Set passphrase only for the fingerprint being used

[josecelano]

Relates to: #119 (comment)

I had problems using a signing subkey.

How to reproduce:

1. Create a new GPG key.
2. Create a subkey only for signing.
3. Remove signing usage to the primary key.
4. Export only signing subkey. The exported key contains the primary key but you can not use it.
5. Import the subkey in a temp GPG home dir.
6. CHange the passphrase for the key.

That is the process to upload a signing subkey to GitHub with a different passphrase.

Using that key this action tries to preset the passphrase for all the subkeys, including the primary key. Since the primary key is not functional I got an error. I have changed the code to only preset the key for the subkey if you specify the input fingerprint.

I've tested the change in this repo: https://github.com/Nautilus-Cyberneering/chinese-ideographs-website/runs/5336330660?check_suite_focus=true#step:4:40

[crazy-max]

@josecelano Thanks for this! A test seems to fail: https://github.com/crazy-max/ghaction-import-gpg/runs/5336379690?check_suite_focus=true#step:4:337

[josecelano]

@josecelano Thanks for this! A test seems to fail: https://github.com/crazy-max/ghaction-import-gpg/runs/5336379690?check_suite_focus=true#step:4:337

It was only a temp test to give an example. I've used a key from my keyring. I was afraid that the tests could change things in my personal keyrgrip because I do not see where you overwrite the GPG homedir for the tests. I thought a maintainer could move the test for the new function to the gpg.test.ts file before merging the PR. I can do it but then It will take me more time because I have to load the test key and add the subkeys fingerprints to userInfos.

[josecelano]

By the way @crazy-max I'm using part of this repo's code here. I've included a link on the README t this repo. Although we might remove the signing feature from that action in the future.

[josecelano]

@crazy-max I've changed the code to use the test GPG keys already used by the tests.

[codecov]

Codecov Report

Merging #123 (4f04496) into master (343bb93) will increase coverage by 0.65%.
The diff coverage is 86.66%.

@@            Coverage Diff             @@
##           master     #123      +/-   ##
==========================================
+ Coverage   81.30%   81.96%   +0.65%     
==========================================
  Files           3        3              
  Lines         107      122      +15     
  Branches       23       25       +2     
==========================================
+ Hits           87      100      +13     
  Misses         11       11              
- Partials        9       11       +2     

Impacted Files	Coverage Δ
src/gpg.ts	79.80% <86.66%> (+1.15%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 343bb93...4f04496. Read the comment docs.

[crazy-max]

LGTM thanks! I wonder if you could add an example using a subkey and a specific fingerprint in usage section of the README https://github.com/crazy-max/ghaction-import-gpg#usage?

[crazy-max]

Oh and also add a new job in https://github.com/crazy-max/ghaction-import-gpg/blob/master/.github/workflows/ci.yml to test that behavior as e2e test if you want but not required.

EDIT: Actually I think that's fine with UT. Forget what I said.

[crazy-max]

Awesome thanks!