adding support for gpg commit signing and custom pr body

DeterminateSystems · Jul 15, 2022 · 33e17a6 · 33e17a6
1 parent 2026a4b
commit 33e17a6
Showing 1 changed file with 60 additions and 21 deletions.
diff --git a/action.yml b/action.yml
@@ -21,18 +21,76 @@ inputs:
     description: 'The title of the PR to be created'
     required: false
     default: "flake.lock: Update"
+  pr-body:
+    description: 'The body of the PR to be created'
+    required: false
+    default: |
+      Automated changes by the [update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock) GitHub Action.
+
+      ```
+      ${{ steps.commit_message.outputs.msg }}
+      ```
+
+      ### Running GitHub Actions on this PR
+
+      GitHub Actions will not run workflows on pull requests which are opened by a GitHub Action.
+
+      To run GitHub Actions workflows on this PR, run:
+
+      ```sh
+      git branch -D update_flake_lock_action
+      git fetch origin
+      git checkout update_flake_lock_action
+      git commit --amend --no-edit
+      git push origin update_flake_lock_action --force
+      ```
   pr-labels:
     description: 'A comma or newline separated list of labels to set on the Pull Request to be created'
     required: false
     default: ''
+  sign-commits:
+    description: 'Set to true if the action should sign the commit with GPG'
+    required: false
+    default: ''
+  gpg-private-key:
+    description: 'GPG Private Key with which to sign the commits in the PR to be created'
+    required: false
+    default: ''
+  gpg-passphrase:
+    description: 'GPG Private Key Passphrase for the GPG Private Key with which to sign the commits in the PR to be created'
+    required: false
+    default: ''
 outputs:
   pull-request-number:
     description: 'The number of the opened pull request'
     value: ${{ steps.create-pr.outputs.pull-request-number }}
 runs:
   using: "composite"
   steps:
-    - run: $GITHUB_ACTION_PATH/update-flake-lock.sh
+    - name: Import bot's GPG key for signing commits
+      if: ${{ inputs.sign-commits }}
+      id: import-gpg
+      uses: crazy-max/ghaction-import-gpg@v4
+      with:
+        gpg-private-key: ${{ inputs.gpg-private-key }}
+        passphrase: ${{ inputs.gpg-passphrase }}
+        git_config_global: true
+        git_user_signingkey: true
+        git_commit_gpgsign: true
+    - name: Run update-flake-lock.sh (signed commit)
+      run: $GITHUB_ACTION_PATH/update-flake-lock.sh
+      if: ${{ inputs.sign-commits }}
+      shell: bash
+      env:
+        GIT_AUTHOR_NAME: ${{ steps.import-gpg.outputs.name }}
+        GIT_AUTHOR_EMAIL: ${{ steps.import-gpg.outputs.email }}
+        GIT_COMMITTER_NAME: ${{ steps.import-gpg.outputs.name }}
+        GIT_COMMITTER_EMAIL: ${{ steps.import-gpg.outputs.email }}
+        TARGETS: ${{ inputs.inputs }}
+        COMMIT_MSG: ${{ inputs.commit-msg }}
+    - name: Run update-flake-lock.sh (no commit signing)
+      run: $GITHUB_ACTION_PATH/update-flake-lock.sh
+      if: ${{ !inputs.sign-commits }}
       shell: bash
       env:
         GIT_AUTHOR_NAME: github-actions[bot]
@@ -58,23 +116,4 @@ runs:
         title: ${{ inputs.pr-title }}
         token: ${{ inputs.token }}
         labels: ${{ inputs.pr-labels }}
-        body: |
-          Automated changes by the [update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock) GitHub Action.
-
-          ```
-          ${{ steps.commit_message.outputs.msg }}
-          ```
-
-          ### Running GitHub Actions on this PR
-
-          GitHub Actions will not run workflows on pull requests which are opened by a GitHub Action.
-
-          To run GitHub Actions workflows on this PR, run:
-
-          ```sh
-          git branch -D update_flake_lock_action
-          git fetch origin
-          git checkout update_flake_lock_action
-          git commit --amend --no-edit
-          git push origin update_flake_lock_action --force
-          ```
+        body: ${{ inputs.pr-body }}