import-gpg/src/main.ts

import * as core from '@actions/core';
import * as context from './context';
import * as git from './git';
import * as gpg from './gpg';
import * as openpgp from './openpgp';
import * as stateHelper from './state-helper';

async function run(): Promise<void> {
  try {
    let inputs: context.Inputs = await context.getInputs();
    stateHelper.setGpgPrivateKey(inputs.gpgPrivateKey);

    if (inputs.workdir && inputs.workdir !== '.') {
      core.info(`📂 Using ${inputs.workdir} as working directory...`);
      process.chdir(inputs.workdir);
    }

    core.info('📣 GnuPG info');
    const version = await gpg.getVersion();
    const dirs = await gpg.getDirs();
    core.info(`Version    : ${version.gnupg} (libgcrypt ${version.libgcrypt})`);
    core.info(`Libdir     : ${dirs.libdir}`);
    core.info(`Libexecdir : ${dirs.libexecdir}`);
    core.info(`Datadir    : ${dirs.datadir}`);
    core.info(`Homedir    : ${dirs.homedir}`);

    core.info('🔮 Checking GPG private key');
    const privateKey = await openpgp.readPrivateKey(inputs.gpgPrivateKey);
    core.debug(`Fingerprint  : ${privateKey.fingerprint}`);
    core.debug(`KeyID        : ${privateKey.keyID}`);
    core.debug(`Name         : ${privateKey.name}`);
    core.debug(`Email        : ${privateKey.email}`);
    core.debug(`CreationTime : ${privateKey.creationTime}`);

    core.info('🔑 Importing GPG private key');
    await gpg.importKey(inputs.gpgPrivateKey).then(stdout => {
      core.debug(stdout);
    });

    if (inputs.passphrase) {
      core.info('⚙️ Configuring GnuPG agent');
      await gpg.configureAgent(gpg.agentConfig);

      core.info('📌 Getting keygrips');
      for (let keygrip of await gpg.getKeygrips(privateKey.fingerprint)) {
        core.info(`🔓 Presetting passphrase for ${keygrip}`);
        await gpg.presetPassphrase(keygrip, inputs.passphrase).then(stdout => {
          core.debug(stdout);
        });
      }
    }

    core.info('🛒 Setting outputs...');
    core.setOutput('fingerprint', privateKey.fingerprint);
    core.setOutput('keyid', privateKey.keyID);
    core.setOutput('name', privateKey.name);
    core.setOutput('email', privateKey.email);

    if (inputs.gitUserSigningkey) {
      core.info('🔐 Setting GPG signing keyID for this Git repository');
      await git.setConfig('user.signingkey', privateKey.keyID);

      const userEmail = inputs.gitCommitterEmail || privateKey.email;
      const userName = inputs.gitCommitterName || privateKey.name;

      if (userEmail != privateKey.email) {
        core.setFailed(`Committer email "${inputs.gitCommitterEmail}" (name: "${inputs.gitCommitterName}") does not match GPG private key email "${privateKey.email}" (name: "${privateKey.name}")`);
        return;
      }

      core.info(`🔨 Configuring Git committer (${userName} <${userEmail}>)`);
      await git.setConfig('user.name', userName);
      await git.setConfig('user.email', userEmail);

      if (inputs.gitCommitGpgsign) {
        core.info('💎 Sign all commits automatically');
        await git.setConfig('commit.gpgsign', 'true');
      }
      if (inputs.gitTagGpgsign) {
        core.info('💎 Sign all tags automatically');
        await git.setConfig('tag.gpgsign', 'true');
      }
      if (inputs.gitPushGpgsign) {
        core.info('💎 Sign all pushes automatically');
        await git.setConfig('push.gpgsign', 'true');
      }
    }
  } catch (error) {
    core.setFailed(error.message);
  }
}

async function cleanup(): Promise<void> {
  if (stateHelper.gpgPrivateKey.length <= 0) {
    core.debug('GPG private key is not defined. Skipping cleanup.');
    return;
  }
  try {
    core.info('🚿 Removing keys');
    const privateKey = await openpgp.readPrivateKey(stateHelper.gpgPrivateKey);
    await gpg.deleteKey(privateKey.fingerprint);

    core.info('💀 Killing GnuPG agent');
    await gpg.killAgent();
  } catch (error) {
    core.warning(error.message);
  }
}

if (!stateHelper.IsPost) {
  run();
} else {
  cleanup();
}
Initial commit 2020-05-03 20:46:05 +02:00			`import * as core from '@actions/core';`
Move GPG_PRIVATE_KEY env var to gpg-private-key input Move PASSPHRASE env var to passphrase input Rename git_user_signingkey input to git-user-signingkey Rename git_commit_gpgsign input to git-commit-gpgsign Rename git_tag_gpgsign input to git-tag-gpgsign Rename git_push_gpgsign input to git-push-gpgsign Rename git_committer_name input to git-committer-name Rename git_committer_email input to git-committer-email 2020-09-06 22:03:16 +02:00			`import * as context from './context';`
Enable signing for Git commits and tags (#4) 2020-05-04 20:59:11 +02:00			`import * as git from './git';`
Display GnuPG info 2020-05-03 21:33:19 +02:00			`import * as gpg from './gpg';`
			`import * as openpgp from './openpgp';`
Initial commit 2020-05-03 20:46:05 +02:00			`import * as stateHelper from './state-helper';`

			`async function run(): Promise<void> {`
			`try {`
Move GPG_PRIVATE_KEY env var to gpg-private-key input Move PASSPHRASE env var to passphrase input Rename git_user_signingkey input to git-user-signingkey Rename git_commit_gpgsign input to git-commit-gpgsign Rename git_tag_gpgsign input to git-tag-gpgsign Rename git_push_gpgsign input to git-push-gpgsign Rename git_committer_name input to git-committer-name Rename git_committer_email input to git-committer-email 2020-09-06 22:03:16 +02:00			`let inputs: context.Inputs = await context.getInputs();`
			`stateHelper.setGpgPrivateKey(inputs.gpgPrivateKey);`
Initial commit 2020-05-03 20:46:05 +02:00
Move GPG_PRIVATE_KEY env var to gpg-private-key input Move PASSPHRASE env var to passphrase input Rename git_user_signingkey input to git-user-signingkey Rename git_commit_gpgsign input to git-commit-gpgsign Rename git_tag_gpgsign input to git-tag-gpgsign Rename git_push_gpgsign input to git-push-gpgsign Rename git_committer_name input to git-committer-name Rename git_committer_email input to git-committer-email 2020-09-06 22:03:16 +02:00			`if (inputs.workdir && inputs.workdir !== '.') {`
			core.info(`📂 Using ${inputs.workdir} as working directory...`);
			`process.chdir(inputs.workdir);`
Add workdir input (#55) 2020-08-28 16:30:49 -04:00			`}`
Configure and check committer email against GPG user address 2020-05-05 20:01:45 +02:00
Display GnuPG info 2020-05-03 21:33:19 +02:00			`core.info('📣 GnuPG info');`
			`const version = await gpg.getVersion();`
Allow to seed the internal cache of gpg-agent with provided passphrase (#5) Better handling of commands output streams 2020-05-04 16:17:14 +02:00			`const dirs = await gpg.getDirs();`
Display libexecdir 2020-05-04 16:40:21 +02:00			core.info(`Version : ${version.gnupg} (libgcrypt ${version.libgcrypt})`);
			core.info(`Libdir : ${dirs.libdir}`);
			core.info(`Libexecdir : ${dirs.libexecdir}`);
			core.info(`Datadir : ${dirs.datadir}`);
			core.info(`Homedir : ${dirs.homedir}`);
Initial commit 2020-05-03 20:46:05 +02:00
Add git_tag_gpgsign and git_push_gpgsign inputs Some inputs and secrets have been renamed 2020-05-06 01:15:33 +02:00			`core.info('🔮 Checking GPG private key');`
Move GPG_PRIVATE_KEY env var to gpg-private-key input Move PASSPHRASE env var to passphrase input Rename git_user_signingkey input to git-user-signingkey Rename git_commit_gpgsign input to git-commit-gpgsign Rename git_tag_gpgsign input to git-tag-gpgsign Rename git_push_gpgsign input to git-push-gpgsign Rename git_committer_name input to git-committer-name Rename git_committer_email input to git-committer-email 2020-09-06 22:03:16 +02:00			`const privateKey = await openpgp.readPrivateKey(inputs.gpgPrivateKey);`
Allow to seed the internal cache of gpg-agent with provided passphrase (#5) Better handling of commands output streams 2020-05-04 16:17:14 +02:00			core.debug(`Fingerprint : ${privateKey.fingerprint}`);
			core.debug(`KeyID : ${privateKey.keyID}`);
Configure and check committer email against GPG user address 2020-05-05 20:01:45 +02:00			core.debug(`Name : ${privateKey.name}`);
			core.debug(`Email : ${privateKey.email}`);
Allow to seed the internal cache of gpg-agent with provided passphrase (#5) Better handling of commands output streams 2020-05-04 16:17:14 +02:00			core.debug(`CreationTime : ${privateKey.creationTime}`);
Initial commit 2020-05-03 20:46:05 +02:00
Add git_tag_gpgsign and git_push_gpgsign inputs Some inputs and secrets have been renamed 2020-05-06 01:15:33 +02:00			`core.info('🔑 Importing GPG private key');`
Move GPG_PRIVATE_KEY env var to gpg-private-key input Move PASSPHRASE env var to passphrase input Rename git_user_signingkey input to git-user-signingkey Rename git_commit_gpgsign input to git-commit-gpgsign Rename git_tag_gpgsign input to git-tag-gpgsign Rename git_push_gpgsign input to git-push-gpgsign Rename git_committer_name input to git-committer-name Rename git_committer_email input to git-committer-email 2020-09-06 22:03:16 +02:00			`await gpg.importKey(inputs.gpgPrivateKey).then(stdout => {`
Allow to seed the internal cache of gpg-agent with provided passphrase (#5) Better handling of commands output streams 2020-05-04 16:17:14 +02:00			`core.debug(stdout);`
			`});`

Move GPG_PRIVATE_KEY env var to gpg-private-key input Move PASSPHRASE env var to passphrase input Rename git_user_signingkey input to git-user-signingkey Rename git_commit_gpgsign input to git-commit-gpgsign Rename git_tag_gpgsign input to git-tag-gpgsign Rename git_push_gpgsign input to git-push-gpgsign Rename git_committer_name input to git-committer-name Rename git_committer_email input to git-committer-email 2020-09-06 22:03:16 +02:00			`if (inputs.passphrase) {`
Cleanup 2020-05-04 20:09:52 +02:00			`core.info('⚙️ Configuring GnuPG agent');`
Allow to seed the internal cache of gpg-agent with provided passphrase (#5) Better handling of commands output streams 2020-05-04 16:17:14 +02:00			`await gpg.configureAgent(gpg.agentConfig);`

Set passphrase for all key keygrips (#57) Co-authored-by: yann degat <yann.degat@corp.ovh.com> 2020-09-03 17:19:11 +02:00			`core.info('📌 Getting keygrips');`
			`for (let keygrip of await gpg.getKeygrips(privateKey.fingerprint)) {`
			core.info(`🔓 Presetting passphrase for ${keygrip}`);
Move GPG_PRIVATE_KEY env var to gpg-private-key input Move PASSPHRASE env var to passphrase input Rename git_user_signingkey input to git-user-signingkey Rename git_commit_gpgsign input to git-commit-gpgsign Rename git_tag_gpgsign input to git-tag-gpgsign Rename git_push_gpgsign input to git-push-gpgsign Rename git_committer_name input to git-committer-name Rename git_committer_email input to git-committer-email 2020-09-06 22:03:16 +02:00			`await gpg.presetPassphrase(keygrip, inputs.passphrase).then(stdout => {`
Set passphrase for all key keygrips (#57) Co-authored-by: yann degat <yann.degat@corp.ovh.com> 2020-09-03 17:19:11 +02:00			`core.debug(stdout);`
			`});`
			`}`
Allow to seed the internal cache of gpg-agent with provided passphrase (#5) Better handling of commands output streams 2020-05-04 16:17:14 +02:00			`}`
Enable signing for Git commits and tags (#4) 2020-05-04 20:59:11 +02:00
Add fingerprint, keyid and email outputs 2020-05-07 20:42:27 +02:00			`core.info('🛒 Setting outputs...');`
			`core.setOutput('fingerprint', privateKey.fingerprint);`
			`core.setOutput('keyid', privateKey.keyID);`
Use GPG key name/email as default values (#13) 2020-05-12 20:18:51 +02:00			`core.setOutput('name', privateKey.name);`
Update index 2020-05-12 20:48:57 +02:00			`core.setOutput('email', privateKey.email);`
Add fingerprint, keyid and email outputs 2020-05-07 20:42:27 +02:00
Move GPG_PRIVATE_KEY env var to gpg-private-key input Move PASSPHRASE env var to passphrase input Rename git_user_signingkey input to git-user-signingkey Rename git_commit_gpgsign input to git-commit-gpgsign Rename git_tag_gpgsign input to git-tag-gpgsign Rename git_push_gpgsign input to git-push-gpgsign Rename git_committer_name input to git-committer-name Rename git_committer_email input to git-committer-email 2020-09-06 22:03:16 +02:00			`if (inputs.gitUserSigningkey) {`
Add git_tag_gpgsign and git_push_gpgsign inputs Some inputs and secrets have been renamed 2020-05-06 01:15:33 +02:00			`core.info('🔐 Setting GPG signing keyID for this Git repository');`
			`await git.setConfig('user.signingkey', privateKey.keyID);`

Move GPG_PRIVATE_KEY env var to gpg-private-key input Move PASSPHRASE env var to passphrase input Rename git_user_signingkey input to git-user-signingkey Rename git_commit_gpgsign input to git-commit-gpgsign Rename git_tag_gpgsign input to git-tag-gpgsign Rename git_push_gpgsign input to git-push-gpgsign Rename git_committer_name input to git-committer-name Rename git_committer_email input to git-committer-email 2020-09-06 22:03:16 +02:00			`const userEmail = inputs.gitCommitterEmail \|\| privateKey.email;`
			`const userName = inputs.gitCommitterName \|\| privateKey.name;`
Use GPG key name/email as default values (#13) 2020-05-12 20:18:51 +02:00
Move GPG_PRIVATE_KEY env var to gpg-private-key input Move PASSPHRASE env var to passphrase input Rename git_user_signingkey input to git-user-signingkey Rename git_commit_gpgsign input to git-commit-gpgsign Rename git_tag_gpgsign input to git-tag-gpgsign Rename git_push_gpgsign input to git-push-gpgsign Rename git_committer_name input to git-committer-name Rename git_committer_email input to git-committer-email 2020-09-06 22:03:16 +02:00			`if (userEmail != privateKey.email) {`
fix: ensure gitCommitterEmail uses correct action input (#67) 2020-11-24 06:03:54 -06:00			core.setFailed(`Committer email "${inputs.gitCommitterEmail}" (name: "${inputs.gitCommitterName}") does not match GPG private key email "${privateKey.email}" (name: "${privateKey.name}")`);
Configure and check committer email against GPG user address 2020-05-05 20:01:45 +02:00			`return;`
			`}`
Add git_tag_gpgsign and git_push_gpgsign inputs Some inputs and secrets have been renamed 2020-05-06 01:15:33 +02:00
Move GPG_PRIVATE_KEY env var to gpg-private-key input Move PASSPHRASE env var to passphrase input Rename git_user_signingkey input to git-user-signingkey Rename git_commit_gpgsign input to git-commit-gpgsign Rename git_tag_gpgsign input to git-tag-gpgsign Rename git_push_gpgsign input to git-push-gpgsign Rename git_committer_name input to git-committer-name Rename git_committer_email input to git-committer-email 2020-09-06 22:03:16 +02:00			core.info(`🔨 Configuring Git committer (${userName} <${userEmail}>)`);
			`await git.setConfig('user.name', userName);`
			`await git.setConfig('user.email', userEmail);`
Configure and check committer email against GPG user address 2020-05-05 20:01:45 +02:00
Move GPG_PRIVATE_KEY env var to gpg-private-key input Move PASSPHRASE env var to passphrase input Rename git_user_signingkey input to git-user-signingkey Rename git_commit_gpgsign input to git-commit-gpgsign Rename git_tag_gpgsign input to git-tag-gpgsign Rename git_push_gpgsign input to git-push-gpgsign Rename git_committer_name input to git-committer-name Rename git_committer_email input to git-committer-email 2020-09-06 22:03:16 +02:00			`if (inputs.gitCommitGpgsign) {`
Add git_tag_gpgsign and git_push_gpgsign inputs Some inputs and secrets have been renamed 2020-05-06 01:15:33 +02:00			`core.info('💎 Sign all commits automatically');`
			`await git.setConfig('commit.gpgsign', 'true');`
			`}`
Move GPG_PRIVATE_KEY env var to gpg-private-key input Move PASSPHRASE env var to passphrase input Rename git_user_signingkey input to git-user-signingkey Rename git_commit_gpgsign input to git-commit-gpgsign Rename git_tag_gpgsign input to git-tag-gpgsign Rename git_push_gpgsign input to git-push-gpgsign Rename git_committer_name input to git-committer-name Rename git_committer_email input to git-committer-email 2020-09-06 22:03:16 +02:00			`if (inputs.gitTagGpgsign) {`
Add git_tag_gpgsign and git_push_gpgsign inputs Some inputs and secrets have been renamed 2020-05-06 01:15:33 +02:00			`core.info('💎 Sign all tags automatically');`
			`await git.setConfig('tag.gpgsign', 'true');`
			`}`
Move GPG_PRIVATE_KEY env var to gpg-private-key input Move PASSPHRASE env var to passphrase input Rename git_user_signingkey input to git-user-signingkey Rename git_commit_gpgsign input to git-commit-gpgsign Rename git_tag_gpgsign input to git-tag-gpgsign Rename git_push_gpgsign input to git-push-gpgsign Rename git_committer_name input to git-committer-name Rename git_committer_email input to git-committer-email 2020-09-06 22:03:16 +02:00			`if (inputs.gitPushGpgsign) {`
Add git_tag_gpgsign and git_push_gpgsign inputs Some inputs and secrets have been renamed 2020-05-06 01:15:33 +02:00			`core.info('💎 Sign all pushes automatically');`
			`await git.setConfig('push.gpgsign', 'true');`
			`}`
Enable signing for Git commits and tags (#4) 2020-05-04 20:59:11 +02:00			`}`
Initial commit 2020-05-03 20:46:05 +02:00			`} catch (error) {`
			`core.setFailed(error.message);`
			`}`
			`}`

			`async function cleanup(): Promise<void> {`
Move GPG_PRIVATE_KEY env var to gpg-private-key input Move PASSPHRASE env var to passphrase input Rename git_user_signingkey input to git-user-signingkey Rename git_commit_gpgsign input to git-commit-gpgsign Rename git_tag_gpgsign input to git-tag-gpgsign Rename git_push_gpgsign input to git-push-gpgsign Rename git_committer_name input to git-committer-name Rename git_committer_email input to git-committer-email 2020-09-06 22:03:16 +02:00			`if (stateHelper.gpgPrivateKey.length <= 0) {`
Add git_tag_gpgsign and git_push_gpgsign inputs Some inputs and secrets have been renamed 2020-05-06 01:15:33 +02:00			`core.debug('GPG private key is not defined. Skipping cleanup.');`
Initial commit 2020-05-03 20:46:05 +02:00			`return;`
			`}`
			`try {`
Cleanup 2020-05-04 20:09:52 +02:00			`core.info('🚿 Removing keys');`
Move GPG_PRIVATE_KEY env var to gpg-private-key input Move PASSPHRASE env var to passphrase input Rename git_user_signingkey input to git-user-signingkey Rename git_commit_gpgsign input to git-commit-gpgsign Rename git_tag_gpgsign input to git-tag-gpgsign Rename git_push_gpgsign input to git-push-gpgsign Rename git_committer_name input to git-committer-name Rename git_committer_email input to git-committer-email 2020-09-06 22:03:16 +02:00			`const privateKey = await openpgp.readPrivateKey(stateHelper.gpgPrivateKey);`
Display GnuPG info 2020-05-03 21:33:19 +02:00			`await gpg.deleteKey(privateKey.fingerprint);`
Kill GnuPG agent at POST step 2020-05-06 00:23:29 +02:00
			`core.info('💀 Killing GnuPG agent');`
			`await gpg.killAgent();`
Initial commit 2020-05-03 20:46:05 +02:00			`} catch (error) {`
			`core.warning(error.message);`
			`}`
			`}`

			`if (!stateHelper.IsPost) {`
			`run();`
Move GPG_PRIVATE_KEY env var to gpg-private-key input Move PASSPHRASE env var to passphrase input Rename git_user_signingkey input to git-user-signingkey Rename git_commit_gpgsign input to git-commit-gpgsign Rename git_tag_gpgsign input to git-tag-gpgsign Rename git_push_gpgsign input to git-push-gpgsign Rename git_committer_name input to git-committer-name Rename git_committer_email input to git-committer-email 2020-09-06 22:03:16 +02:00			`} else {`
Initial commit 2020-05-03 20:46:05 +02:00			`cleanup();`
			`}`