2025-03-23 23:28:37 +01:00
|
|
|
# [Action] Signed Commits
|
2025-03-23 22:17:14 +00:00
|
|
|
|
2025-03-23 23:28:37 +01:00
|
|
|
This GitHub Action sets up GPG and Git configuration for repositories, enabling signed commits.
|
|
|
|
|
|
|
|
|
|
## Features
|
|
|
|
|
|
|
|
|
|
- Imports a GPG key and configures it for commit signing
|
|
|
|
|
- Sets global Git configurations for `user.name`, `user.email`, and GPG signing key
|
|
|
|
|
|
|
|
|
|
## Usage
|
|
|
|
|
|
|
|
|
|
### Step 1: Add the Action to Your Workflow
|
|
|
|
|
|
|
|
|
|
To use this action in a repository, include it as a step in your workflow YAML file, specifying the required secrets:
|
|
|
|
|
|
|
|
|
|
```yaml
|
|
|
|
|
jobs:
|
|
|
|
|
setup-gpg-git:
|
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
|
steps:
|
|
|
|
|
- name: Checkout code
|
|
|
|
|
uses: actions/checkout@v4
|
|
|
|
|
|
|
|
|
|
- name: Configure GPG and Git for Signed Commits
|
|
|
|
|
uses: https://git.kasper.onl/automations/verified-commit@v0.0.1
|
|
|
|
|
with:
|
|
|
|
|
GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }}
|
|
|
|
|
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
|
|
|
|
|
GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }}
|
|
|
|
|
GIT_USERNAME: "Jane Doe"
|
|
|
|
|
GIT_EMAIL: "jane.doe@example.com"
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
### Step 2: Add Required Secrets
|
|
|
|
|
|
|
|
|
|
For this action to work, you'll need to add the following secrets to your GitHub repository:
|
|
|
|
|
|
|
|
|
|
1. **GPG_SIGNING_KEY**: Your GPG signing key, base64-encoded.
|
|
|
|
|
2. **GPG_PASSPHRASE**: The passphrase associated with your GPG key.
|
|
|
|
|
3. **GPG_KEY_ID**: The ID of the GPG key used for signing
|
|
|
|
|
4. **GIT_USERNAME**: The username for the Git Config
|
|
|
|
|
5. **GIT_EMAIL**: The E-Mail for the Git Config
|
