4.7 KiB
About
GitHub Action to easily import your GPG key to sign commits and tags.
If you are interested, check out my other :octocat: GitHub Actions!
Features
- Works on Linux, MacOS and Windows virtual environments
- Allow to seed the internal cache of
gpg-agent
with provided passphrase - Enable signing for Git commits and tags
- Configure and check committer info against GPG key
- Purge imported GPG key, cache information and kill agent from runner
Usage
On your local machine, export the GPG private key as an ASCII armored version:
gpg --armor --export-secret-key --output key.pgp joe@foo.bar
Copy the content of key.pgp
file as a secret
named GPG_PRIVATE_KEY
for example. Create another secret with your PASSPHRASE
if applicable.
name: import-gpg
on:
push:
branches: master
jobs:
import-gpg:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v2
-
name: Import GPG key
uses: crazy-max/ghaction-import-gpg@v1
with:
git_user_signingkey: true
git_commit_gpgsign: true
git_tag_gpgsign: true
env:
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
PASSPHRASE: ${{ secrets.PASSPHRASE }}
-
name: Sign commit and push changes
run: |
echo foo > bar.txt
git add .
git commit -S -m "This commit is signed!"
git push
Customizing
inputs
Following inputs can be used as step.with
keys
Name | Type | Description |
---|---|---|
git_user_signingkey |
Bool | Set GPG signing keyID for this Git repository (default false ) |
git_commit_gpgsign |
Bool | Sign all commits automatically. git_user_signingkey needs to be enabled. (default false ) |
git_tag_gpgsign |
Bool | Sign all tags automatically. git_user_signingkey needs to be enabled. (default false ) |
git_push_gpgsign |
Bool | Sign all pushes automatically. git_user_signingkey needs to be enabled. (default false ) |
git_committer_name |
String | Commit author's name (default GITHUB_ACTOR or github-actions ) |
git_committer_email |
String | Commit author's email (default <committer_name>@users.noreply.github.com ) |
environment variables
Following environment variables can be used as step.env
keys
Name | Description |
---|---|
GPG_PRIVATE_KEY |
GPG private key exported as an ASCII armored version |
PASSPHRASE |
Passphrase of your GPG_PRIVATE_KEY key if setted |
How can I help?
All kinds of contributions are welcome 🙌! The most basic way to show your support is to star 🌟 the project, or to raise issues 💬 You can also support this project by becoming a sponsor on GitHub 👏 or by making a Paypal donation to ensure this journey continues indefinitely! 🚀
Thanks again for your support, it is much appreciated! 🙏
License
MIT. See LICENSE
for more details.