Handle if-asked for git-push-gpgsign input

crazy-max · Aug 10, 2021 · 983aafb · 983aafb
1 parent 5d41f45
commit 983aafb
Show file tree

Hide file tree

Showing 8 changed files with 65 additions and 107 deletions.
diff --git a/.github/ghaction-import-gpg.png b/.github/ghaction-import-gpg.png
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -47,7 +47,7 @@ jobs:
           git-user-signingkey: true
           git-commit-gpgsign: true
           git-tag-gpgsign: true
-          git-push-gpgsign: true
+          git-push-gpgsign: if-asked
       -
         name: GPG user IDs
         run: |
@@ -88,7 +88,7 @@ jobs:
           git-user-signingkey: true
           git-commit-gpgsign: true
           git-tag-gpgsign: true
-          git-push-gpgsign: true
+          git-push-gpgsign: if-asked
       -
         name: GPG user IDs
         run: |

diff --git a/Dockerfile.dev b/Dockerfile.dev
diff --git a/README.md b/README.md
@@ -53,7 +53,8 @@ gpg --armor --export-secret-key joe@foo.bar | xclip -selection clipboard -i
 gpg --armor --export-secret-key joe@foo.bar | xclip
 ```
 
-Paste your clipboard as a [`secret`](https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets) named `GPG_PRIVATE_KEY` for example. Create another secret with the `PASSPHRASE` if applicable.
+Paste your clipboard as a [`secret`](https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets)
+named `GPG_PRIVATE_KEY` for example. Create another secret with the `PASSPHRASE` if applicable.
 
 ## Usage
 
@@ -135,7 +136,7 @@ Following inputs can be used as `step.with` keys
 | `git-user-signingkey`                 | Bool    | Set GPG signing keyID for this Git repository (default `false`) |
 | `git-commit-gpgsign`**¹**             | Bool    | Sign all commits automatically. (default `false`) |
 | `git-tag-gpgsign`**¹**                | Bool    | Sign all tags automatically. (default `false`) |
-| `git-push-gpgsign`**¹**               | Bool    | Sign all pushes automatically. (default `false`) |
+| `git-push-gpgsign`**¹**               | String  | Sign all pushes automatically. (default `if-asked`) |
 | `git-committer-name`**¹**             | String  | Set commit author's name (defaults to the name associated with the GPG key) |
 | `git-committer-email`**¹**            | String  | Set commit author's email (defaults to the email address associated with the GPG key) |
 | `workdir`                             | String  | Working directory (below repository root) (default `.`) |

diff --git a/action.yml b/action.yml
@@ -27,7 +27,7 @@ inputs:
     required: false
   git-push-gpgsign:
     description: 'Sign all pushes automatically. git-user-signingkey needs to be enabled'
-    default: 'false'
+    default: 'if-asked'
     required: false
   git-committer-name:
     description: 'Commit author''s name'

diff --git a/dist/index.js b/dist/index.js
diff --git a/src/context.ts b/src/context.ts
@@ -7,7 +7,7 @@ export interface Inputs {
   gitUserSigningkey: boolean;
   gitCommitGpgsign: boolean;
   gitTagGpgsign: boolean;
-  gitPushGpgsign: boolean;
+  gitPushGpgsign: string;
   gitCommitterName: string;
   gitCommitterEmail: string;
   workdir: string;
@@ -20,7 +20,7 @@ export async function getInputs(): Promise<Inputs> {
     gitUserSigningkey: /true/i.test(core.getInput('git-user-signingkey')),
     gitCommitGpgsign: /true/i.test(core.getInput('git-commit-gpgsign')),
     gitTagGpgsign: /true/i.test(core.getInput('git-tag-gpgsign')),
-    gitPushGpgsign: /true/i.test(core.getInput('git-push-gpgsign')),
+    gitPushGpgsign: core.getInput('git-push-gpgsign'),
     gitCommitterName: core.getInput('git-committer-name'),
     gitCommitterEmail: core.getInput('git-committer-email'),
     workdir: core.getInput('workdir') || '.'

diff --git a/src/main.ts b/src/main.ts
@@ -15,39 +15,44 @@ async function run(): Promise<void> {
       process.chdir(inputs.workdir);
     }
 
-    core.info('📣 GnuPG info');
     const version = await gpg.getVersion();
     const dirs = await gpg.getDirs();
-    core.info(`Version    : ${version.gnupg} (libgcrypt ${version.libgcrypt})`);
-    core.info(`Libdir     : ${dirs.libdir}`);
-    core.info(`Libexecdir : ${dirs.libexecdir}`);
-    core.info(`Datadir    : ${dirs.datadir}`);
-    core.info(`Homedir    : ${dirs.homedir}`);
+    await core.group(`📣 GnuPG info`, async () => {
+      core.info(`Version    : ${version.gnupg} (libgcrypt ${version.libgcrypt})`);
+      core.info(`Libdir     : ${dirs.libdir}`);
+      core.info(`Libexecdir : ${dirs.libexecdir}`);
+      core.info(`Datadir    : ${dirs.datadir}`);
+      core.info(`Homedir    : ${dirs.homedir}`);
+    });
 
-    core.info('🔮 Checking GPG private key');
     const privateKey = await openpgp.readPrivateKey(inputs.gpgPrivateKey);
-    core.debug(`Fingerprint  : ${privateKey.fingerprint}`);
-    core.debug(`KeyID        : ${privateKey.keyID}`);
-    core.debug(`Name         : ${privateKey.name}`);
-    core.debug(`Email        : ${privateKey.email}`);
-    core.debug(`CreationTime : ${privateKey.creationTime}`);
-
-    core.info('🔑 Importing GPG private key');
-    await gpg.importKey(inputs.gpgPrivateKey).then(stdout => {
-      core.debug(stdout);
+    await core.group(`🔮 Checking GPG private key`, async () => {
+      core.info(`Fingerprint  : ${privateKey.fingerprint}`);
+      core.info(`KeyID        : ${privateKey.keyID}`);
+      core.info(`Name         : ${privateKey.name}`);
+      core.info(`Email        : ${privateKey.email}`);
+      core.info(`CreationTime : ${privateKey.creationTime}`);
+    });
+
+    await core.group(`🔑 Importing GPG private key`, async () => {
+      await gpg.importKey(inputs.gpgPrivateKey).then(stdout => {
+        core.info(stdout);
+      });
     });
 
     if (inputs.passphrase) {
       core.info('⚙️ Configuring GnuPG agent');
       await gpg.configureAgent(gpg.agentConfig);
 
       core.info('📌 Getting keygrips');
-      for (let keygrip of await gpg.getKeygrips(privateKey.fingerprint)) {
-        core.info(`🔓 Presetting passphrase for ${keygrip}`);
-        await gpg.presetPassphrase(keygrip, inputs.passphrase).then(stdout => {
-          core.debug(stdout);
-        });
-      }
+      await core.group(`📌 Getting keygrips`, async () => {
+        for (let keygrip of await gpg.getKeygrips(privateKey.fingerprint)) {
+          core.info(`🔓 Presetting passphrase for ${keygrip}`);
+          await gpg.presetPassphrase(keygrip, inputs.passphrase).then(stdout => {
+            core.debug(stdout);
+          });
+        }
+      });
     }
 
     core.info('🛒 Setting outputs...');
@@ -82,7 +87,7 @@ async function run(): Promise<void> {
       }
       if (inputs.gitPushGpgsign) {
         core.info('💎 Sign all pushes automatically');
-        await git.setConfig('push.gpgsign', 'true');
+        await git.setConfig('push.gpgsign', inputs.gitPushGpgsign);
       }
     }
   } catch (error) {