gpg/.github/workflows/ci.yml
2023-05-06 23:46:50 +02:00

191 lines
5.1 KiB
YAML

name: ci
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on:
schedule:
- cron: '0 10 * * *'
push:
branches:
- 'master'
- 'releases/v*'
tags:
- 'v*'
pull_request:
branches:
- 'master'
- 'releases/v*'
jobs:
gpg:
runs-on: ubuntu-latest
steps:
-
name: GPG conf
run: |
cat ~/.gnupg/gpg.conf || true
armored:
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
key:
- test-key
- test-subkey
global:
- false
- true
os:
- ubuntu-latest
- macOS-latest
- windows-latest
include:
- key: test-subkey
fingerprint: C17D11ADF199F12A30A0910F1F80449BE0B08CB8
steps:
-
name: Checkout
uses: actions/checkout@v3
-
name: GPG conf
uses: actions/github-script@v6
with:
script: |
const fs = require('fs');
const gnupgfolder = `${require('os').homedir()}/.gnupg`;
if (!fs.existsSync(gnupgfolder)){
fs.mkdirSync(gnupgfolder);
}
fs.chmodSync(gnupgfolder, '0700');
fs.copyFile('__tests__/fixtures/gpg.conf', `${gnupgfolder}/gpg.conf`, (err) => {
if (err) throw err;
});
-
name: Get test key and passphrase
uses: actions/github-script@v6
id: test
with:
script: |
const fs = require('fs');
core.setOutput('pgp', fs.readFileSync('__tests__/fixtures/${{ matrix.key }}.pgp', {encoding: 'utf8'}));
core.setOutput('passphrase', fs.readFileSync('__tests__/fixtures/${{ matrix.key }}.pass', {encoding: 'utf8'}));
-
name: Import GPG
uses: ./
with:
gpg_private_key: ${{ steps.test.outputs.pgp }}
passphrase: ${{ steps.test.outputs.passphrase }}
trust_level: 5
git_config_global: ${{ matrix.global }}
git_user_signingkey: true
git_commit_gpgsign: true
git_tag_gpgsign: true
git_push_gpgsign: if-asked
fingerprint: ${{ matrix.fingerprint }}
-
name: List keys
run: |
gpg -K
shell: bash
base64:
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
key:
- test-key
- test-subkey
os:
- ubuntu-latest
- macOS-latest
- windows-latest
include:
- key: test-subkey
fingerprint: C17D11ADF199F12A30A0910F1F80449BE0B08CB8
steps:
-
name: Checkout
uses: actions/checkout@v3
-
name: Get test key and passphrase
uses: actions/github-script@v6
id: test
with:
script: |
const fs = require('fs');
core.setOutput('pgp-base64', fs.readFileSync('__tests__/fixtures/${{ matrix.key }}-base64.pgp', {encoding: 'utf8'}));
core.setOutput('passphrase', fs.readFileSync('__tests__/fixtures/${{ matrix.key }}.pass', {encoding: 'utf8'}));
-
name: Import GPG
uses: ./
with:
gpg_private_key: ${{ steps.test.outputs.pgp-base64 }}
passphrase: ${{ steps.test.outputs.passphrase }}
git_user_signingkey: true
git_commit_gpgsign: true
git_tag_gpgsign: true
git_push_gpgsign: if-asked
fingerprint: ${{ matrix.fingerprint }}
trust:
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
key:
- test-key
level:
- ''
- 5
- 4
- 3
- 2
- 1
os:
- ubuntu-latest
- macOS-latest
- windows-latest
steps:
-
name: Checkout
uses: actions/checkout@v3
-
name: GPG conf
uses: actions/github-script@v6
with:
script: |
const fs = require('fs');
const gnupgfolder = `${require('os').homedir()}/.gnupg`;
if (!fs.existsSync(gnupgfolder)){
fs.mkdirSync(gnupgfolder);
}
fs.chmodSync(gnupgfolder, '0700');
fs.copyFile('__tests__/fixtures/gpg.conf', `${gnupgfolder}/gpg.conf`, (err) => {
if (err) throw err;
});
-
name: Get test key and passphrase
uses: actions/github-script@v6
id: test
with:
script: |
const fs = require('fs');
core.setOutput('pgp', fs.readFileSync('__tests__/fixtures/${{ matrix.key }}.pgp', {encoding: 'utf8'}));
core.setOutput('passphrase', fs.readFileSync('__tests__/fixtures/${{ matrix.key }}.pass', {encoding: 'utf8'}));
-
name: Import GPG
id: import_gpg
uses: ./
with:
gpg_private_key: ${{ steps.test.outputs.pgp }}
passphrase: ${{ steps.test.outputs.passphrase }}
trust_level: ${{ matrix.level }}
-
name: List trust values
run: |
gpg --export-ownertrust
shell: bash