2020-05-03 20:46:05 +02:00
[![GitHub release ](https://img.shields.io/github/release/crazy-max/ghaction-import-gpg.svg?style=flat-square )](https://github.com/crazy-max/ghaction-import-gpg/releases/latest)
[![GitHub marketplace ](https://img.shields.io/badge/marketplace-import--gpg-blue?logo=github&style=flat-square )](https://github.com/marketplace/actions/import-gpg)
2022-12-21 05:10:40 +01:00
[![Test workflow ](https://img.shields.io/github/actions/workflow/status/crazy-max/ghaction-import-gpg/test.yml?branch=master&label=test&logo=github&style=flat-square )](https://github.com/crazy-max/ghaction-import-gpg/actions?workflow=test)
2020-05-06 18:06:13 +02:00
[![Codecov ](https://img.shields.io/codecov/c/github/crazy-max/ghaction-import-gpg?logo=codecov&style=flat-square )](https://codecov.io/gh/crazy-max/ghaction-import-gpg)
2020-05-03 20:46:05 +02:00
[![Become a sponsor ](https://img.shields.io/badge/sponsor-crazy--max-181717.svg?logo=github&style=flat-square )](https://github.com/sponsors/crazy-max)
[![Paypal Donate ](https://img.shields.io/badge/donate-paypal-00457c.svg?logo=paypal&style=flat-square )](https://www.paypal.me/crazyws)
2020-08-28 22:35:50 +02:00
## About
2020-05-03 20:46:05 +02:00
2020-05-07 20:42:27 +02:00
GitHub Action to easily import a GPG key.
2020-05-03 20:46:05 +02:00
2020-05-11 19:14:35 +02:00
![Import GPG ](.github/ghaction-import-gpg.png )
2020-05-03 21:52:25 +02:00
2020-05-11 19:20:28 +02:00
___
* [Features ](#features )
* [Prerequisites ](#prerequisites )
* [Usage ](#usage )
* [Workflow ](#workflow )
* [Sign commits ](#sign-commits )
2022-03-01 10:56:11 +01:00
* [Use a subkey ](#use-a-subkey )
2020-05-11 19:20:28 +02:00
* [Customizing ](#customizing )
* [inputs ](#inputs )
2020-08-28 16:30:49 -04:00
* [outputs ](#outputs )
2021-08-01 05:12:51 +02:00
* [Contributing ](#contributing )
2020-05-11 19:20:28 +02:00
* [License ](#license )
2020-05-04 16:17:14 +02:00
## Features
2021-09-05 01:12:28 +02:00
* Works on Linux, macOS and Windows [virtual environments ](https://help.github.com/en/articles/virtual-environments-for-github-actions#supported-virtual-environments-and-hardware-resources )
2020-05-04 16:17:14 +02:00
* Allow to seed the internal cache of `gpg-agent` with provided passphrase
2022-02-12 19:06:41 +01:00
* Signing-only subkeys support
2020-05-06 00:23:29 +02:00
* Purge imported GPG key, cache information and kill agent from runner
2020-05-07 20:42:27 +02:00
* (Git) Enable signing for Git commits, tags and pushes
* (Git) Configure and check committer info against GPG key
2020-05-04 16:17:14 +02:00
2020-05-11 19:20:28 +02:00
## Prerequisites
2020-05-03 20:46:05 +02:00
2020-08-28 22:43:20 +02:00
First, [generate a GPG key ](https://docs.github.com/en/github/authenticating-to-github/generating-a-new-gpg-key ) and
export the GPG private key as an ASCII armored version to your clipboard:
2020-05-06 00:09:09 +02:00
```shell
2020-05-13 14:10:12 +02:00
# macOS
gpg --armor --export-secret-key joe@foo .bar | pbcopy
# Ubuntu (assuming GNU base64)
gpg --armor --export-secret-key joe@foo .bar -w0 | xclip
# Arch
2020-09-29 16:10:16 +02:00
gpg --armor --export-secret-key joe@foo .bar | xclip -selection clipboard -i
2020-05-13 14:10:12 +02:00
# FreeBSD (assuming BSD base64)
gpg --armor --export-secret-key joe@foo .bar | xclip
2020-05-06 00:09:09 +02:00
```
2021-08-10 08:46:50 +02:00
Paste your clipboard as a [`secret` ](https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets )
named `GPG_PRIVATE_KEY` for example. Create another secret with the `PASSPHRASE` if applicable.
2020-05-06 00:09:09 +02:00
2020-05-11 19:20:28 +02:00
## Usage
### Workflow
2020-05-03 20:46:05 +02:00
```yaml
name: import-gpg
on:
push:
branches: master
jobs:
import-gpg:
runs-on: ubuntu-latest
steps:
-
name: Checkout
2022-05-26 23:47:39 +02:00
uses: actions/checkout@v3
2020-05-03 20:46:05 +02:00
-
name: Import GPG key
2020-05-07 21:01:27 +02:00
id: import_gpg
2022-05-26 23:31:54 +02:00
uses: crazy-max/ghaction-import-gpg@v5
2020-09-06 22:03:16 +02:00
with:
2021-09-05 01:12:28 +02:00
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
2020-09-06 22:03:16 +02:00
passphrase: ${{ secrets.PASSPHRASE }}
2020-05-07 21:01:27 +02:00
-
2022-02-12 19:06:41 +01:00
name: List keys
run: gpg -K
2020-05-11 19:20:28 +02:00
```
### Sign commits
```yaml
name: import-gpg
on:
push:
branches: master
jobs:
sign-commit:
runs-on: ubuntu-latest
steps:
-
name: Checkout
2022-05-26 23:47:39 +02:00
uses: actions/checkout@v3
2020-05-11 19:20:28 +02:00
-
name: Import GPG key
2022-05-26 23:31:54 +02:00
uses: crazy-max/ghaction-import-gpg@v5
2020-05-11 19:20:28 +02:00
with:
2021-09-05 01:12:28 +02:00
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
2020-09-06 22:03:16 +02:00
passphrase: ${{ secrets.PASSPHRASE }}
2021-09-05 01:12:28 +02:00
git_user_signingkey: true
git_commit_gpgsign: true
2020-05-06 01:15:33 +02:00
-
name: Sign commit and push changes
run: |
echo foo > bar.txt
git add .
git commit -S -m "This commit is signed!"
git push
2020-05-03 20:46:05 +02:00
```
2022-02-28 15:36:54 +00:00
### Use a subkey
With the input `fingerprint` , you can specify which one of the subkeys in a GPG key you want to use for signing.
```yaml
name: import-gpg
on:
push:
branches: master
jobs:
import-gpg:
runs-on: ubuntu-latest
steps:
-
name: Checkout
2022-05-26 23:47:39 +02:00
uses: actions/checkout@v3
2022-02-28 15:36:54 +00:00
-
name: Import GPG key
id: import_gpg
2022-05-26 23:31:54 +02:00
uses: crazy-max/ghaction-import-gpg@v5
2022-02-28 15:36:54 +00:00
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.PASSPHRASE }}
fingerprint: "C17D11ADF199F12A30A0910F1F80449BE0B08CB8"
-
name: List keys
run: gpg -K
```
For example, given this GPG key with a signing subkey:
```s
pub ed25519 2021-09-24 [C]
87F257B89CE462100BEC0FFE6071D218380FDCC8
Keygrip = F5C3ABFAAB36B427FD98C4EDD0387E08EA1E8092
uid [ unknown] Joe Bar < joe @bar .foo >
sub ed25519 2021-09-24 [S]
C17D11ADF199F12A30A0910F1F80449BE0B08CB8
Keygrip = DEE0FC98F441519CA5DE5D79773CB29009695FEB
```
You can use the subkey with signing capability whose fingerprint is `C17D11ADF199F12A30A0910F1F80449BE0B08CB8` .
2020-05-03 21:52:25 +02:00
## Customizing
2020-05-04 20:59:11 +02:00
### inputs
Following inputs can be used as `step.with` keys
2020-09-06 22:03:16 +02:00
| Name | Type | Description |
2020-05-12 20:59:41 +02:00
|---------------------------------------|---------|------------------------------------------------|
2021-09-05 01:12:28 +02:00
| `gpg_private_key` | String | GPG private key exported as an ASCII armored version or its base64 encoding (**required**) |
2020-09-06 22:03:16 +02:00
| `passphrase` | String | Passphrase of the GPG private key |
2021-09-05 01:12:28 +02:00
| `git_config_global` | Bool | Set Git config global (default `false` ) |
| `git_user_signingkey` | Bool | Set GPG signing keyID for this Git repository (default `false` ) |
| `git_commit_gpgsign` | Bool | Sign all commits automatically. (default `false` ) |
| `git_tag_gpgsign` | Bool | Sign all tags automatically. (default `false` ) |
| `git_push_gpgsign` | String | Sign all pushes automatically. (default `if-asked` ) |
| `git_committer_name` | String | Set commit author's name (defaults to the name associated with the GPG key) |
| `git_committer_email` | String | Set commit author's email (defaults to the email address associated with the GPG key) |
2020-08-28 22:35:50 +02:00
| `workdir` | String | Working directory (below repository root) (default `.` ) |
2021-10-15 13:40:04 +02:00
| `fingerprint` | String | Specific fingerprint to use (subkey) |
2020-05-12 20:59:41 +02:00
2021-09-05 01:12:28 +02:00
> `git_user_signingkey` needs to be enabled for `git_commit_gpgsign`, `git_tag_gpgsign`,
> `git_push_gpgsign`, `git_committer_name`, `git_committer_email` inputs.
2020-05-07 20:42:27 +02:00
### outputs
Following outputs are available
| Name | Type | Description |
|---------------|---------|---------------------------------------|
| `fingerprint` | String | Fingerprint of the GPG key (recommended as [user ID ](https://www.gnupg.org/documentation/manuals/gnupg/Specify-a-User-ID.html )) |
| `keyid` | String | Low 64 bits of the X.509 certificate SHA-1 fingerprint |
2020-08-28 22:35:50 +02:00
| `name` | String | Name associated with the GPG key |
2020-05-07 20:42:27 +02:00
| `email` | String | Email address associated with the GPG key |
2020-05-04 20:59:11 +02:00
2021-08-01 05:12:51 +02:00
## Contributing
2020-08-20 17:33:24 +02:00
2021-08-01 05:12:51 +02:00
Want to contribute? Awesome! The most basic way to show your support is to star the project, or to raise issues. If
you want to open a pull request, please read the [contributing guidelines ](.github/CONTRIBUTING.md ).
2020-08-20 17:33:24 +02:00
2021-08-01 05:12:51 +02:00
You can also support this project by [**becoming a sponsor on GitHub** ](https://github.com/sponsors/crazy-max ) or by
making a [Paypal donation ](https://www.paypal.me/crazyws ) to ensure this journey continues indefinitely!
2020-05-03 20:46:05 +02:00
Thanks again for your support, it is much appreciated! :pray:
## License
MIT. See `LICENSE` for more details.