Action to import a GPG key with environment secrets
Find a file
2020-05-06 00:27:45 +02:00
.github Update master workflow 2020-05-06 00:10:05 +02:00
.res Update screenshot 2020-05-04 21:01:54 +02:00
__tests__ Kill GnuPG agent at POST step 2020-05-06 00:23:29 +02:00
dist Cleanup code 2020-05-06 00:27:45 +02:00
node_modules Typo 2020-05-05 21:13:56 +02:00
src Cleanup code 2020-05-06 00:27:45 +02:00
.editorconfig Initial commit 2020-05-03 20:46:05 +02:00
.gitattributes Initial commit 2020-05-03 20:46:05 +02:00
.gitignore Typo 2020-05-05 21:13:56 +02:00
.prettierrc.json Initial commit 2020-05-03 20:46:05 +02:00
action.yml Configure and check committer email against GPG user address 2020-05-05 20:01:45 +02:00
CHANGELOG.md Update CHANGELOG 2020-05-05 21:16:14 +02:00
jest.config.js Initial commit 2020-05-03 20:46:05 +02:00
LICENSE Initial commit 2020-05-03 20:46:05 +02:00
package-lock.json Bump deps 2020-05-05 21:15:40 +02:00
package.json Bump deps 2020-05-05 21:15:40 +02:00
README.md Kill GnuPG agent at POST step 2020-05-06 00:23:29 +02:00
tsconfig.json Initial commit 2020-05-03 20:46:05 +02:00

GitHub release GitHub marketplace Test workflow Become a sponsor Paypal Donate

About

GitHub Action to easily import your GPG key to sign commits and tags.

If you are interested, check out my other :octocat: GitHub Actions!

Import GPG key

Features

  • Works on Linux and MacOS virtual environments
  • Allow to seed the internal cache of gpg-agent with provided passphrase
  • Enable signing for Git commits and tags
  • Configure and check committer info against GPG key
  • Purge imported GPG key, cache information and kill agent from runner

Usage

On your local machine, export the GPG private key as an ASCII armored version:

gpg --armor --export-secret-key --output key.pgp joe@foo.bar

Copy the content of key.pgp file as a secret named SIGNING_KEY for example. Create another secret with your PASSPHRASE if applicable.

name: import-gpg

on:
  push:
    branches: master

jobs:
  import-gpg:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v2
      -
        name: Import GPG key
        uses: crazy-max/ghaction-import-gpg@v1
        with:
          git_gpgsign: true
        env:
          SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
          PASSPHRASE: ${{ secrets.PASSPHRASE }}

Customizing

inputs

Following inputs can be used as step.with keys

Name Type Description
git_gpgsign Bool Enable signing for this Git repository (default false)
git_committer_name String Commit author's name (default GITHUB_ACTOR or github-actions)
git_committer_email String Commit author's email (default <committer_name>@users.noreply.github.com)

environment variables

Following environment variables can be used as step.env keys

Name Description
SIGNING_KEY GPG private key exported as an ASCII armored version
PASSPHRASE Passphrase of your GPG key if setted for your SIGNING_KEY

How can I help?

All kinds of contributions are welcome 🙌! The most basic way to show your support is to star 🌟 the project, or to raise issues 💬 You can also support this project by becoming a sponsor on GitHub 👏 or by making a Paypal donation to ensure this journey continues indefinitely! 🚀

Thanks again for your support, it is much appreciated! 🙏

License

MIT. See LICENSE for more details.