diff --git a/README.md b/README.md index 6a7c303..bfce8b8 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,42 @@ -# verified-commit +# [Action] Signed Commits +This GitHub Action sets up GPG and Git configuration for repositories, enabling signed commits. + +## Features + +- Imports a GPG key and configures it for commit signing +- Sets global Git configurations for `user.name`, `user.email`, and GPG signing key + +## Usage + +### Step 1: Add the Action to Your Workflow + +To use this action in a repository, include it as a step in your workflow YAML file, specifying the required secrets: + +```yaml +jobs: + setup-gpg-git: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Configure GPG and Git for Signed Commits + uses: https://git.kasper.onl/automations/verified-commit@v0.0.1 + with: + GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }} + GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} + GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }} + GIT_USERNAME: "Jane Doe" + GIT_EMAIL: "jane.doe@example.com" +``` + +### Step 2: Add Required Secrets + +For this action to work, you'll need to add the following secrets to your GitHub repository: + +1. **GPG_SIGNING_KEY**: Your GPG signing key, base64-encoded. +2. **GPG_PASSPHRASE**: The passphrase associated with your GPG key. +3. **GPG_KEY_ID**: The ID of the GPG key used for signing +4. **GIT_USERNAME**: The username for the Git Config +5. **GIT_EMAIL**: The E-Mail for the Git Config diff --git a/action.yaml b/action.yaml new file mode 100644 index 0000000..223d086 --- /dev/null +++ b/action.yaml @@ -0,0 +1,51 @@ +name: "Configure GPG and Git for Signed Commits" +description: "Sets up GPG and Git configuration for signed commits" +author: "Florian Kasper" +inputs: + GPG_SIGNING_KEY: + description: "Base64 encoded GPG signing key" + required: true + GPG_PASSPHRASE: + description: "Passphrase for the GPG key" + required: true + GPG_KEY_ID: + description: "GPG key ID" + required: true + GIT_USERNAME: + description: "Name of the Git User" + required: false + GIT_EMAIL: + description: "E-Mail of the verified User" + required: false +runs: + using: "composite" + steps: + - name: Configure GPG + shell: bash + run: | + echo -n "${{ inputs.GPG_SIGNING_KEY }}" | base64 --decode > gpg.key + gpg --batch --yes --passphrase "${{ inputs.GPG_PASSPHRASE }}" --pinentry-mode loopback --import gpg.key + rm gpg.key + + mkdir -p ~/.gnupg + cat < ~/.gnupg/gpg.conf + use-agent + EOF + + cat < ~/.gnupg/gpg-agent.conf + allow-loopback-pinentry + EOF + + gpg-connect-agent reloadagent /bye + + - name: Configure GIT + shell: bash + run: | + git config --global user.name "${{ inputs.GIT_USERNAME }}" + git config --global user.email "${{ inputs.GIT_EMAIL }}" + git config --global user.signingkey "${{ inputs.GPG_KEY_ID }}" + git config --global commit.gpgsign true + git config --global gpg.program gpg + echo "${{ inputs.GPG_PASSPHRASE }}" | gpg --batch --yes --passphrase-fd 0 --pinentry-mode loopback --sign -u ${{ inputs.GPG_KEY_ID }} -o /dev/null + + \ No newline at end of file