Action to import a GPG key with environment secrets
Find a file
2020-05-07 18:43:19 +00:00
.github Cleanup workflows 2020-05-06 23:54:36 +02:00
.res Update CHANGELOG 2020-05-06 01:23:29 +02:00
__tests__ Kill GnuPG agent at POST step 2020-05-06 00:23:29 +02:00
dist Add fingerprint, keyid and email outputs 2020-05-07 20:42:27 +02:00
node_modules Cleanup local paths from extra fields 2020-05-07 00:14:43 +02:00
src Add fingerprint, keyid and email outputs 2020-05-07 20:42:27 +02:00
.editorconfig Initial commit 2020-05-03 20:46:05 +02:00
.gitattributes Initial commit 2020-05-03 20:46:05 +02:00
.gitignore Typo 2020-05-05 21:13:56 +02:00
.prettierrc.json Codecov 2020-05-06 18:00:13 +02:00
action.yml Add fingerprint, keyid and email outputs 2020-05-07 20:42:27 +02:00
CHANGELOG.md Cleanup workflows 2020-05-06 23:54:36 +02:00
jest.config.js Initial commit 2020-05-03 20:46:05 +02:00
LICENSE Initial commit 2020-05-03 20:46:05 +02:00
package-lock.json Add fingerprint, keyid and email outputs 2020-05-07 20:42:27 +02:00
package.json Update generated content 2020-05-07 18:43:19 +00:00
README.md Add fingerprint, keyid and email outputs 2020-05-07 20:42:27 +02:00
tsconfig.json Codecov 2020-05-06 18:00:13 +02:00

GitHub release GitHub marketplace Test workflow Codecov Become a sponsor Paypal Donate

About

GitHub Action to easily import a GPG key.

If you are interested, check out my other :octocat: GitHub Actions!

Import GPG key

Features

  • Works on Linux, MacOS and Windows virtual environments
  • Allow to seed the internal cache of gpg-agent with provided passphrase
  • Purge imported GPG key, cache information and kill agent from runner
  • (Git) Enable signing for Git commits, tags and pushes
  • (Git) Configure and check committer info against GPG key

Usage

First, export the GPG private key as an ASCII armored version:

gpg --armor --export-secret-key --output key.pgp joe@foo.bar

Copy the content of key.pgp file as a secret named GPG_PRIVATE_KEY for example. Create another secret with the PASSPHRASE if applicable.

name: import-gpg

on:
  push:
    branches: master

jobs:
  import-gpg:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v2
      -
        name: Import GPG key
        uses: crazy-max/ghaction-import-gpg@v1
        with:
          git_user_signingkey: true
          git_commit_gpgsign: true
          git_tag_gpgsign: true
        env:
          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
          PASSPHRASE: ${{ secrets.PASSPHRASE }}
      -
        name: Sign commit and push changes
        run: |
          echo foo > bar.txt
          git add .
          git commit -S -m "This commit is signed!"
          git push          

Customizing

inputs

Following inputs can be used as step.with keys

Name Type Description
git_user_signingkey Bool Set GPG signing keyID for this Git repository (default false)
git_commit_gpgsign 📌 Bool Sign all commits automatically. (default false)
git_tag_gpgsign 📌 Bool Sign all tags automatically. (default false)
git_push_gpgsign 📌 Bool Sign all pushes automatically. (default false)
git_committer_name 📌 String Set commit author's name (default GITHUB_ACTOR or github-actions)
git_committer_email 📌 String Set commit author's email (default <committer_name>@users.noreply.github.com)

📌 git_user_signingkey needs to be enabled for these inputs to be used.

outputs

Following outputs are available

Name Type Description
fingerprint String Fingerprint of the GPG key (recommended as user ID)
keyid String Low 64 bits of the X.509 certificate SHA-1 fingerprint
email String Email address associated with the GPG key

environment variables

Following environment variables can be used as step.env keys

Name Description
GPG_PRIVATE_KEY GPG private key exported as an ASCII armored version
PASSPHRASE Passphrase of the GPG_PRIVATE_KEY key if setted

How can I help?

All kinds of contributions are welcome 🙌! The most basic way to show your support is to star 🌟 the project, or to raise issues 💬 You can also support this project by becoming a sponsor on GitHub 👏 or by making a Paypal donation to ensure this journey continues indefinitely! 🚀

Thanks again for your support, it is much appreciated! 🙏

License

MIT. See LICENSE for more details.