mirror of
https://github.com/crazy-max/ghaction-import-gpg.git
synced 2025-01-18 13:54:47 +01:00
Handle if-asked
for git-push-gpgsign
input (#100)
Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com>
This commit is contained in:
parent
0dd57a5e3b
commit
93f53be329
8 changed files with 64 additions and 106 deletions
BIN
.github/ghaction-import-gpg.png
vendored
BIN
.github/ghaction-import-gpg.png
vendored
Binary file not shown.
Before Width: | Height: | Size: 22 KiB After Width: | Height: | Size: 16 KiB |
4
.github/workflows/ci.yml
vendored
4
.github/workflows/ci.yml
vendored
|
@ -47,7 +47,7 @@ jobs:
|
||||||
git-user-signingkey: true
|
git-user-signingkey: true
|
||||||
git-commit-gpgsign: true
|
git-commit-gpgsign: true
|
||||||
git-tag-gpgsign: true
|
git-tag-gpgsign: true
|
||||||
git-push-gpgsign: true
|
git-push-gpgsign: if-asked
|
||||||
-
|
-
|
||||||
name: GPG user IDs
|
name: GPG user IDs
|
||||||
run: |
|
run: |
|
||||||
|
@ -88,7 +88,7 @@ jobs:
|
||||||
git-user-signingkey: true
|
git-user-signingkey: true
|
||||||
git-commit-gpgsign: true
|
git-commit-gpgsign: true
|
||||||
git-tag-gpgsign: true
|
git-tag-gpgsign: true
|
||||||
git-push-gpgsign: true
|
git-push-gpgsign: if-asked
|
||||||
-
|
-
|
||||||
name: GPG user IDs
|
name: GPG user IDs
|
||||||
run: |
|
run: |
|
||||||
|
|
|
@ -1,53 +0,0 @@
|
||||||
#syntax=docker/dockerfile:1.2
|
|
||||||
|
|
||||||
FROM node:12 AS deps
|
|
||||||
WORKDIR /src
|
|
||||||
COPY package.json yarn.lock ./
|
|
||||||
RUN --mount=type=cache,target=/src/node_modules \
|
|
||||||
yarn install
|
|
||||||
|
|
||||||
FROM scratch AS update-yarn
|
|
||||||
COPY --from=deps /src/yarn.lock /
|
|
||||||
|
|
||||||
FROM deps AS validate-yarn
|
|
||||||
COPY .git .git
|
|
||||||
RUN status=$(git status --porcelain -- yarn.lock); if [ -n "$status" ]; then echo $status; exit 1; fi
|
|
||||||
|
|
||||||
FROM deps AS base
|
|
||||||
COPY . .
|
|
||||||
|
|
||||||
FROM base AS build
|
|
||||||
RUN --mount=type=cache,target=/src/node_modules \
|
|
||||||
yarn build
|
|
||||||
|
|
||||||
FROM deps AS test
|
|
||||||
ARG GITHUB_REPOSITORY
|
|
||||||
ENV RUNNER_TEMP=/tmp/github_runner
|
|
||||||
ENV RUNNER_TOOL_CACHE=/tmp/github_tool_cache
|
|
||||||
ENV GITHUB_REPOSITORY=${GITHUB_REPOSITORY}
|
|
||||||
COPY . .
|
|
||||||
RUN --mount=type=cache,target=/src/node_modules \
|
|
||||||
yarn run test
|
|
||||||
|
|
||||||
FROM scratch AS test-coverage
|
|
||||||
COPY --from=test /src/coverage /coverage/
|
|
||||||
|
|
||||||
FROM base AS run-format
|
|
||||||
RUN --mount=type=cache,target=/src/node_modules \
|
|
||||||
yarn run format
|
|
||||||
|
|
||||||
FROM scratch AS format
|
|
||||||
COPY --from=run-format /src/src/*.ts /src/
|
|
||||||
|
|
||||||
FROM base AS validate-format
|
|
||||||
RUN --mount=type=cache,target=/src/node_modules \
|
|
||||||
yarn run format-check
|
|
||||||
|
|
||||||
FROM scratch AS dist
|
|
||||||
COPY --from=build /src/dist/ /dist/
|
|
||||||
|
|
||||||
FROM build AS validate-build
|
|
||||||
RUN status=$(git status --porcelain -- dist); if [ -n "$status" ]; then echo $status; exit 1; fi
|
|
||||||
|
|
||||||
FROM base AS dev
|
|
||||||
ENTRYPOINT ["bash"]
|
|
|
@ -53,7 +53,8 @@ gpg --armor --export-secret-key joe@foo.bar | xclip -selection clipboard -i
|
||||||
gpg --armor --export-secret-key joe@foo.bar | xclip
|
gpg --armor --export-secret-key joe@foo.bar | xclip
|
||||||
```
|
```
|
||||||
|
|
||||||
Paste your clipboard as a [`secret`](https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets) named `GPG_PRIVATE_KEY` for example. Create another secret with the `PASSPHRASE` if applicable.
|
Paste your clipboard as a [`secret`](https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets)
|
||||||
|
named `GPG_PRIVATE_KEY` for example. Create another secret with the `PASSPHRASE` if applicable.
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
|
@ -135,7 +136,7 @@ Following inputs can be used as `step.with` keys
|
||||||
| `git-user-signingkey` | Bool | Set GPG signing keyID for this Git repository (default `false`) |
|
| `git-user-signingkey` | Bool | Set GPG signing keyID for this Git repository (default `false`) |
|
||||||
| `git-commit-gpgsign`**¹** | Bool | Sign all commits automatically. (default `false`) |
|
| `git-commit-gpgsign`**¹** | Bool | Sign all commits automatically. (default `false`) |
|
||||||
| `git-tag-gpgsign`**¹** | Bool | Sign all tags automatically. (default `false`) |
|
| `git-tag-gpgsign`**¹** | Bool | Sign all tags automatically. (default `false`) |
|
||||||
| `git-push-gpgsign`**¹** | Bool | Sign all pushes automatically. (default `false`) |
|
| `git-push-gpgsign`**¹** | String | Sign all pushes automatically. (default `if-asked`) |
|
||||||
| `git-committer-name`**¹** | String | Set commit author's name (defaults to the name associated with the GPG key) |
|
| `git-committer-name`**¹** | String | Set commit author's name (defaults to the name associated with the GPG key) |
|
||||||
| `git-committer-email`**¹** | String | Set commit author's email (defaults to the email address associated with the GPG key) |
|
| `git-committer-email`**¹** | String | Set commit author's email (defaults to the email address associated with the GPG key) |
|
||||||
| `workdir` | String | Working directory (below repository root) (default `.`) |
|
| `workdir` | String | Working directory (below repository root) (default `.`) |
|
||||||
|
|
|
@ -27,7 +27,7 @@ inputs:
|
||||||
required: false
|
required: false
|
||||||
git-push-gpgsign:
|
git-push-gpgsign:
|
||||||
description: 'Sign all pushes automatically. git-user-signingkey needs to be enabled'
|
description: 'Sign all pushes automatically. git-user-signingkey needs to be enabled'
|
||||||
default: 'false'
|
default: 'if-asked'
|
||||||
required: false
|
required: false
|
||||||
git-committer-name:
|
git-committer-name:
|
||||||
description: 'Commit author''s name'
|
description: 'Commit author''s name'
|
||||||
|
|
53
dist/index.js
generated
vendored
53
dist/index.js
generated
vendored
|
@ -47,7 +47,7 @@ function getInputs() {
|
||||||
gitUserSigningkey: core.getBooleanInput('git-user-signingkey'),
|
gitUserSigningkey: core.getBooleanInput('git-user-signingkey'),
|
||||||
gitCommitGpgsign: core.getBooleanInput('git-commit-gpgsign'),
|
gitCommitGpgsign: core.getBooleanInput('git-commit-gpgsign'),
|
||||||
gitTagGpgsign: core.getBooleanInput('git-tag-gpgsign'),
|
gitTagGpgsign: core.getBooleanInput('git-tag-gpgsign'),
|
||||||
gitPushGpgsign: core.getBooleanInput('git-push-gpgsign'),
|
gitPushGpgsign: core.getInput('git-push-gpgsign') || 'if-asked',
|
||||||
gitCommitterName: core.getInput('git-committer-name'),
|
gitCommitterName: core.getInput('git-committer-name'),
|
||||||
gitCommitterEmail: core.getInput('git-committer-email'),
|
gitCommitterEmail: core.getInput('git-committer-email'),
|
||||||
workdir: core.getInput('workdir') || '.'
|
workdir: core.getInput('workdir') || '.'
|
||||||
|
@ -415,35 +415,40 @@ function run() {
|
||||||
core.info(`📂 Using ${inputs.workdir} as working directory...`);
|
core.info(`📂 Using ${inputs.workdir} as working directory...`);
|
||||||
process.chdir(inputs.workdir);
|
process.chdir(inputs.workdir);
|
||||||
}
|
}
|
||||||
core.info('📣 GnuPG info');
|
|
||||||
const version = yield gpg.getVersion();
|
const version = yield gpg.getVersion();
|
||||||
const dirs = yield gpg.getDirs();
|
const dirs = yield gpg.getDirs();
|
||||||
core.info(`Version : ${version.gnupg} (libgcrypt ${version.libgcrypt})`);
|
yield core.group(`📣 GnuPG info`, () => __awaiter(this, void 0, void 0, function* () {
|
||||||
core.info(`Libdir : ${dirs.libdir}`);
|
core.info(`Version : ${version.gnupg} (libgcrypt ${version.libgcrypt})`);
|
||||||
core.info(`Libexecdir : ${dirs.libexecdir}`);
|
core.info(`Libdir : ${dirs.libdir}`);
|
||||||
core.info(`Datadir : ${dirs.datadir}`);
|
core.info(`Libexecdir : ${dirs.libexecdir}`);
|
||||||
core.info(`Homedir : ${dirs.homedir}`);
|
core.info(`Datadir : ${dirs.datadir}`);
|
||||||
core.info('🔮 Checking GPG private key');
|
core.info(`Homedir : ${dirs.homedir}`);
|
||||||
|
}));
|
||||||
const privateKey = yield openpgp.readPrivateKey(inputs.gpgPrivateKey);
|
const privateKey = yield openpgp.readPrivateKey(inputs.gpgPrivateKey);
|
||||||
core.debug(`Fingerprint : ${privateKey.fingerprint}`);
|
yield core.group(`🔮 Checking GPG private key`, () => __awaiter(this, void 0, void 0, function* () {
|
||||||
core.debug(`KeyID : ${privateKey.keyID}`);
|
core.info(`Fingerprint : ${privateKey.fingerprint}`);
|
||||||
core.debug(`Name : ${privateKey.name}`);
|
core.info(`KeyID : ${privateKey.keyID}`);
|
||||||
core.debug(`Email : ${privateKey.email}`);
|
core.info(`Name : ${privateKey.name}`);
|
||||||
core.debug(`CreationTime : ${privateKey.creationTime}`);
|
core.info(`Email : ${privateKey.email}`);
|
||||||
core.info('🔑 Importing GPG private key');
|
core.info(`CreationTime : ${privateKey.creationTime}`);
|
||||||
yield gpg.importKey(inputs.gpgPrivateKey).then(stdout => {
|
}));
|
||||||
core.debug(stdout);
|
yield core.group(`🔑 Importing GPG private key`, () => __awaiter(this, void 0, void 0, function* () {
|
||||||
});
|
yield gpg.importKey(inputs.gpgPrivateKey).then(stdout => {
|
||||||
|
core.info(stdout);
|
||||||
|
});
|
||||||
|
}));
|
||||||
if (inputs.passphrase) {
|
if (inputs.passphrase) {
|
||||||
core.info('⚙️ Configuring GnuPG agent');
|
core.info('⚙️ Configuring GnuPG agent');
|
||||||
yield gpg.configureAgent(gpg.agentConfig);
|
yield gpg.configureAgent(gpg.agentConfig);
|
||||||
core.info('📌 Getting keygrips');
|
core.info('📌 Getting keygrips');
|
||||||
for (let keygrip of yield gpg.getKeygrips(privateKey.fingerprint)) {
|
yield core.group(`📌 Getting keygrips`, () => __awaiter(this, void 0, void 0, function* () {
|
||||||
core.info(`🔓 Presetting passphrase for ${keygrip}`);
|
for (let keygrip of yield gpg.getKeygrips(privateKey.fingerprint)) {
|
||||||
yield gpg.presetPassphrase(keygrip, inputs.passphrase).then(stdout => {
|
core.info(`🔓 Presetting passphrase for ${keygrip}`);
|
||||||
core.debug(stdout);
|
yield gpg.presetPassphrase(keygrip, inputs.passphrase).then(stdout => {
|
||||||
});
|
core.debug(stdout);
|
||||||
}
|
});
|
||||||
|
}
|
||||||
|
}));
|
||||||
}
|
}
|
||||||
core.info('🛒 Setting outputs...');
|
core.info('🛒 Setting outputs...');
|
||||||
context.setOutput('fingerprint', privateKey.fingerprint);
|
context.setOutput('fingerprint', privateKey.fingerprint);
|
||||||
|
@ -472,7 +477,7 @@ function run() {
|
||||||
}
|
}
|
||||||
if (inputs.gitPushGpgsign) {
|
if (inputs.gitPushGpgsign) {
|
||||||
core.info('💎 Sign all pushes automatically');
|
core.info('💎 Sign all pushes automatically');
|
||||||
yield git.setConfig('push.gpgsign', 'true');
|
yield git.setConfig('push.gpgsign', inputs.gitPushGpgsign);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,7 +7,7 @@ export interface Inputs {
|
||||||
gitUserSigningkey: boolean;
|
gitUserSigningkey: boolean;
|
||||||
gitCommitGpgsign: boolean;
|
gitCommitGpgsign: boolean;
|
||||||
gitTagGpgsign: boolean;
|
gitTagGpgsign: boolean;
|
||||||
gitPushGpgsign: boolean;
|
gitPushGpgsign: string;
|
||||||
gitCommitterName: string;
|
gitCommitterName: string;
|
||||||
gitCommitterEmail: string;
|
gitCommitterEmail: string;
|
||||||
workdir: string;
|
workdir: string;
|
||||||
|
@ -20,7 +20,7 @@ export async function getInputs(): Promise<Inputs> {
|
||||||
gitUserSigningkey: core.getBooleanInput('git-user-signingkey'),
|
gitUserSigningkey: core.getBooleanInput('git-user-signingkey'),
|
||||||
gitCommitGpgsign: core.getBooleanInput('git-commit-gpgsign'),
|
gitCommitGpgsign: core.getBooleanInput('git-commit-gpgsign'),
|
||||||
gitTagGpgsign: core.getBooleanInput('git-tag-gpgsign'),
|
gitTagGpgsign: core.getBooleanInput('git-tag-gpgsign'),
|
||||||
gitPushGpgsign: core.getBooleanInput('git-push-gpgsign'),
|
gitPushGpgsign: core.getInput('git-push-gpgsign') || 'if-asked',
|
||||||
gitCommitterName: core.getInput('git-committer-name'),
|
gitCommitterName: core.getInput('git-committer-name'),
|
||||||
gitCommitterEmail: core.getInput('git-committer-email'),
|
gitCommitterEmail: core.getInput('git-committer-email'),
|
||||||
workdir: core.getInput('workdir') || '.'
|
workdir: core.getInput('workdir') || '.'
|
||||||
|
|
49
src/main.ts
49
src/main.ts
|
@ -15,26 +15,29 @@ async function run(): Promise<void> {
|
||||||
process.chdir(inputs.workdir);
|
process.chdir(inputs.workdir);
|
||||||
}
|
}
|
||||||
|
|
||||||
core.info('📣 GnuPG info');
|
|
||||||
const version = await gpg.getVersion();
|
const version = await gpg.getVersion();
|
||||||
const dirs = await gpg.getDirs();
|
const dirs = await gpg.getDirs();
|
||||||
core.info(`Version : ${version.gnupg} (libgcrypt ${version.libgcrypt})`);
|
await core.group(`📣 GnuPG info`, async () => {
|
||||||
core.info(`Libdir : ${dirs.libdir}`);
|
core.info(`Version : ${version.gnupg} (libgcrypt ${version.libgcrypt})`);
|
||||||
core.info(`Libexecdir : ${dirs.libexecdir}`);
|
core.info(`Libdir : ${dirs.libdir}`);
|
||||||
core.info(`Datadir : ${dirs.datadir}`);
|
core.info(`Libexecdir : ${dirs.libexecdir}`);
|
||||||
core.info(`Homedir : ${dirs.homedir}`);
|
core.info(`Datadir : ${dirs.datadir}`);
|
||||||
|
core.info(`Homedir : ${dirs.homedir}`);
|
||||||
|
});
|
||||||
|
|
||||||
core.info('🔮 Checking GPG private key');
|
|
||||||
const privateKey = await openpgp.readPrivateKey(inputs.gpgPrivateKey);
|
const privateKey = await openpgp.readPrivateKey(inputs.gpgPrivateKey);
|
||||||
core.debug(`Fingerprint : ${privateKey.fingerprint}`);
|
await core.group(`🔮 Checking GPG private key`, async () => {
|
||||||
core.debug(`KeyID : ${privateKey.keyID}`);
|
core.info(`Fingerprint : ${privateKey.fingerprint}`);
|
||||||
core.debug(`Name : ${privateKey.name}`);
|
core.info(`KeyID : ${privateKey.keyID}`);
|
||||||
core.debug(`Email : ${privateKey.email}`);
|
core.info(`Name : ${privateKey.name}`);
|
||||||
core.debug(`CreationTime : ${privateKey.creationTime}`);
|
core.info(`Email : ${privateKey.email}`);
|
||||||
|
core.info(`CreationTime : ${privateKey.creationTime}`);
|
||||||
|
});
|
||||||
|
|
||||||
core.info('🔑 Importing GPG private key');
|
await core.group(`🔑 Importing GPG private key`, async () => {
|
||||||
await gpg.importKey(inputs.gpgPrivateKey).then(stdout => {
|
await gpg.importKey(inputs.gpgPrivateKey).then(stdout => {
|
||||||
core.debug(stdout);
|
core.info(stdout);
|
||||||
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
if (inputs.passphrase) {
|
if (inputs.passphrase) {
|
||||||
|
@ -42,12 +45,14 @@ async function run(): Promise<void> {
|
||||||
await gpg.configureAgent(gpg.agentConfig);
|
await gpg.configureAgent(gpg.agentConfig);
|
||||||
|
|
||||||
core.info('📌 Getting keygrips');
|
core.info('📌 Getting keygrips');
|
||||||
for (let keygrip of await gpg.getKeygrips(privateKey.fingerprint)) {
|
await core.group(`📌 Getting keygrips`, async () => {
|
||||||
core.info(`🔓 Presetting passphrase for ${keygrip}`);
|
for (let keygrip of await gpg.getKeygrips(privateKey.fingerprint)) {
|
||||||
await gpg.presetPassphrase(keygrip, inputs.passphrase).then(stdout => {
|
core.info(`🔓 Presetting passphrase for ${keygrip}`);
|
||||||
core.debug(stdout);
|
await gpg.presetPassphrase(keygrip, inputs.passphrase).then(stdout => {
|
||||||
});
|
core.debug(stdout);
|
||||||
}
|
});
|
||||||
|
}
|
||||||
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
core.info('🛒 Setting outputs...');
|
core.info('🛒 Setting outputs...');
|
||||||
|
@ -82,7 +87,7 @@ async function run(): Promise<void> {
|
||||||
}
|
}
|
||||||
if (inputs.gitPushGpgsign) {
|
if (inputs.gitPushGpgsign) {
|
||||||
core.info('💎 Sign all pushes automatically');
|
core.info('💎 Sign all pushes automatically');
|
||||||
await git.setConfig('push.gpgsign', 'true');
|
await git.setConfig('push.gpgsign', inputs.gitPushGpgsign);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} catch (error) {
|
} catch (error) {
|
||||||
|
|
Loading…
Add table
Reference in a new issue