mirror of
https://github.com/crazy-max/ghaction-import-gpg.git
synced 2025-01-18 22:04:45 +01:00
Handle signing-only subkeys (#112)
Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com>
This commit is contained in:
parent
aaade0d1c6
commit
60f6f3e9a9
18 changed files with 396 additions and 213 deletions
52
.github/workflows/ci.yml
vendored
52
.github/workflows/ci.yml
vendored
|
@ -2,7 +2,7 @@ name: ci
|
||||||
|
|
||||||
on:
|
on:
|
||||||
schedule:
|
schedule:
|
||||||
- cron: '0 10 * * *' # everyday at 10am
|
- cron: '0 10 * * *'
|
||||||
push:
|
push:
|
||||||
branches:
|
branches:
|
||||||
- 'master'
|
- 'master'
|
||||||
|
@ -20,6 +20,9 @@ jobs:
|
||||||
strategy:
|
strategy:
|
||||||
fail-fast: false
|
fail-fast: false
|
||||||
matrix:
|
matrix:
|
||||||
|
key:
|
||||||
|
- test-key
|
||||||
|
- test-subkey
|
||||||
global:
|
global:
|
||||||
- false
|
- false
|
||||||
- true
|
- true
|
||||||
|
@ -27,10 +30,26 @@ jobs:
|
||||||
- ubuntu-latest
|
- ubuntu-latest
|
||||||
- macOS-latest
|
- macOS-latest
|
||||||
- windows-latest
|
- windows-latest
|
||||||
|
include:
|
||||||
|
- key: test-subkey
|
||||||
|
fingerprint: C17D11ADF199F12A30A0910F1F80449BE0B08CB8
|
||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
uses: actions/checkout@v2
|
uses: actions/checkout@v2
|
||||||
|
-
|
||||||
|
name: GPG conf
|
||||||
|
uses: actions/github-script@v4
|
||||||
|
with:
|
||||||
|
script: |
|
||||||
|
const fs = require('fs');
|
||||||
|
const gnupgfolder = `${require('os').homedir()}/.gnupg`;
|
||||||
|
if (!fs.existsSync(gnupgfolder)){
|
||||||
|
fs.mkdirSync(gnupgfolder);
|
||||||
|
}
|
||||||
|
fs.copyFile('__tests__/fixtures/gpg.conf', `${gnupgfolder}/gpg.conf`, (err) => {
|
||||||
|
if (err) throw err;
|
||||||
|
});
|
||||||
-
|
-
|
||||||
name: Get test key and passphrase
|
name: Get test key and passphrase
|
||||||
uses: actions/github-script@v5
|
uses: actions/github-script@v5
|
||||||
|
@ -38,8 +57,8 @@ jobs:
|
||||||
with:
|
with:
|
||||||
script: |
|
script: |
|
||||||
const fs = require('fs');
|
const fs = require('fs');
|
||||||
core.setOutput('pgp', fs.readFileSync('.github/test-key.pgp', {encoding: 'utf8'}));
|
core.setOutput('pgp', fs.readFileSync('__tests__/fixtures/${{ matrix.key }}.pgp', {encoding: 'utf8'}));
|
||||||
core.setOutput('passphrase', fs.readFileSync('.github/test-key.pass', {encoding: 'utf8'}));
|
core.setOutput('passphrase', fs.readFileSync('__tests__/fixtures/${{ matrix.key }}.pass', {encoding: 'utf8'}));
|
||||||
-
|
-
|
||||||
name: Import GPG
|
name: Import GPG
|
||||||
id: import_gpg
|
id: import_gpg
|
||||||
|
@ -52,23 +71,28 @@ jobs:
|
||||||
git_commit_gpgsign: true
|
git_commit_gpgsign: true
|
||||||
git_tag_gpgsign: true
|
git_tag_gpgsign: true
|
||||||
git_push_gpgsign: if-asked
|
git_push_gpgsign: if-asked
|
||||||
|
fingerprint: ${{ matrix.fingerprint }}
|
||||||
-
|
-
|
||||||
name: GPG user IDs
|
name: List keys
|
||||||
run: |
|
run: |
|
||||||
echo "fingerprint: ${{ steps.import_gpg.outputs.fingerprint }}"
|
gpg -K
|
||||||
echo "keyid: ${{ steps.import_gpg.outputs.keyid }}"
|
shell: bash
|
||||||
echo "name: ${{ steps.import_gpg.outputs.name }}"
|
|
||||||
echo "email: ${{ steps.import_gpg.outputs.email }}"
|
|
||||||
|
|
||||||
base64:
|
base64:
|
||||||
runs-on: ${{ matrix.os }}
|
runs-on: ${{ matrix.os }}
|
||||||
strategy:
|
strategy:
|
||||||
fail-fast: false
|
fail-fast: false
|
||||||
matrix:
|
matrix:
|
||||||
|
key:
|
||||||
|
- test-key
|
||||||
|
- test-subkey
|
||||||
os:
|
os:
|
||||||
- ubuntu-latest
|
- ubuntu-latest
|
||||||
- macOS-latest
|
- macOS-latest
|
||||||
- windows-latest
|
- windows-latest
|
||||||
|
include:
|
||||||
|
- key: test-subkey
|
||||||
|
fingerprint: C17D11ADF199F12A30A0910F1F80449BE0B08CB8
|
||||||
steps:
|
steps:
|
||||||
-
|
-
|
||||||
name: Checkout
|
name: Checkout
|
||||||
|
@ -80,8 +104,8 @@ jobs:
|
||||||
with:
|
with:
|
||||||
script: |
|
script: |
|
||||||
const fs = require('fs');
|
const fs = require('fs');
|
||||||
core.setOutput('pgp-base64', fs.readFileSync('.github/test-key-base64.pgp', {encoding: 'utf8'}));
|
core.setOutput('pgp-base64', fs.readFileSync('__tests__/fixtures/${{ matrix.key }}-base64.pgp', {encoding: 'utf8'}));
|
||||||
core.setOutput('passphrase', fs.readFileSync('.github/test-key.pass', {encoding: 'utf8'}));
|
core.setOutput('passphrase', fs.readFileSync('__tests__/fixtures/${{ matrix.key }}.pass', {encoding: 'utf8'}));
|
||||||
-
|
-
|
||||||
name: Import GPG
|
name: Import GPG
|
||||||
id: import_gpg
|
id: import_gpg
|
||||||
|
@ -93,10 +117,4 @@ jobs:
|
||||||
git_commit_gpgsign: true
|
git_commit_gpgsign: true
|
||||||
git_tag_gpgsign: true
|
git_tag_gpgsign: true
|
||||||
git_push_gpgsign: if-asked
|
git_push_gpgsign: if-asked
|
||||||
-
|
fingerprint: ${{ matrix.fingerprint }}
|
||||||
name: GPG user IDs
|
|
||||||
run: |
|
|
||||||
echo "fingerprint: ${{ steps.import_gpg.outputs.fingerprint }}"
|
|
||||||
echo "keyid: ${{ steps.import_gpg.outputs.keyid }}"
|
|
||||||
echo "name: ${{ steps.import_gpg.outputs.name }}"
|
|
||||||
echo "email: ${{ steps.import_gpg.outputs.email }}"
|
|
||||||
|
|
|
@ -141,6 +141,7 @@ Following inputs can be used as `step.with` keys
|
||||||
| `git_committer_name` | String | Set commit author's name (defaults to the name associated with the GPG key) |
|
| `git_committer_name` | String | Set commit author's name (defaults to the name associated with the GPG key) |
|
||||||
| `git_committer_email` | String | Set commit author's email (defaults to the email address associated with the GPG key) |
|
| `git_committer_email` | String | Set commit author's email (defaults to the email address associated with the GPG key) |
|
||||||
| `workdir` | String | Working directory (below repository root) (default `.`) |
|
| `workdir` | String | Working directory (below repository root) (default `.`) |
|
||||||
|
| `fingerprint` | String | Specific fingerprint to use (subkey) |
|
||||||
|
|
||||||
> `git_user_signingkey` needs to be enabled for `git_commit_gpgsign`, `git_tag_gpgsign`,
|
> `git_user_signingkey` needs to be enabled for `git_commit_gpgsign`, `git_tag_gpgsign`,
|
||||||
> `git_push_gpgsign`, `git_committer_name`, `git_committer_email` inputs.
|
> `git_push_gpgsign`, `git_committer_name`, `git_committer_email` inputs.
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
import * as os from 'os';
|
import * as os from 'os';
|
||||||
|
|
||||||
import * as context from '../src/context';
|
import * as context from '../src/context';
|
||||||
|
|
||||||
describe('setOutput', () => {
|
describe('setOutput', () => {
|
||||||
|
|
71
__tests__/fixtures/gpg.conf
Normal file
71
__tests__/fixtures/gpg.conf
Normal file
|
@ -0,0 +1,71 @@
|
||||||
|
################################################################################
|
||||||
|
# GnuPG Options
|
||||||
|
|
||||||
|
# (OpenPGP-Configuration-Options)
|
||||||
|
# Assume that command line arguments are given as UTF8 strings.
|
||||||
|
utf8-strings
|
||||||
|
|
||||||
|
# (OpenPGP-Protocol-Options)
|
||||||
|
# Set the list of personal digest/cipher/compression preferences. This allows
|
||||||
|
# the user to safely override the algorithm chosen by the recipient key
|
||||||
|
# preferences, as GPG will only select an algorithm that is usable by all
|
||||||
|
# recipients.
|
||||||
|
personal-digest-preferences SHA512 SHA384 SHA256 SHA224
|
||||||
|
personal-cipher-preferences AES256 AES192 AES CAST5 CAMELLIA192 BLOWFISH TWOFISH CAMELLIA128 3DES
|
||||||
|
personal-compress-preferences ZLIB BZIP2 ZIP
|
||||||
|
|
||||||
|
# Set the list of default preferences to string. This preference list is used
|
||||||
|
# for new keys and becomes the default for "setpref" in the edit menu.
|
||||||
|
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
|
||||||
|
|
||||||
|
# (OpenPGP-Esoteric-Options)
|
||||||
|
# Use name as the message digest algorithm used when signing a key. Running the
|
||||||
|
# program with the command --version yields a list of supported algorithms. Be
|
||||||
|
# aware that if you choose an algorithm that GnuPG supports but other OpenPGP
|
||||||
|
# implementations do not, then some users will not be able to use the key
|
||||||
|
# signatures you make, or quite possibly your entire key.
|
||||||
|
#
|
||||||
|
# SHA-1 is the only algorithm specified for OpenPGP V4. By changing the
|
||||||
|
# cert-digest-algo, the OpenPGP V4 specification is not met but with even
|
||||||
|
# GnuPG 1.4.10 (release 2009) supporting SHA-2 algorithm, this should be safe.
|
||||||
|
# Source: https://tools.ietf.org/html/rfc4880#section-12.2
|
||||||
|
cert-digest-algo SHA512
|
||||||
|
digest-algo SHA256
|
||||||
|
|
||||||
|
# Selects how passphrases for symmetric encryption are mangled. 3 (the default)
|
||||||
|
# iterates the whole process a number of times (see --s2k-count).
|
||||||
|
s2k-mode 3
|
||||||
|
|
||||||
|
# (OpenPGP-Protocol-Options)
|
||||||
|
# Use name as the cipher algorithm for symmetric encryption with a passphrase
|
||||||
|
# if --personal-cipher-preferences and --cipher-algo are not given. The
|
||||||
|
# default is AES-128.
|
||||||
|
s2k-cipher-algo AES256
|
||||||
|
|
||||||
|
# (OpenPGP-Protocol-Options)
|
||||||
|
# Use name as the digest algorithm used to mangle the passphrases for symmetric
|
||||||
|
# encryption. The default is SHA-1.
|
||||||
|
s2k-digest-algo SHA512
|
||||||
|
|
||||||
|
# (OpenPGP-Protocol-Options)
|
||||||
|
# Specify how many times the passphrases mangling for symmetric encryption is
|
||||||
|
# repeated. This value may range between 1024 and 65011712 inclusive. The
|
||||||
|
# default is inquired from gpg-agent. Note that not all values in the
|
||||||
|
# 1024-65011712 range are legal and if an illegal value is selected, GnuPG will
|
||||||
|
# round up to the nearest legal value. This option is only meaningful if
|
||||||
|
# --s2k-mode is set to the default of 3.
|
||||||
|
s2k-count 1015808
|
||||||
|
|
||||||
|
################################################################################
|
||||||
|
# GnuPG View Options
|
||||||
|
|
||||||
|
# Select how to display key IDs. "long" is the more accurate (but less
|
||||||
|
# convenient) 16-character key ID. Add an "0x" to include an "0x" at the
|
||||||
|
# beginning of the key ID.
|
||||||
|
keyid-format 0xlong
|
||||||
|
|
||||||
|
# List all keys with their fingerprints. This is the same output as --list-keys
|
||||||
|
# but with the additional output of a line with the fingerprint. If this
|
||||||
|
# command is given twice, the fingerprints of all secondary keys are listed too.
|
||||||
|
with-fingerprint
|
||||||
|
with-fingerprint
|
1
__tests__/fixtures/test-subkey-base64.pgp
Normal file
1
__tests__/fixtures/test-subkey-base64.pgp
Normal file
|
@ -0,0 +1 @@
|
||||||
|
LS0tLS1CRUdJTiBQR1AgUFJJVkFURSBLRVkgQkxPQ0stLS0tLQoKbElZRVlVNU0yaFlKS3dZQkJBSGFSdzhCQVFkQXNSbDlDUEtaaDB4MC9FRDFveDJwTmJ6R1J1TlpvRlVSN0JsYgpOUUdabzB6K0J3TUN1dVdvaTR5WTQ0YkhNU1AwMjBLRmUvOHhpWHJwby9LandiMXJaa1g3dW1laWZBRFh6L1JiCmJuMXdKMENGQ09TOHl4R3laL3NCYlk1OGZEL0gvMFU2TFdiSmRHSG1mZ0RXYTl0OEFQK09NTFFWU205bElFSmgKY2lBOGFtOWxRR0poY2k1bWIyOCtpSkFFRXhZS0FEZ1dJUVNIOGxlNG5PUmlFQXZzRC81Z2NkSVlPQS9jeUFVQwpZVTVNMmdJYkFRVUxDUWdIQXdVVkNna0lDd1VXQWdNQkFBSWVBUUlYZ0FBS0NSQmdjZElZT0EvY3lGd1VBUUN0CmRQdzU3MDh0Z296NkNqcEFMbzBjQ2NtZ2xuVHdGWlBYTm1DaGdPZUIzQUVBdkdNV2lrYy9iaG9waVRGUzNLVWkKR042a1o5ZUlhaTRYeDloTjRSZTlEd1NjaGdSaFRrMURGZ2tyQmdFRUFkcEhEd0VCQjBDVUtPdVVMYlNqZVF4QwpHNmY4VkhNWHRUbnc4MkF2TmlwM01rY3RNZEZmbC80SEF3SlBPM1loUVJkWU44Y1A1cVhvOFcwazFPZEJaTEJyCmN5cm5ra2tYVk91cjh1SlExV2tMb2FMSnZ3VmN1MlplSFlWdmcramNFSmVlTVF0ME43OWVOUUs5VVMzeEQ5ak4Kc2JZbTVrUkNHWldpaU84RUdCWUtBQ0FXSVFTSDhsZTRuT1JpRUF2c0QvNWdjZElZT0EvY3lBVUNZVTVOUXdJYgpBZ0NCQ1JCZ2NkSVlPQS9jeUhZZ0JCa1dDZ0FkRmlFRXdYMFJyZkdaOFNvd29KRVBINEJFbStDd2pMZ0ZBbUZPClRVTUFDZ2tRSDRCRW0rQ3dqTGlJT1FFQTZjazVCbXMwYzBvbHV4Ly9BeUprMlpINWl5WW11WmpaVTJNOEhtcEoKa1BJQkFPVWJsQmlwZURpc0dqQ0VmTE1SN1czcFBYTTMyY0ZOWVdwOW1SNzJ6SWdOcEdvQS8zM1grRG55VHhtTgpYeUlpZFFtK0J3TFBZOXRTUlMvL0dCbVg4eHdDUWpWS0FRRG54V0VyaVk4clBQOTFUblhtR0VjL05LeFZVcHJoCjVRTndjMHNBTjVGRUJ3PT0KPTExQjQKLS0tLS1FTkQgUEdQIFBSSVZBVEUgS0VZIEJMT0NLLS0tLS0K
|
1
__tests__/fixtures/test-subkey.pass
Normal file
1
__tests__/fixtures/test-subkey.pass
Normal file
|
@ -0,0 +1 @@
|
||||||
|
with another passphrase
|
19
__tests__/fixtures/test-subkey.pgp
Normal file
19
__tests__/fixtures/test-subkey.pgp
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
-----BEGIN PGP PRIVATE KEY BLOCK-----
|
||||||
|
|
||||||
|
lIYEYU5M2hYJKwYBBAHaRw8BAQdAsRl9CPKZh0x0/ED1ox2pNbzGRuNZoFUR7Blb
|
||||||
|
NQGZo0z+BwMCuuWoi4yY44bHMSP020KFe/8xiXrpo/Kjwb1rZkX7umeifADXz/Rb
|
||||||
|
bn1wJ0CFCOS8yxGyZ/sBbY58fD/H/0U6LWbJdGHmfgDWa9t8AP+OMLQVSm9lIEJh
|
||||||
|
ciA8am9lQGJhci5mb28+iJAEExYKADgWIQSH8le4nORiEAvsD/5gcdIYOA/cyAUC
|
||||||
|
YU5M2gIbAQULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRBgcdIYOA/cyFwUAQCt
|
||||||
|
dPw5708tgoz6CjpALo0cCcmglnTwFZPXNmChgOeB3AEAvGMWikc/bhopiTFS3KUi
|
||||||
|
GN6kZ9eIai4Xx9hN4Re9DwSchgRhTk1DFgkrBgEEAdpHDwEBB0CUKOuULbSjeQxC
|
||||||
|
G6f8VHMXtTnw82AvNip3MkctMdFfl/4HAwJPO3YhQRdYN8cP5qXo8W0k1OdBZLBr
|
||||||
|
cyrnkkkXVOur8uJQ1WkLoaLJvwVcu2ZeHYVvg+jcEJeeMQt0N79eNQK9US3xD9jN
|
||||||
|
sbYm5kRCGZWiiO8EGBYKACAWIQSH8le4nORiEAvsD/5gcdIYOA/cyAUCYU5NQwIb
|
||||||
|
AgCBCRBgcdIYOA/cyHYgBBkWCgAdFiEEwX0RrfGZ8SowoJEPH4BEm+CwjLgFAmFO
|
||||||
|
TUMACgkQH4BEm+CwjLiIOQEA6ck5Bms0c0olux//AyJk2ZH5iyYmuZjZU2M8HmpJ
|
||||||
|
kPIBAOUblBipeDisGjCEfLMR7W3pPXM32cFNYWp9mR72zIgNpGoA/33X+DnyTxmN
|
||||||
|
XyIidQm+BwLPY9tSRS//GBmX8xwCQjVKAQDnxWEriY8rPP91TnXmGEc/NKxVUprh
|
||||||
|
5QNwc0sAN5FEBw==
|
||||||
|
=11B4
|
||||||
|
-----END PGP PRIVATE KEY BLOCK-----
|
|
@ -1,27 +1,49 @@
|
||||||
import * as fs from 'fs';
|
import * as fs from 'fs';
|
||||||
import * as gpg from '../src/gpg';
|
import * as gpg from '../src/gpg';
|
||||||
|
|
||||||
const userInfo = {
|
const userInfos = [
|
||||||
pgp: fs.readFileSync('.github/test-key.pgp', {
|
{
|
||||||
|
key: 'test-key',
|
||||||
|
pgp: fs.readFileSync('__tests__/fixtures/test-key.pgp', {
|
||||||
encoding: 'utf8',
|
encoding: 'utf8',
|
||||||
flag: 'r'
|
flag: 'r'
|
||||||
}),
|
}),
|
||||||
pgp_base64: fs.readFileSync('.github/test-key-base64.pgp', {
|
pgp_base64: fs.readFileSync('__tests__/fixtures/test-key-base64.pgp', {
|
||||||
encoding: 'utf8',
|
encoding: 'utf8',
|
||||||
flag: 'r'
|
flag: 'r'
|
||||||
}),
|
}),
|
||||||
passphrase: fs.readFileSync('.github/test-key.pass', {
|
passphrase: fs.readFileSync('__tests__/fixtures/test-key.pass', {
|
||||||
encoding: 'utf8',
|
encoding: 'utf8',
|
||||||
flag: 'r'
|
flag: 'r'
|
||||||
}),
|
}),
|
||||||
name: 'Joe Tester',
|
name: 'Joe Tester',
|
||||||
email: 'joe@foo.bar',
|
email: 'joe@foo.bar',
|
||||||
keyID: 'D523BD50DD70B0BA',
|
keyID: '7D851EB72D73BDA0',
|
||||||
fingerprint: '27571A53B86AF0C799B38BA77D851EB72D73BDA0',
|
fingerprint: '27571A53B86AF0C799B38BA77D851EB72D73BDA0',
|
||||||
keygrips: ['3E2D1142AA59E08E16B7E2C64BA6DDC773B1A627', 'BA83FC8947213477F28ADC019F6564A956456163']
|
keygrips: ['3E2D1142AA59E08E16B7E2C64BA6DDC773B1A627', 'BA83FC8947213477F28ADC019F6564A956456163']
|
||||||
};
|
},
|
||||||
|
{
|
||||||
|
key: 'test-subkey',
|
||||||
|
pgp: fs.readFileSync('__tests__/fixtures/test-subkey.pgp', {
|
||||||
|
encoding: 'utf8',
|
||||||
|
flag: 'r'
|
||||||
|
}),
|
||||||
|
pgp_base64: fs.readFileSync('__tests__/fixtures/test-subkey-base64.pgp', {
|
||||||
|
encoding: 'utf8',
|
||||||
|
flag: 'r'
|
||||||
|
}),
|
||||||
|
passphrase: fs.readFileSync('__tests__/fixtures/test-subkey.pass', {
|
||||||
|
encoding: 'utf8',
|
||||||
|
flag: 'r'
|
||||||
|
}),
|
||||||
|
name: 'Joe Bar',
|
||||||
|
email: 'joe@bar.foo',
|
||||||
|
keyID: '6071D218380FDCC8',
|
||||||
|
fingerprint: 'C17D11ADF199F12A30A0910F1F80449BE0B08CB8',
|
||||||
|
keygrips: ['F5C3ABFAAB36B427FD98C4EDD0387E08EA1E8092', 'DEE0FC98F441519CA5DE5D79773CB29009695FEB']
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
describe('gpg', () => {
|
|
||||||
describe('getVersion', () => {
|
describe('getVersion', () => {
|
||||||
it('returns GnuPG and libgcrypt version', async () => {
|
it('returns GnuPG and libgcrypt version', async () => {
|
||||||
await gpg.getVersion().then(version => {
|
await gpg.getVersion().then(version => {
|
||||||
|
@ -43,6 +65,14 @@ describe('gpg', () => {
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
|
describe('configureAgent', () => {
|
||||||
|
it('configures GnuPG agent', async () => {
|
||||||
|
await gpg.configureAgent(gpg.agentConfig);
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
|
for (let userInfo of userInfos) {
|
||||||
|
describe(userInfo.key, () => {
|
||||||
describe('importKey', () => {
|
describe('importKey', () => {
|
||||||
it('imports key (as armored string) to GnuPG', async () => {
|
it('imports key (as armored string) to GnuPG', async () => {
|
||||||
await gpg.importKey(userInfo.pgp).then(output => {
|
await gpg.importKey(userInfo.pgp).then(output => {
|
||||||
|
@ -71,12 +101,6 @@ describe('gpg', () => {
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
describe('configureAgent', () => {
|
|
||||||
it('configures GnuPG agent', async () => {
|
|
||||||
await gpg.configureAgent(gpg.agentConfig);
|
|
||||||
});
|
|
||||||
});
|
|
||||||
|
|
||||||
describe('presetPassphrase', () => {
|
describe('presetPassphrase', () => {
|
||||||
it('presets passphrase', async () => {
|
it('presets passphrase', async () => {
|
||||||
await gpg.importKey(userInfo.pgp);
|
await gpg.importKey(userInfo.pgp);
|
||||||
|
@ -96,10 +120,11 @@ describe('gpg', () => {
|
||||||
await gpg.deleteKey(userInfo.fingerprint);
|
await gpg.deleteKey(userInfo.fingerprint);
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
describe('killAgent', () => {
|
describe('killAgent', () => {
|
||||||
it('kills GnuPG agent', async () => {
|
it('kills GnuPG agent', async () => {
|
||||||
await gpg.killAgent();
|
await gpg.killAgent();
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
});
|
|
||||||
|
|
|
@ -1,27 +1,51 @@
|
||||||
import * as fs from 'fs';
|
import * as fs from 'fs';
|
||||||
import * as openpgp from '../src/openpgp';
|
import * as openpgp from '../src/openpgp';
|
||||||
|
|
||||||
const userInfo = {
|
const userInfos = [
|
||||||
pgp: fs.readFileSync('.github/test-key.pgp', {
|
{
|
||||||
|
key: 'test-key',
|
||||||
|
pgp: fs.readFileSync('__tests__/fixtures/test-key.pgp', {
|
||||||
encoding: 'utf8',
|
encoding: 'utf8',
|
||||||
flag: 'r'
|
flag: 'r'
|
||||||
}),
|
}),
|
||||||
pgp_base64: fs.readFileSync('.github/test-key-base64.pgp', {
|
pgp_base64: fs.readFileSync('__tests__/fixtures/test-key-base64.pgp', {
|
||||||
encoding: 'utf8',
|
encoding: 'utf8',
|
||||||
flag: 'r'
|
flag: 'r'
|
||||||
}),
|
}),
|
||||||
passphrase: fs.readFileSync('.github/test-key.pass', {
|
passphrase: fs.readFileSync('__tests__/fixtures/test-key.pass', {
|
||||||
encoding: 'utf8',
|
encoding: 'utf8',
|
||||||
flag: 'r'
|
flag: 'r'
|
||||||
}),
|
}),
|
||||||
name: 'Joe Tester',
|
name: 'Joe Tester',
|
||||||
email: 'joe@foo.bar',
|
email: 'joe@foo.bar',
|
||||||
keyID: 'D523BD50DD70B0BA',
|
keyID: '7D851EB72D73BDA0',
|
||||||
fingerprint: '27571A53B86AF0C799B38BA77D851EB72D73BDA0',
|
fingerprint: '27571A53B86AF0C799B38BA77D851EB72D73BDA0',
|
||||||
keygrip: '3E2D1142AA59E08E16B7E2C64BA6DDC773B1A627'
|
keygrip: '3E2D1142AA59E08E16B7E2C64BA6DDC773B1A627'
|
||||||
};
|
},
|
||||||
|
{
|
||||||
|
key: 'test-subkey',
|
||||||
|
pgp: fs.readFileSync('__tests__/fixtures/test-subkey.pgp', {
|
||||||
|
encoding: 'utf8',
|
||||||
|
flag: 'r'
|
||||||
|
}),
|
||||||
|
pgp_base64: fs.readFileSync('__tests__/fixtures/test-subkey-base64.pgp', {
|
||||||
|
encoding: 'utf8',
|
||||||
|
flag: 'r'
|
||||||
|
}),
|
||||||
|
passphrase: fs.readFileSync('__tests__/fixtures/test-subkey.pass', {
|
||||||
|
encoding: 'utf8',
|
||||||
|
flag: 'r'
|
||||||
|
}),
|
||||||
|
name: 'Joe Bar',
|
||||||
|
email: 'joe@bar.foo',
|
||||||
|
keyID: '6071D218380FDCC8',
|
||||||
|
fingerprint: '87F257B89CE462100BEC0FFE6071D218380FDCC8',
|
||||||
|
keygrips: ['F5C3ABFAAB36B427FD98C4EDD0387E08EA1E8092', 'DEE0FC98F441519CA5DE5D79773CB29009695FEB']
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
describe('openpgp', () => {
|
for (let userInfo of userInfos) {
|
||||||
|
describe(userInfo.key, () => {
|
||||||
describe('readPrivateKey', () => {
|
describe('readPrivateKey', () => {
|
||||||
it('returns a PGP private key from an armored string', async () => {
|
it('returns a PGP private key from an armored string', async () => {
|
||||||
await openpgp.readPrivateKey(userInfo.pgp).then(privateKey => {
|
await openpgp.readPrivateKey(userInfo.pgp).then(privateKey => {
|
||||||
|
@ -64,3 +88,4 @@ describe('openpgp', () => {
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
}
|
||||||
|
|
|
@ -43,6 +43,9 @@ inputs:
|
||||||
description: 'Working directory (below repository root)'
|
description: 'Working directory (below repository root)'
|
||||||
default: '.'
|
default: '.'
|
||||||
required: false
|
required: false
|
||||||
|
fingerprint:
|
||||||
|
description: 'Specific fingerprint to use (subkey)'
|
||||||
|
required: false
|
||||||
|
|
||||||
outputs:
|
outputs:
|
||||||
fingerprint:
|
fingerprint:
|
||||||
|
|
45
dist/index.js
generated
vendored
45
dist/index.js
generated
vendored
|
@ -51,7 +51,8 @@ function getInputs() {
|
||||||
gitPushGpgsign: core.getInput('git_push_gpgsign') || 'if-asked',
|
gitPushGpgsign: core.getInput('git_push_gpgsign') || 'if-asked',
|
||||||
gitCommitterName: core.getInput('git_committer_name'),
|
gitCommitterName: core.getInput('git_committer_name'),
|
||||||
gitCommitterEmail: core.getInput('git_committer_email'),
|
gitCommitterEmail: core.getInput('git_committer_email'),
|
||||||
workdir: core.getInput('workdir') || '.'
|
workdir: core.getInput('workdir') || '.',
|
||||||
|
fingerprint: core.getInput('fingerprint')
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
@ -389,7 +390,6 @@ function run() {
|
||||||
return __awaiter(this, void 0, void 0, function* () {
|
return __awaiter(this, void 0, void 0, function* () {
|
||||||
try {
|
try {
|
||||||
let inputs = yield context.getInputs();
|
let inputs = yield context.getInputs();
|
||||||
stateHelper.setGpgPrivateKey(inputs.gpgPrivateKey);
|
|
||||||
if (inputs.workdir && inputs.workdir !== '.') {
|
if (inputs.workdir && inputs.workdir !== '.') {
|
||||||
core.info(`📂 Using ${inputs.workdir} as working directory...`);
|
core.info(`📂 Using ${inputs.workdir} as working directory...`);
|
||||||
process.chdir(inputs.workdir);
|
process.chdir(inputs.workdir);
|
||||||
|
@ -411,6 +411,14 @@ function run() {
|
||||||
core.info(`Email : ${privateKey.email}`);
|
core.info(`Email : ${privateKey.email}`);
|
||||||
core.info(`CreationTime : ${privateKey.creationTime}`);
|
core.info(`CreationTime : ${privateKey.creationTime}`);
|
||||||
}));
|
}));
|
||||||
|
let fingerprint = privateKey.fingerprint;
|
||||||
|
if (inputs.fingerprint) {
|
||||||
|
fingerprint = inputs.fingerprint;
|
||||||
|
}
|
||||||
|
stateHelper.setFingerprint(fingerprint);
|
||||||
|
yield core.group(`Fingerprint to use`, () => __awaiter(this, void 0, void 0, function* () {
|
||||||
|
core.info(fingerprint);
|
||||||
|
}));
|
||||||
yield core.group(`Importing GPG private key`, () => __awaiter(this, void 0, void 0, function* () {
|
yield core.group(`Importing GPG private key`, () => __awaiter(this, void 0, void 0, function* () {
|
||||||
yield gpg.importKey(inputs.gpgPrivateKey).then(stdout => {
|
yield gpg.importKey(inputs.gpgPrivateKey).then(stdout => {
|
||||||
core.info(stdout);
|
core.info(stdout);
|
||||||
|
@ -420,7 +428,7 @@ function run() {
|
||||||
core.info('Configuring GnuPG agent');
|
core.info('Configuring GnuPG agent');
|
||||||
yield gpg.configureAgent(gpg.agentConfig);
|
yield gpg.configureAgent(gpg.agentConfig);
|
||||||
yield core.group(`Getting keygrips`, () => __awaiter(this, void 0, void 0, function* () {
|
yield core.group(`Getting keygrips`, () => __awaiter(this, void 0, void 0, function* () {
|
||||||
for (let keygrip of yield gpg.getKeygrips(privateKey.fingerprint)) {
|
for (let keygrip of yield gpg.getKeygrips(fingerprint)) {
|
||||||
core.info(`Presetting passphrase for ${keygrip}`);
|
core.info(`Presetting passphrase for ${keygrip}`);
|
||||||
yield gpg.presetPassphrase(keygrip, inputs.passphrase).then(stdout => {
|
yield gpg.presetPassphrase(keygrip, inputs.passphrase).then(stdout => {
|
||||||
core.debug(stdout);
|
core.debug(stdout);
|
||||||
|
@ -428,11 +436,16 @@ function run() {
|
||||||
}
|
}
|
||||||
}));
|
}));
|
||||||
}
|
}
|
||||||
core.info('Setting outputs');
|
yield core.group(`Setting outputs`, () => __awaiter(this, void 0, void 0, function* () {
|
||||||
context.setOutput('fingerprint', privateKey.fingerprint);
|
core.info(`fingerprint=${fingerprint}`);
|
||||||
|
context.setOutput('fingerprint', fingerprint);
|
||||||
|
core.info(`keyid=${privateKey.keyID}`);
|
||||||
context.setOutput('keyid', privateKey.keyID);
|
context.setOutput('keyid', privateKey.keyID);
|
||||||
|
core.info(`name=${privateKey.name}`);
|
||||||
context.setOutput('name', privateKey.name);
|
context.setOutput('name', privateKey.name);
|
||||||
|
core.info(`email=${privateKey.email}`);
|
||||||
context.setOutput('email', privateKey.email);
|
context.setOutput('email', privateKey.email);
|
||||||
|
}));
|
||||||
if (inputs.gitUserSigningkey) {
|
if (inputs.gitUserSigningkey) {
|
||||||
core.info('Setting GPG signing keyID for this Git repository');
|
core.info('Setting GPG signing keyID for this Git repository');
|
||||||
yield git.setConfig('user.signingkey', privateKey.keyID, inputs.gitConfigGlobal);
|
yield git.setConfig('user.signingkey', privateKey.keyID, inputs.gitConfigGlobal);
|
||||||
|
@ -466,14 +479,13 @@ function run() {
|
||||||
}
|
}
|
||||||
function cleanup() {
|
function cleanup() {
|
||||||
return __awaiter(this, void 0, void 0, function* () {
|
return __awaiter(this, void 0, void 0, function* () {
|
||||||
if (stateHelper.gpgPrivateKey.length <= 0) {
|
if (stateHelper.fingerprint.length <= 0) {
|
||||||
core.debug('GPG private key is not defined. Skipping cleanup.');
|
core.debug('Fingerprint is not defined. Skipping cleanup.');
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
try {
|
try {
|
||||||
core.info('Removing keys');
|
core.info('Removing keys');
|
||||||
const privateKey = yield openpgp.readPrivateKey(stateHelper.gpgPrivateKey);
|
yield gpg.deleteKey(stateHelper.fingerprint);
|
||||||
yield gpg.deleteKey(privateKey.fingerprint);
|
|
||||||
core.info('Killing GnuPG agent');
|
core.info('Killing GnuPG agent');
|
||||||
yield gpg.killAgent();
|
yield gpg.killAgent();
|
||||||
}
|
}
|
||||||
|
@ -542,10 +554,7 @@ exports.readPrivateKey = (key) => __awaiter(void 0, void 0, void 0, function* ()
|
||||||
});
|
});
|
||||||
return {
|
return {
|
||||||
fingerprint: privateKey.getFingerprint().toUpperCase(),
|
fingerprint: privateKey.getFingerprint().toUpperCase(),
|
||||||
keyID: yield privateKey.getEncryptionKey().then(encKey => {
|
keyID: privateKey.getKeyID().toHex().toUpperCase(),
|
||||||
// @ts-ignore
|
|
||||||
return encKey === null || encKey === void 0 ? void 0 : encKey.getKeyID().toHex().toUpperCase();
|
|
||||||
}),
|
|
||||||
name: address.name,
|
name: address.name,
|
||||||
email: address.address,
|
email: address.address,
|
||||||
creationTime: privateKey.getCreationTime()
|
creationTime: privateKey.getCreationTime()
|
||||||
|
@ -594,14 +603,14 @@ var __importStar = (this && this.__importStar) || function (mod) {
|
||||||
return result;
|
return result;
|
||||||
};
|
};
|
||||||
Object.defineProperty(exports, "__esModule", ({ value: true }));
|
Object.defineProperty(exports, "__esModule", ({ value: true }));
|
||||||
exports.setGpgPrivateKey = exports.gpgPrivateKey = exports.IsPost = void 0;
|
exports.setFingerprint = exports.fingerprint = exports.IsPost = void 0;
|
||||||
const core = __importStar(__webpack_require__(186));
|
const core = __importStar(__webpack_require__(186));
|
||||||
exports.IsPost = !!process.env['STATE_isPost'];
|
exports.IsPost = !!process.env['STATE_isPost'];
|
||||||
exports.gpgPrivateKey = process.env['STATE_gpgPrivateKey'] || '';
|
exports.fingerprint = process.env['STATE_fingerprint'] || '';
|
||||||
function setGpgPrivateKey(gpgPrivateKey) {
|
function setFingerprint(fingerprint) {
|
||||||
core.saveState('gpgPrivateKey', gpgPrivateKey);
|
core.saveState('fingerprint', fingerprint);
|
||||||
}
|
}
|
||||||
exports.setGpgPrivateKey = setGpgPrivateKey;
|
exports.setFingerprint = setFingerprint;
|
||||||
if (!exports.IsPost) {
|
if (!exports.IsPost) {
|
||||||
core.saveState('isPost', 'true');
|
core.saveState('isPost', 'true');
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,6 +12,7 @@ export interface Inputs {
|
||||||
gitCommitterName: string;
|
gitCommitterName: string;
|
||||||
gitCommitterEmail: string;
|
gitCommitterEmail: string;
|
||||||
workdir: string;
|
workdir: string;
|
||||||
|
fingerprint: string;
|
||||||
}
|
}
|
||||||
|
|
||||||
export async function getInputs(): Promise<Inputs> {
|
export async function getInputs(): Promise<Inputs> {
|
||||||
|
@ -25,7 +26,8 @@ export async function getInputs(): Promise<Inputs> {
|
||||||
gitPushGpgsign: core.getInput('git_push_gpgsign') || 'if-asked',
|
gitPushGpgsign: core.getInput('git_push_gpgsign') || 'if-asked',
|
||||||
gitCommitterName: core.getInput('git_committer_name'),
|
gitCommitterName: core.getInput('git_committer_name'),
|
||||||
gitCommitterEmail: core.getInput('git_committer_email'),
|
gitCommitterEmail: core.getInput('git_committer_email'),
|
||||||
workdir: core.getInput('workdir') || '.'
|
workdir: core.getInput('workdir') || '.',
|
||||||
|
fingerprint: core.getInput('fingerprint')
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
28
src/main.ts
28
src/main.ts
|
@ -8,7 +8,6 @@ import * as stateHelper from './state-helper';
|
||||||
async function run(): Promise<void> {
|
async function run(): Promise<void> {
|
||||||
try {
|
try {
|
||||||
let inputs: context.Inputs = await context.getInputs();
|
let inputs: context.Inputs = await context.getInputs();
|
||||||
stateHelper.setGpgPrivateKey(inputs.gpgPrivateKey);
|
|
||||||
|
|
||||||
if (inputs.workdir && inputs.workdir !== '.') {
|
if (inputs.workdir && inputs.workdir !== '.') {
|
||||||
core.info(`📂 Using ${inputs.workdir} as working directory...`);
|
core.info(`📂 Using ${inputs.workdir} as working directory...`);
|
||||||
|
@ -34,6 +33,15 @@ async function run(): Promise<void> {
|
||||||
core.info(`CreationTime : ${privateKey.creationTime}`);
|
core.info(`CreationTime : ${privateKey.creationTime}`);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
let fingerprint = privateKey.fingerprint;
|
||||||
|
if (inputs.fingerprint) {
|
||||||
|
fingerprint = inputs.fingerprint;
|
||||||
|
}
|
||||||
|
stateHelper.setFingerprint(fingerprint);
|
||||||
|
await core.group(`Fingerprint to use`, async () => {
|
||||||
|
core.info(fingerprint);
|
||||||
|
});
|
||||||
|
|
||||||
await core.group(`Importing GPG private key`, async () => {
|
await core.group(`Importing GPG private key`, async () => {
|
||||||
await gpg.importKey(inputs.gpgPrivateKey).then(stdout => {
|
await gpg.importKey(inputs.gpgPrivateKey).then(stdout => {
|
||||||
core.info(stdout);
|
core.info(stdout);
|
||||||
|
@ -45,7 +53,7 @@ async function run(): Promise<void> {
|
||||||
await gpg.configureAgent(gpg.agentConfig);
|
await gpg.configureAgent(gpg.agentConfig);
|
||||||
|
|
||||||
await core.group(`Getting keygrips`, async () => {
|
await core.group(`Getting keygrips`, async () => {
|
||||||
for (let keygrip of await gpg.getKeygrips(privateKey.fingerprint)) {
|
for (let keygrip of await gpg.getKeygrips(fingerprint)) {
|
||||||
core.info(`Presetting passphrase for ${keygrip}`);
|
core.info(`Presetting passphrase for ${keygrip}`);
|
||||||
await gpg.presetPassphrase(keygrip, inputs.passphrase).then(stdout => {
|
await gpg.presetPassphrase(keygrip, inputs.passphrase).then(stdout => {
|
||||||
core.debug(stdout);
|
core.debug(stdout);
|
||||||
|
@ -54,11 +62,16 @@ async function run(): Promise<void> {
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
core.info('Setting outputs');
|
await core.group(`Setting outputs`, async () => {
|
||||||
context.setOutput('fingerprint', privateKey.fingerprint);
|
core.info(`fingerprint=${fingerprint}`);
|
||||||
|
context.setOutput('fingerprint', fingerprint);
|
||||||
|
core.info(`keyid=${privateKey.keyID}`);
|
||||||
context.setOutput('keyid', privateKey.keyID);
|
context.setOutput('keyid', privateKey.keyID);
|
||||||
|
core.info(`name=${privateKey.name}`);
|
||||||
context.setOutput('name', privateKey.name);
|
context.setOutput('name', privateKey.name);
|
||||||
|
core.info(`email=${privateKey.email}`);
|
||||||
context.setOutput('email', privateKey.email);
|
context.setOutput('email', privateKey.email);
|
||||||
|
});
|
||||||
|
|
||||||
if (inputs.gitUserSigningkey) {
|
if (inputs.gitUserSigningkey) {
|
||||||
core.info('Setting GPG signing keyID for this Git repository');
|
core.info('Setting GPG signing keyID for this Git repository');
|
||||||
|
@ -95,14 +108,13 @@ async function run(): Promise<void> {
|
||||||
}
|
}
|
||||||
|
|
||||||
async function cleanup(): Promise<void> {
|
async function cleanup(): Promise<void> {
|
||||||
if (stateHelper.gpgPrivateKey.length <= 0) {
|
if (stateHelper.fingerprint.length <= 0) {
|
||||||
core.debug('GPG private key is not defined. Skipping cleanup.');
|
core.debug('Fingerprint is not defined. Skipping cleanup.');
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
try {
|
try {
|
||||||
core.info('Removing keys');
|
core.info('Removing keys');
|
||||||
const privateKey = await openpgp.readPrivateKey(stateHelper.gpgPrivateKey);
|
await gpg.deleteKey(stateHelper.fingerprint);
|
||||||
await gpg.deleteKey(privateKey.fingerprint);
|
|
||||||
|
|
||||||
core.info('Killing GnuPG agent');
|
core.info('Killing GnuPG agent');
|
||||||
await gpg.killAgent();
|
await gpg.killAgent();
|
||||||
|
|
|
@ -25,10 +25,7 @@ export const readPrivateKey = async (key: string): Promise<PrivateKey> => {
|
||||||
|
|
||||||
return {
|
return {
|
||||||
fingerprint: privateKey.getFingerprint().toUpperCase(),
|
fingerprint: privateKey.getFingerprint().toUpperCase(),
|
||||||
keyID: await privateKey.getEncryptionKey().then(encKey => {
|
keyID: privateKey.getKeyID().toHex().toUpperCase(),
|
||||||
// @ts-ignore
|
|
||||||
return encKey?.getKeyID().toHex().toUpperCase();
|
|
||||||
}),
|
|
||||||
name: address.name,
|
name: address.name,
|
||||||
email: address.address,
|
email: address.address,
|
||||||
creationTime: privateKey.getCreationTime()
|
creationTime: privateKey.getCreationTime()
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
import * as core from '@actions/core';
|
import * as core from '@actions/core';
|
||||||
|
|
||||||
export const IsPost = !!process.env['STATE_isPost'];
|
export const IsPost = !!process.env['STATE_isPost'];
|
||||||
export const gpgPrivateKey = process.env['STATE_gpgPrivateKey'] || '';
|
export const fingerprint = process.env['STATE_fingerprint'] || '';
|
||||||
|
|
||||||
export function setGpgPrivateKey(gpgPrivateKey: string) {
|
export function setFingerprint(fingerprint: string) {
|
||||||
core.saveState('gpgPrivateKey', gpgPrivateKey);
|
core.saveState('fingerprint', fingerprint);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!IsPost) {
|
if (!IsPost) {
|
||||||
|
|
Loading…
Add table
Reference in a new issue