diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3b9f26e..35456e4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -35,6 +35,8 @@ jobs: - name: Import GPG key uses: ./ + with: + git_gpgsign: true env: SIGNING_KEY: ${{ secrets.SIGNING_KEY_TEST }} PASSPHRASE: ${{ secrets.PASSPHRASE_TEST }} diff --git a/README.md b/README.md index 6930968..343d012 100644 --- a/README.md +++ b/README.md @@ -17,6 +17,7 @@ If you are interested, [check out](https://git.io/Je09Y) my other :octocat: GitH * Works on Linux and MacOS [virtual environments](https://help.github.com/en/articles/virtual-environments-for-github-actions#supported-virtual-environments-and-hardware-resources) * Allow to seed the internal cache of `gpg-agent` with provided passphrase * Purge imported GPG key and cache information from runner (security) +* Enable signing for Git commits and tags ## Usage @@ -36,7 +37,9 @@ jobs: uses: actions/checkout@v2 - name: Import GPG key - uses: crazy-max/ghaction-import-gpg@master + uses: crazy-max/ghaction-import-gpg@v1 + with: + git_gpgsign: true env: SIGNING_KEY: ${{ secrets.SIGNING_KEY }} PASSPHRASE: ${{ secrets.PASSPHRASE }} @@ -44,6 +47,14 @@ jobs: ## Customizing +### inputs + +Following inputs can be used as `step.with` keys + +| Name | Type | Description | +|----------------------|---------|----------------------------------------------------------| +| `git_gpgsign` | Bool | Enable signing for this Git repository (default `false`) | + ### environment variables Following environment variables can be used as `step.env` keys diff --git a/action.yml b/action.yml index caefe8b..9305321 100644 --- a/action.yml +++ b/action.yml @@ -6,6 +6,11 @@ branding: color: 'yellow' icon: 'lock' +inputs: + git_gpgsign: + description: 'Enable signing for this Git repository' + default: 'false' + runs: using: 'node12' main: 'dist/index.js' diff --git a/dist/index.js b/dist/index.js index d7ee77c..ad77582 100644 --- a/dist/index.js +++ b/dist/index.js @@ -1015,6 +1015,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) { }; Object.defineProperty(exports, "__esModule", { value: true }); const core = __importStar(__webpack_require__(470)); +const git = __importStar(__webpack_require__(453)); const gpg = __importStar(__webpack_require__(207)); const openpgp = __importStar(__webpack_require__(781)); const stateHelper = __importStar(__webpack_require__(153)); @@ -1059,6 +1060,11 @@ function run() { core.debug(stdout); }); } + if (/true/i.test(core.getInput('git_gpgsign'))) { + core.info('💎 Enable signing for this Git repository'); + yield git.enableCommitGpgsign(); + yield git.setUserSigningkey(privateKey.keyID); + } } catch (error) { core.setFailed(error.message); @@ -1378,6 +1384,53 @@ function escapeProperty(s) { } //# sourceMappingURL=command.js.map +/***/ }), + +/***/ 453: +/***/ (function(__unusedmodule, exports, __webpack_require__) { + +"use strict"; + +var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { + function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } + return new (P || (P = Promise))(function (resolve, reject) { + function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } + function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } + function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } + step((generator = generator.apply(thisArg, _arguments || [])).next()); + }); +}; +var __importStar = (this && this.__importStar) || function (mod) { + if (mod && mod.__esModule) return mod; + var result = {}; + if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k]; + result["default"] = mod; + return result; +}; +Object.defineProperty(exports, "__esModule", { value: true }); +const exec = __importStar(__webpack_require__(807)); +const git = (args = []) => __awaiter(void 0, void 0, void 0, function* () { + return yield exec.exec(`git`, args, true).then(res => { + if (res.stderr != '' && !res.success) { + throw new Error(res.stderr); + } + return res.stdout.trim(); + }); +}); +function enableCommitGpgsign() { + return __awaiter(this, void 0, void 0, function* () { + yield git(['config', 'commit.gpgsign', 'true']); + }); +} +exports.enableCommitGpgsign = enableCommitGpgsign; +function setUserSigningkey(keyid) { + return __awaiter(this, void 0, void 0, function* () { + yield git(['config', 'user.signingkey', keyid]); + }); +} +exports.setUserSigningkey = setUserSigningkey; + + /***/ }), /***/ 470: diff --git a/src/git.ts b/src/git.ts new file mode 100644 index 0000000..4fe6e44 --- /dev/null +++ b/src/git.ts @@ -0,0 +1,18 @@ +import * as exec from './exec'; + +const git = async (args: string[] = []): Promise => { + return await exec.exec(`git`, args, true).then(res => { + if (res.stderr != '' && !res.success) { + throw new Error(res.stderr); + } + return res.stdout.trim(); + }); +}; + +export async function enableCommitGpgsign(): Promise { + await git(['config', 'commit.gpgsign', 'true']); +} + +export async function setUserSigningkey(keyid: string): Promise { + await git(['config', 'user.signingkey', keyid]); +} diff --git a/src/main.ts b/src/main.ts index c035931..93f4ffc 100644 --- a/src/main.ts +++ b/src/main.ts @@ -1,4 +1,5 @@ import * as core from '@actions/core'; +import * as git from './git'; import * as gpg from './gpg'; import * as openpgp from './openpgp'; import * as stateHelper from './state-helper'; @@ -50,6 +51,12 @@ async function run(): Promise { core.debug(stdout); }); } + + if (/true/i.test(core.getInput('git_gpgsign'))) { + core.info('💎 Enable signing for this Git repository'); + await git.enableCommitGpgsign(); + await git.setUserSigningkey(privateKey.keyID); + } } catch (error) { core.setFailed(error.message); }