diff --git a/.github/ghaction-import-gpg.png b/.github/ghaction-import-gpg.png index d702c72c..a3a920e8 100644 Binary files a/.github/ghaction-import-gpg.png and b/.github/ghaction-import-gpg.png differ diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index bd54ab03..ce3e29fd 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -47,7 +47,7 @@ jobs: git-user-signingkey: true git-commit-gpgsign: true git-tag-gpgsign: true - git-push-gpgsign: true + git-push-gpgsign: if-asked - name: GPG user IDs run: | @@ -88,7 +88,7 @@ jobs: git-user-signingkey: true git-commit-gpgsign: true git-tag-gpgsign: true - git-push-gpgsign: true + git-push-gpgsign: if-asked - name: GPG user IDs run: | diff --git a/Dockerfile.dev b/Dockerfile.dev deleted file mode 100644 index f9a1dbcf..00000000 --- a/Dockerfile.dev +++ /dev/null @@ -1,53 +0,0 @@ -#syntax=docker/dockerfile:1.2 - -FROM node:12 AS deps -WORKDIR /src -COPY package.json yarn.lock ./ -RUN --mount=type=cache,target=/src/node_modules \ - yarn install - -FROM scratch AS update-yarn -COPY --from=deps /src/yarn.lock / - -FROM deps AS validate-yarn -COPY .git .git -RUN status=$(git status --porcelain -- yarn.lock); if [ -n "$status" ]; then echo $status; exit 1; fi - -FROM deps AS base -COPY . . - -FROM base AS build -RUN --mount=type=cache,target=/src/node_modules \ - yarn build - -FROM deps AS test -ARG GITHUB_REPOSITORY -ENV RUNNER_TEMP=/tmp/github_runner -ENV RUNNER_TOOL_CACHE=/tmp/github_tool_cache -ENV GITHUB_REPOSITORY=${GITHUB_REPOSITORY} -COPY . . -RUN --mount=type=cache,target=/src/node_modules \ - yarn run test - -FROM scratch AS test-coverage -COPY --from=test /src/coverage /coverage/ - -FROM base AS run-format -RUN --mount=type=cache,target=/src/node_modules \ - yarn run format - -FROM scratch AS format -COPY --from=run-format /src/src/*.ts /src/ - -FROM base AS validate-format -RUN --mount=type=cache,target=/src/node_modules \ - yarn run format-check - -FROM scratch AS dist -COPY --from=build /src/dist/ /dist/ - -FROM build AS validate-build -RUN status=$(git status --porcelain -- dist); if [ -n "$status" ]; then echo $status; exit 1; fi - -FROM base AS dev -ENTRYPOINT ["bash"] diff --git a/README.md b/README.md index d67c30db..9f80ac31 100644 --- a/README.md +++ b/README.md @@ -53,7 +53,8 @@ gpg --armor --export-secret-key joe@foo.bar | xclip -selection clipboard -i gpg --armor --export-secret-key joe@foo.bar | xclip ``` -Paste your clipboard as a [`secret`](https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets) named `GPG_PRIVATE_KEY` for example. Create another secret with the `PASSPHRASE` if applicable. +Paste your clipboard as a [`secret`](https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets) +named `GPG_PRIVATE_KEY` for example. Create another secret with the `PASSPHRASE` if applicable. ## Usage @@ -135,7 +136,7 @@ Following inputs can be used as `step.with` keys | `git-user-signingkey` | Bool | Set GPG signing keyID for this Git repository (default `false`) | | `git-commit-gpgsign`**¹** | Bool | Sign all commits automatically. (default `false`) | | `git-tag-gpgsign`**¹** | Bool | Sign all tags automatically. (default `false`) | -| `git-push-gpgsign`**¹** | Bool | Sign all pushes automatically. (default `false`) | +| `git-push-gpgsign`**¹** | String | Sign all pushes automatically. (default `if-asked`) | | `git-committer-name`**¹** | String | Set commit author's name (defaults to the name associated with the GPG key) | | `git-committer-email`**¹** | String | Set commit author's email (defaults to the email address associated with the GPG key) | | `workdir` | String | Working directory (below repository root) (default `.`) | diff --git a/action.yml b/action.yml index 9317e87f..a699ff2b 100644 --- a/action.yml +++ b/action.yml @@ -27,7 +27,7 @@ inputs: required: false git-push-gpgsign: description: 'Sign all pushes automatically. git-user-signingkey needs to be enabled' - default: 'false' + default: 'if-asked' required: false git-committer-name: description: 'Commit author''s name' diff --git a/dist/index.js b/dist/index.js index 01f0782a..86372b1c 100644 --- a/dist/index.js +++ b/dist/index.js @@ -47,7 +47,7 @@ function getInputs() { gitUserSigningkey: /true/i.test(core.getInput('git-user-signingkey')), gitCommitGpgsign: /true/i.test(core.getInput('git-commit-gpgsign')), gitTagGpgsign: /true/i.test(core.getInput('git-tag-gpgsign')), - gitPushGpgsign: /true/i.test(core.getInput('git-push-gpgsign')), + gitPushGpgsign: core.getInput('git-push-gpgsign'), gitCommitterName: core.getInput('git-committer-name'), gitCommitterEmail: core.getInput('git-committer-email'), workdir: core.getInput('workdir') || '.' @@ -415,35 +415,40 @@ function run() { core.info(`📂 Using ${inputs.workdir} as working directory...`); process.chdir(inputs.workdir); } - core.info('📣 GnuPG info'); const version = yield gpg.getVersion(); const dirs = yield gpg.getDirs(); - core.info(`Version : ${version.gnupg} (libgcrypt ${version.libgcrypt})`); - core.info(`Libdir : ${dirs.libdir}`); - core.info(`Libexecdir : ${dirs.libexecdir}`); - core.info(`Datadir : ${dirs.datadir}`); - core.info(`Homedir : ${dirs.homedir}`); - core.info('🔮 Checking GPG private key'); + yield core.group(`📣 GnuPG info`, () => __awaiter(this, void 0, void 0, function* () { + core.info(`Version : ${version.gnupg} (libgcrypt ${version.libgcrypt})`); + core.info(`Libdir : ${dirs.libdir}`); + core.info(`Libexecdir : ${dirs.libexecdir}`); + core.info(`Datadir : ${dirs.datadir}`); + core.info(`Homedir : ${dirs.homedir}`); + })); const privateKey = yield openpgp.readPrivateKey(inputs.gpgPrivateKey); - core.debug(`Fingerprint : ${privateKey.fingerprint}`); - core.debug(`KeyID : ${privateKey.keyID}`); - core.debug(`Name : ${privateKey.name}`); - core.debug(`Email : ${privateKey.email}`); - core.debug(`CreationTime : ${privateKey.creationTime}`); - core.info('🔑 Importing GPG private key'); - yield gpg.importKey(inputs.gpgPrivateKey).then(stdout => { - core.debug(stdout); - }); + yield core.group(`🔮 Checking GPG private key`, () => __awaiter(this, void 0, void 0, function* () { + core.info(`Fingerprint : ${privateKey.fingerprint}`); + core.info(`KeyID : ${privateKey.keyID}`); + core.info(`Name : ${privateKey.name}`); + core.info(`Email : ${privateKey.email}`); + core.info(`CreationTime : ${privateKey.creationTime}`); + })); + yield core.group(`🔑 Importing GPG private key`, () => __awaiter(this, void 0, void 0, function* () { + yield gpg.importKey(inputs.gpgPrivateKey).then(stdout => { + core.info(stdout); + }); + })); if (inputs.passphrase) { core.info('⚙️ Configuring GnuPG agent'); yield gpg.configureAgent(gpg.agentConfig); core.info('📌 Getting keygrips'); - for (let keygrip of yield gpg.getKeygrips(privateKey.fingerprint)) { - core.info(`🔓 Presetting passphrase for ${keygrip}`); - yield gpg.presetPassphrase(keygrip, inputs.passphrase).then(stdout => { - core.debug(stdout); - }); - } + yield core.group(`📌 Getting keygrips`, () => __awaiter(this, void 0, void 0, function* () { + for (let keygrip of yield gpg.getKeygrips(privateKey.fingerprint)) { + core.info(`🔓 Presetting passphrase for ${keygrip}`); + yield gpg.presetPassphrase(keygrip, inputs.passphrase).then(stdout => { + core.debug(stdout); + }); + } + })); } core.info('🛒 Setting outputs...'); context.setOutput('fingerprint', privateKey.fingerprint); @@ -472,7 +477,7 @@ function run() { } if (inputs.gitPushGpgsign) { core.info('💎 Sign all pushes automatically'); - yield git.setConfig('push.gpgsign', 'true'); + yield git.setConfig('push.gpgsign', inputs.gitPushGpgsign); } } } diff --git a/src/context.ts b/src/context.ts index 8b80e1c7..851a2e93 100644 --- a/src/context.ts +++ b/src/context.ts @@ -7,7 +7,7 @@ export interface Inputs { gitUserSigningkey: boolean; gitCommitGpgsign: boolean; gitTagGpgsign: boolean; - gitPushGpgsign: boolean; + gitPushGpgsign: string; gitCommitterName: string; gitCommitterEmail: string; workdir: string; @@ -20,7 +20,7 @@ export async function getInputs(): Promise { gitUserSigningkey: /true/i.test(core.getInput('git-user-signingkey')), gitCommitGpgsign: /true/i.test(core.getInput('git-commit-gpgsign')), gitTagGpgsign: /true/i.test(core.getInput('git-tag-gpgsign')), - gitPushGpgsign: /true/i.test(core.getInput('git-push-gpgsign')), + gitPushGpgsign: core.getInput('git-push-gpgsign'), gitCommitterName: core.getInput('git-committer-name'), gitCommitterEmail: core.getInput('git-committer-email'), workdir: core.getInput('workdir') || '.' diff --git a/src/main.ts b/src/main.ts index 296b35d8..5088abba 100644 --- a/src/main.ts +++ b/src/main.ts @@ -15,26 +15,29 @@ async function run(): Promise { process.chdir(inputs.workdir); } - core.info('📣 GnuPG info'); const version = await gpg.getVersion(); const dirs = await gpg.getDirs(); - core.info(`Version : ${version.gnupg} (libgcrypt ${version.libgcrypt})`); - core.info(`Libdir : ${dirs.libdir}`); - core.info(`Libexecdir : ${dirs.libexecdir}`); - core.info(`Datadir : ${dirs.datadir}`); - core.info(`Homedir : ${dirs.homedir}`); + await core.group(`📣 GnuPG info`, async () => { + core.info(`Version : ${version.gnupg} (libgcrypt ${version.libgcrypt})`); + core.info(`Libdir : ${dirs.libdir}`); + core.info(`Libexecdir : ${dirs.libexecdir}`); + core.info(`Datadir : ${dirs.datadir}`); + core.info(`Homedir : ${dirs.homedir}`); + }); - core.info('🔮 Checking GPG private key'); const privateKey = await openpgp.readPrivateKey(inputs.gpgPrivateKey); - core.debug(`Fingerprint : ${privateKey.fingerprint}`); - core.debug(`KeyID : ${privateKey.keyID}`); - core.debug(`Name : ${privateKey.name}`); - core.debug(`Email : ${privateKey.email}`); - core.debug(`CreationTime : ${privateKey.creationTime}`); - - core.info('🔑 Importing GPG private key'); - await gpg.importKey(inputs.gpgPrivateKey).then(stdout => { - core.debug(stdout); + await core.group(`🔮 Checking GPG private key`, async () => { + core.info(`Fingerprint : ${privateKey.fingerprint}`); + core.info(`KeyID : ${privateKey.keyID}`); + core.info(`Name : ${privateKey.name}`); + core.info(`Email : ${privateKey.email}`); + core.info(`CreationTime : ${privateKey.creationTime}`); + }); + + await core.group(`🔑 Importing GPG private key`, async () => { + await gpg.importKey(inputs.gpgPrivateKey).then(stdout => { + core.info(stdout); + }); }); if (inputs.passphrase) { @@ -42,12 +45,14 @@ async function run(): Promise { await gpg.configureAgent(gpg.agentConfig); core.info('📌 Getting keygrips'); - for (let keygrip of await gpg.getKeygrips(privateKey.fingerprint)) { - core.info(`🔓 Presetting passphrase for ${keygrip}`); - await gpg.presetPassphrase(keygrip, inputs.passphrase).then(stdout => { - core.debug(stdout); - }); - } + await core.group(`📌 Getting keygrips`, async () => { + for (let keygrip of await gpg.getKeygrips(privateKey.fingerprint)) { + core.info(`🔓 Presetting passphrase for ${keygrip}`); + await gpg.presetPassphrase(keygrip, inputs.passphrase).then(stdout => { + core.debug(stdout); + }); + } + }); } core.info('🛒 Setting outputs...'); @@ -82,7 +87,7 @@ async function run(): Promise { } if (inputs.gitPushGpgsign) { core.info('💎 Sign all pushes automatically'); - await git.setConfig('push.gpgsign', 'true'); + await git.setConfig('push.gpgsign', inputs.gitPushGpgsign); } } } catch (error) {