import * as core from '@actions/core'; import * as context from './context'; import * as git from './git'; import * as gpg from './gpg'; import * as openpgp from './openpgp'; import * as stateHelper from './state-helper'; async function run(): Promise { try { let inputs: context.Inputs = await context.getInputs(); if (inputs.workdir && inputs.workdir !== '.') { core.info(`Using ${inputs.workdir} as working directory...`); process.chdir(inputs.workdir); } const version = await gpg.getVersion(); const dirs = await gpg.getDirs(); await core.group(`GnuPG info`, async () => { core.info(`Version : ${version.gnupg} (libgcrypt ${version.libgcrypt})`); core.info(`Libdir : ${dirs.libdir}`); core.info(`Libexecdir : ${dirs.libexecdir}`); core.info(`Datadir : ${dirs.datadir}`); core.info(`Homedir : ${dirs.homedir}`); }); const privateKey = await openpgp.readPrivateKey(inputs.gpgPrivateKey); await core.group(`GPG private key info`, async () => { core.info(`Fingerprint : ${privateKey.fingerprint}`); core.info(`KeyID : ${privateKey.keyID}`); core.info(`Name : ${privateKey.name}`); core.info(`Email : ${privateKey.email}`); core.info(`CreationTime : ${privateKey.creationTime}`); }); stateHelper.setFingerprint(privateKey.fingerprint); let fingerprint = privateKey.fingerprint; if (inputs.fingerprint) { fingerprint = inputs.fingerprint; } await core.group(`Fingerprint to use`, async () => { core.info(fingerprint); }); await core.group(`Importing GPG private key`, async () => { await gpg.importKey(inputs.gpgPrivateKey).then(stdout => { core.info(stdout); }); }); if (inputs.passphrase && !inputs.fingerprint) { // Set the passphrase for all subkeys core.info('Configuring GnuPG agent'); await gpg.configureAgent(gpg.agentConfig); await core.group(`Getting keygrips`, async () => { for (let keygrip of await gpg.getKeygrips(fingerprint)) { core.info(`Presetting passphrase for ${keygrip}`); await gpg.presetPassphrase(keygrip, inputs.passphrase).then(stdout => { core.debug(stdout); }); } }); } if (inputs.passphrase && inputs.fingerprint) { // Set the passphrase only for the subkey specified in the input `fingerprint` core.info('Configuring GnuPG agent'); await gpg.configureAgent(gpg.agentConfig); await core.group(`Getting keygrip for fingerprint`, async () => { const keygrip = await gpg.getKeygrip(fingerprint); core.info(`Presetting passphrase for key ${fingerprint} with keygrip ${keygrip}`); await gpg.presetPassphrase(keygrip, inputs.passphrase).then(stdout => { core.debug(stdout); }); }); } await core.group(`Setting outputs`, async () => { core.info(`fingerprint=${fingerprint}`); context.setOutput('fingerprint', fingerprint); core.info(`keyid=${privateKey.keyID}`); context.setOutput('keyid', privateKey.keyID); core.info(`name=${privateKey.name}`); context.setOutput('name', privateKey.name); core.info(`email=${privateKey.email}`); context.setOutput('email', privateKey.email); }); if (inputs.gitUserSigningkey) { core.info('Setting GPG signing keyID for this Git repository'); await git.setConfig('user.signingkey', privateKey.keyID, inputs.gitConfigGlobal); const userEmail = inputs.gitCommitterEmail || privateKey.email; const userName = inputs.gitCommitterName || privateKey.name; if (userEmail != privateKey.email) { core.setFailed(`Committer email "${inputs.gitCommitterEmail}" (name: "${inputs.gitCommitterName}") does not match GPG private key email "${privateKey.email}" (name: "${privateKey.name}")`); return; } core.info(`Configuring Git committer (${userName} <${userEmail}>)`); await git.setConfig('user.name', userName, inputs.gitConfigGlobal); await git.setConfig('user.email', userEmail, inputs.gitConfigGlobal); if (inputs.gitCommitGpgsign) { core.info('Sign all commits automatically'); await git.setConfig('commit.gpgsign', 'true', inputs.gitConfigGlobal); } if (inputs.gitTagGpgsign) { core.info('Sign all tags automatically'); await git.setConfig('tag.gpgsign', 'true', inputs.gitConfigGlobal); } if (inputs.gitPushGpgsign) { core.info('Sign all pushes automatically'); await git.setConfig('push.gpgsign', inputs.gitPushGpgsign, inputs.gitConfigGlobal); } } } catch (error) { core.setFailed(error.message); } } async function cleanup(): Promise { if (stateHelper.fingerprint.length <= 0) { core.debug('Primary key fingerprint is not defined. Skipping cleanup.'); return; } try { core.info(`Removing key ${stateHelper.fingerprint}`); await gpg.deleteKey(stateHelper.fingerprint); core.info('Killing GnuPG agent'); await gpg.killAgent(); } catch (error) { core.warning(error.message); } } if (!stateHelper.IsPost) { run(); } else { cleanup(); }