Action to import a GPG key with environment secrets
Find a file
2020-05-07 00:14:43 +02:00
.github Cleanup workflows 2020-05-06 23:54:36 +02:00
.res Update CHANGELOG 2020-05-06 01:23:29 +02:00
__tests__ Kill GnuPG agent at POST step 2020-05-06 00:23:29 +02:00
dist Codecov 2020-05-06 18:00:13 +02:00
node_modules Cleanup local paths from extra fields 2020-05-07 00:14:43 +02:00
src Codecov 2020-05-06 18:00:13 +02:00
.editorconfig Initial commit 2020-05-03 20:46:05 +02:00
.gitattributes Initial commit 2020-05-03 20:46:05 +02:00
.gitignore Typo 2020-05-05 21:13:56 +02:00
.prettierrc.json Codecov 2020-05-06 18:00:13 +02:00
action.yml Fix inputs 2020-05-06 01:21:41 +02:00
CHANGELOG.md Cleanup workflows 2020-05-06 23:54:36 +02:00
jest.config.js Initial commit 2020-05-03 20:46:05 +02:00
LICENSE Initial commit 2020-05-03 20:46:05 +02:00
package-lock.json Cleanup local paths from extra fields 2020-05-07 00:14:43 +02:00
package.json Cleanup local paths from extra fields 2020-05-07 00:14:43 +02:00
README.md Update badges 2020-05-06 18:06:13 +02:00
tsconfig.json Codecov 2020-05-06 18:00:13 +02:00

GitHub release GitHub marketplace Test workflow Codecov Become a sponsor Paypal Donate

About

GitHub Action to easily import your GPG key to sign commits and tags.

If you are interested, check out my other :octocat: GitHub Actions!

Import GPG key

Features

  • Works on Linux, MacOS and Windows virtual environments
  • Allow to seed the internal cache of gpg-agent with provided passphrase
  • Enable signing for Git commits and tags
  • Configure and check committer info against GPG key
  • Purge imported GPG key, cache information and kill agent from runner

Usage

On your local machine, export the GPG private key as an ASCII armored version:

gpg --armor --export-secret-key --output key.pgp joe@foo.bar

Copy the content of key.pgp file as a secret named GPG_PRIVATE_KEY for example. Create another secret with your PASSPHRASE if applicable.

name: import-gpg

on:
  push:
    branches: master

jobs:
  import-gpg:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v2
      -
        name: Import GPG key
        uses: crazy-max/ghaction-import-gpg@v1
        with:
          git_user_signingkey: true
          git_commit_gpgsign: true
          git_tag_gpgsign: true
        env:
          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
          PASSPHRASE: ${{ secrets.PASSPHRASE }}
      -
        name: Sign commit and push changes
        run: |
          echo foo > bar.txt
          git add .
          git commit -S -m "This commit is signed!"
          git push          

Customizing

inputs

Following inputs can be used as step.with keys

Name Type Description
git_user_signingkey Bool Set GPG signing keyID for this Git repository (default false)
git_commit_gpgsign Bool Sign all commits automatically. git_user_signingkey needs to be enabled. (default false)
git_tag_gpgsign Bool Sign all tags automatically. git_user_signingkey needs to be enabled. (default false)
git_push_gpgsign Bool Sign all pushes automatically. git_user_signingkey needs to be enabled. (default false)
git_committer_name String Commit author's name (default GITHUB_ACTOR or github-actions)
git_committer_email String Commit author's email (default <committer_name>@users.noreply.github.com)

environment variables

Following environment variables can be used as step.env keys

Name Description
GPG_PRIVATE_KEY GPG private key exported as an ASCII armored version
PASSPHRASE Passphrase of your GPG_PRIVATE_KEY key if setted

How can I help?

All kinds of contributions are welcome 🙌! The most basic way to show your support is to star 🌟 the project, or to raise issues 💬 You can also support this project by becoming a sponsor on GitHub 👏 or by making a Paypal donation to ensure this journey continues indefinitely! 🚀

Thanks again for your support, it is much appreciated! 🙏

License

MIT. See LICENSE for more details.