automations/verified-commit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
verified-commit/README.md
Florian Kasper efc3fd0a56 Add Action
2025-03-23 23:28:37 +01:00

1.4 KiB
Raw Permalink Blame History

[Action] Signed Commits

This GitHub Action sets up GPG and Git configuration for repositories, enabling signed commits.

Features

  • Imports a GPG key and configures it for commit signing
  • Sets global Git configurations for user.name, user.email, and GPG signing key

Usage

Step 1: Add the Action to Your Workflow

To use this action in a repository, include it as a step in your workflow YAML file, specifying the required secrets:

jobs:
  setup-gpg-git:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Configure GPG and Git for Signed Commits
        uses: https://git.kasper.onl/automations/verified-commit@v0.0.1
        with:
          GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }}
          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
          GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }}
          GIT_USERNAME: "Jane Doe"
          GIT_EMAIL: "jane.doe@example.com"

Step 2: Add Required Secrets

For this action to work, you'll need to add the following secrets to your GitHub repository:

  1. GPG_SIGNING_KEY: Your GPG signing key, base64-encoded.
  2. GPG_PASSPHRASE: The passphrase associated with your GPG key.
  3. GPG_KEY_ID: The ID of the GPG key used for signing
  4. GIT_USERNAME: The username for the Git Config
  5. GIT_EMAIL: The E-Mail for the Git Config