51 lines
1.5 KiB
YAML
51 lines
1.5 KiB
YAML
name: "Configure GPG and Git for Signed Commits"
|
|
description: "Sets up GPG and Git configuration for signed commits"
|
|
author: "Florian Kasper"
|
|
inputs:
|
|
GPG_SIGNING_KEY:
|
|
description: "Base64 encoded GPG signing key"
|
|
required: true
|
|
GPG_PASSPHRASE:
|
|
description: "Passphrase for the GPG key"
|
|
required: true
|
|
GPG_KEY_ID:
|
|
description: "GPG key ID"
|
|
required: true
|
|
GIT_USERNAME:
|
|
description: "Name of the Git User"
|
|
required: false
|
|
GIT_EMAIL:
|
|
description: "E-Mail of the verified User"
|
|
required: false
|
|
runs:
|
|
using: "composite"
|
|
steps:
|
|
- name: Configure GPG
|
|
shell: bash
|
|
run: |
|
|
echo -n "${{ inputs.GPG_SIGNING_KEY }}" | base64 --decode > gpg.key
|
|
gpg --batch --yes --passphrase "${{ inputs.GPG_PASSPHRASE }}" --pinentry-mode loopback --import gpg.key
|
|
rm gpg.key
|
|
|
|
mkdir -p ~/.gnupg
|
|
cat <<EOF > ~/.gnupg/gpg.conf
|
|
use-agent
|
|
EOF
|
|
|
|
cat <<EOF > ~/.gnupg/gpg-agent.conf
|
|
allow-loopback-pinentry
|
|
EOF
|
|
|
|
gpg-connect-agent reloadagent /bye
|
|
|
|
- name: Configure GIT
|
|
shell: bash
|
|
run: |
|
|
git config --global user.name "${{ inputs.GIT_USERNAME }}"
|
|
git config --global user.email "${{ inputs.GIT_EMAIL }}"
|
|
git config --global user.signingkey "${{ inputs.GPG_KEY_ID }}"
|
|
git config --global commit.gpgsign true
|
|
git config --global gpg.program gpg
|
|
echo "${{ inputs.GPG_PASSPHRASE }}" | gpg --batch --yes --passphrase-fd 0 --pinentry-mode loopback --sign -u ${{ inputs.GPG_KEY_ID }} -o /dev/null
|
|
|
|
|