name: ci concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true on: schedule: - cron: '0 10 * * *' push: branches: - 'master' - 'releases/v*' tags: - 'v*' pull_request: branches: - 'master' - 'releases/v*' jobs: gpg: runs-on: ubuntu-latest steps: - name: GPG conf run: | cat ~/.gnupg/gpg.conf || true armored: runs-on: ${{ matrix.os }} strategy: fail-fast: false matrix: key: - test-key - test-subkey global: - false - true os: - ubuntu-latest - macOS-latest - windows-latest include: - key: test-subkey fingerprint: C17D11ADF199F12A30A0910F1F80449BE0B08CB8 steps: - name: Checkout uses: actions/checkout@v4 - name: GPG conf uses: actions/github-script@v7 with: script: | const fs = require('fs'); const gnupgfolder = `${require('os').homedir()}/.gnupg`; if (!fs.existsSync(gnupgfolder)){ fs.mkdirSync(gnupgfolder); } fs.chmodSync(gnupgfolder, '0700'); fs.copyFile('__tests__/fixtures/gpg.conf', `${gnupgfolder}/gpg.conf`, (err) => { if (err) throw err; }); - name: Get test key and passphrase uses: actions/github-script@v7 id: test with: script: | const fs = require('fs'); core.setOutput('pgp', fs.readFileSync('__tests__/fixtures/${{ matrix.key }}.pgp', {encoding: 'utf8'})); core.setOutput('passphrase', fs.readFileSync('__tests__/fixtures/${{ matrix.key }}.pass', {encoding: 'utf8'})); - name: Import GPG uses: ./ with: gpg_private_key: ${{ steps.test.outputs.pgp }} passphrase: ${{ steps.test.outputs.passphrase }} trust_level: 5 git_config_global: ${{ matrix.global }} git_user_signingkey: true git_commit_gpgsign: true git_tag_gpgsign: true git_push_gpgsign: if-asked fingerprint: ${{ matrix.fingerprint }} - name: List keys run: | gpg -K shell: bash base64: runs-on: ${{ matrix.os }} strategy: fail-fast: false matrix: key: - test-key - test-subkey os: - ubuntu-latest - macOS-latest - windows-latest include: - key: test-subkey fingerprint: C17D11ADF199F12A30A0910F1F80449BE0B08CB8 steps: - name: Checkout uses: actions/checkout@v4 - name: Get test key and passphrase uses: actions/github-script@v7 id: test with: script: | const fs = require('fs'); core.setOutput('pgp-base64', fs.readFileSync('__tests__/fixtures/${{ matrix.key }}-base64.pgp', {encoding: 'utf8'})); core.setOutput('passphrase', fs.readFileSync('__tests__/fixtures/${{ matrix.key }}.pass', {encoding: 'utf8'})); - name: Import GPG uses: ./ with: gpg_private_key: ${{ steps.test.outputs.pgp-base64 }} passphrase: ${{ steps.test.outputs.passphrase }} git_user_signingkey: true git_commit_gpgsign: true git_tag_gpgsign: true git_push_gpgsign: if-asked fingerprint: ${{ matrix.fingerprint }} trust: runs-on: ${{ matrix.os }} strategy: fail-fast: false matrix: key: - test-key level: - '' - 5 - 4 - 3 - 2 - 1 os: - ubuntu-latest - macOS-latest - windows-latest steps: - name: Checkout uses: actions/checkout@v4 - name: GPG conf uses: actions/github-script@v7 with: script: | const fs = require('fs'); const gnupgfolder = `${require('os').homedir()}/.gnupg`; if (!fs.existsSync(gnupgfolder)){ fs.mkdirSync(gnupgfolder); } fs.chmodSync(gnupgfolder, '0700'); fs.copyFile('__tests__/fixtures/gpg.conf', `${gnupgfolder}/gpg.conf`, (err) => { if (err) throw err; }); - name: Get test key and passphrase uses: actions/github-script@v7 id: test with: script: | const fs = require('fs'); core.setOutput('pgp', fs.readFileSync('__tests__/fixtures/${{ matrix.key }}.pgp', {encoding: 'utf8'})); core.setOutput('passphrase', fs.readFileSync('__tests__/fixtures/${{ matrix.key }}.pass', {encoding: 'utf8'})); - name: Import GPG id: import_gpg uses: ./ with: gpg_private_key: ${{ steps.test.outputs.pgp }} passphrase: ${{ steps.test.outputs.passphrase }} trust_level: ${{ matrix.level }} - name: List trust values run: | gpg --export-ownertrust shell: bash