adding support for gpg commit signing

DeterminateSystems · Jul 15, 2022 · d520330 · d520330
1 parent 2026a4b
commit d520330
Showing 1 changed file with 36 additions and 1 deletion.
diff --git a/action.yml b/action.yml
@@ -25,14 +25,49 @@ inputs:
     description: 'A comma or newline separated list of labels to set on the Pull Request to be created'
     required: false
     default: ''
+  sign-commits:
+    description: 'Set to true if the action should sign the commit with GPG'
+    required: false
+    default: ''
+  gpg-private-key:
+    description: 'GPG Private Key with which to sign the commits in the PR to be created'
+    required: false
+    default: ''
+  gpg-passphrase:
+    description: 'GPG Private Key Passphrase for the GPG Private Key with which to sign the commits in the PR to be created'
+    required: false
+    default: ''
 outputs:
   pull-request-number:
     description: 'The number of the opened pull request'
     value: ${{ steps.create-pr.outputs.pull-request-number }}
 runs:
   using: "composite"
   steps:
-    - run: $GITHUB_ACTION_PATH/update-flake-lock.sh
+    - name: Import bot's GPG key for signing commits
+      if: ${{ inputs.sign-commits }}
+      id: import-gpg
+      uses: crazy-max/ghaction-import-gpg@v4
+      with:
+        gpg-private-key: ${{ inputs.gpg-private-key }}
+        passphrase: ${{ inputs.gpg-passphrase }}
+        git_config_global: true
+        git_user_signingkey: true
+        git_commit_gpgsign: true
+    - name: Run update-flake-lock.sh (signed commit)
+      run: $GITHUB_ACTION_PATH/update-flake-lock.sh
+      if: ${{ inputs.sign-commits }}
+      shell: bash
+      env:
+        GIT_AUTHOR_NAME: ${{ steps.import-gpg.outputs.name }}
+        GIT_AUTHOR_EMAIL: ${{ steps.import-gpg.outputs.email }}
+        GIT_COMMITTER_NAME: ${{ steps.import-gpg.outputs.name }}
+        GIT_COMMITTER_EMAIL: ${{ steps.import-gpg.outputs.email }}
+        TARGETS: ${{ inputs.inputs }}
+        COMMIT_MSG: ${{ inputs.commit-msg }}
+    - name: Run update-flake-lock.sh (no commit signing)
+      run: $GITHUB_ACTION_PATH/update-flake-lock.sh
+      if: ${{ !inputs.sign-commits }}
       shell: bash
       env:
         GIT_AUTHOR_NAME: github-actions[bot]