name: "Configure GPG and Git for Signed Commits"
description: "Sets up GPG and Git configuration for signed commits"
author: "Florian Kasper"
inputs:
  GPG_SIGNING_KEY:
    description: "Base64 encoded GPG signing key"
    required: true
  GPG_PASSPHRASE:
    description: "Passphrase for the GPG key"
    required: true
  GPG_KEY_ID:
    description: "GPG key ID"
    required: true
  GIT_USERNAME:
    description: "Name of the Git User"
    required: false
  GIT_EMAIL:
    description: "E-Mail of the verified User"
    required: false
runs:
  using: "composite"
  steps:
    - name: Configure GPG
      shell: bash
      run: |
        echo -n "${{ inputs.GPG_SIGNING_KEY }}" | base64 --decode > gpg.key
        gpg --batch --yes --passphrase "${{ inputs.GPG_PASSPHRASE }}" --pinentry-mode loopback --import gpg.key
        rm gpg.key

        mkdir -p ~/.gnupg
        cat <<EOF > ~/.gnupg/gpg.conf
        use-agent
        EOF

        cat <<EOF > ~/.gnupg/gpg-agent.conf
        allow-loopback-pinentry
        EOF

        gpg-connect-agent reloadagent /bye

    - name: Configure GIT
      shell: bash
      run: |
        git config --global user.name "${{ inputs.GIT_USERNAME }}"
        git config --global user.email "${{ inputs.GIT_EMAIL }}"
        git config --global user.signingkey "${{ inputs.GPG_KEY_ID }}"
        git config --global commit.gpgsign true
        git config --global gpg.program gpg
        echo "${{ inputs.GPG_PASSPHRASE }}" | gpg --batch --yes --passphrase-fd 0 --pinentry-mode loopback --sign -u ${{ inputs.GPG_KEY_ID }} -o /dev/null