mirror of
https://github.com/crazy-max/ghaction-import-gpg.git
synced 2024-09-13 04:57:10 -04:00
Action to import a GPG key with environment secrets
d8abaae6d7
* Bump @actions/core from 1.2.6 to 1.2.7 Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) from 1.2.6 to 1.2.7. - [Release notes](https://github.com/actions/toolkit/releases) - [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core) Signed-off-by: dependabot[bot] <support@github.com> * Update generated content Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com> |
||
|---|---|---|
| .github | ||
| __tests__ | ||
| dist | ||
| hack | ||
| node_modules | ||
| src | ||
| .dockerignore | ||
| .editorconfig | ||
| .gitattributes | ||
| .gitignore | ||
| .prettierrc.json | ||
| action.yml | ||
| CHANGELOG.md | ||
| docker-bake.hcl | ||
| Dockerfile.dev | ||
| jest.config.js | ||
| LICENSE | ||
| package.json | ||
| README.md | ||
| tsconfig.json | ||
| yarn.lock | ||
About
GitHub Action to easily import a GPG key.
If you are interested, check out my other :octocat: GitHub Actions!
- Features
- Prerequisites
- Usage
- Customizing
- Keep up-to-date with GitHub Dependabot
- How can I help?
- License
Features
- Works on Linux, MacOS and Windows virtual environments
- Allow to seed the internal cache of
gpg-agentwith provided passphrase - Purge imported GPG key, cache information and kill agent from runner
- (Git) Enable signing for Git commits, tags and pushes
- (Git) Configure and check committer info against GPG key
Prerequisites
First, generate a GPG key and export the GPG private key as an ASCII armored version to your clipboard:
# macOS
gpg --armor --export-secret-key joe@foo.bar | pbcopy
# Ubuntu (assuming GNU base64)
gpg --armor --export-secret-key joe@foo.bar -w0 | xclip
# Arch
gpg --armor --export-secret-key joe@foo.bar | xclip -selection clipboard -i
# FreeBSD (assuming BSD base64)
gpg --armor --export-secret-key joe@foo.bar | xclip
Paste your clipboard as a secret named GPG_PRIVATE_KEY for example. Create another secret with the PASSPHRASE if applicable.
Usage
Workflow
name: import-gpg
on:
push:
branches: master
jobs:
import-gpg:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v2
-
name: Import GPG key
id: import_gpg
uses: crazy-max/ghaction-import-gpg@v3
with:
gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.PASSPHRASE }}
-
name: GPG user IDs
run: |
echo "fingerprint: ${{ steps.import_gpg.outputs.fingerprint }}"
echo "keyid: ${{ steps.import_gpg.outputs.keyid }}"
echo "name: ${{ steps.import_gpg.outputs.name }}"
echo "email: ${{ steps.import_gpg.outputs.email }}"
Sign commits
name: import-gpg
on:
push:
branches: master
jobs:
sign-commit:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v2
-
name: Import GPG key
uses: crazy-max/ghaction-import-gpg@v3
with:
gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.PASSPHRASE }}
git-user-signingkey: true
git-commit-gpgsign: true
-
name: Sign commit and push changes
run: |
echo foo > bar.txt
git add .
git commit -S -m "This commit is signed!"
git push
Customizing
inputs
Following inputs can be used as step.with keys
| Name | Type | Description |
|---|---|---|
gpg-private-key |
String | GPG private key exported as an ASCII armored version or its base64 encoding (required) |
passphrase |
String | Passphrase of the GPG private key |
git-user-signingkey |
Bool | Set GPG signing keyID for this Git repository (default false) |
git-commit-gpgsign¹ |
Bool | Sign all commits automatically. (default false) |
git-tag-gpgsign¹ |
Bool | Sign all tags automatically. (default false) |
git-push-gpgsign¹ |
Bool | Sign all pushes automatically. (default false) |
git-committer-name¹ |
String | Set commit author's name (defaults to the name associated with the GPG key) |
git-committer-email¹ |
String | Set commit author's email (defaults to the email address associated with the GPG key) |
workdir |
String | Working directory (below repository root) (default .) |
¹
git-user-signingkeyneeds to be enabled for these inputs to be used.
outputs
Following outputs are available
| Name | Type | Description |
|---|---|---|
fingerprint |
String | Fingerprint of the GPG key (recommended as user ID) |
keyid |
String | Low 64 bits of the X.509 certificate SHA-1 fingerprint |
name |
String | Name associated with the GPG key |
email |
String | Email address associated with the GPG key |
Keep up-to-date with GitHub Dependabot
Since Dependabot
has native GitHub Actions support,
to enable it on your GitHub repo all you need to do is add the .github/dependabot.yml file:
version: 2
updates:
# Maintain dependencies for GitHub Actions
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
How can I help?
All kinds of contributions are welcome 🙌! The most basic way to show your support is to star 🌟 the project, or to raise issues 💬 You can also support this project by becoming a sponsor on GitHub 👏 or by making a Paypal donation to ensure this journey continues indefinitely! 🚀
Thanks again for your support, it is much appreciated! 🙏
License
MIT. See LICENSE for more details.