/i.test(core.getInput('git_gpgsign'))) {
+      core.info('💎 Enable signing for this Git repository');
+      await git.enableCommitGpgsign();
+      await git.setUserSigningkey(privateKey.keyID);
+    }
   } catch (error) {
     core.setFailed(error.message);
   }