feat: ✨ gpg sign with passphrase (#460)

* feat: ✨ (#204) add gnupg to docker image * feat: ✨ (#204) add option to sign commits * fix: 🐛 (#204) issue with tty * fix: 🐛 (#204) fix issue with no tty * fix: 🐛 (#204) fix issue with no passphrase * fix: 🐛 (#204) trial * fix: 🐛 (#204) trial for fix * fix: 🐛 (#204) fix * fix: 🐛 (#204) trial * fix: 🐛 (#204) add pinentry mode loopback * fix: 🐛 (#204) * feat: ✨ (#204) add signoff and tig * fix: 🐛 (#204) fix commit * fix: 🐛 (#204) * fix: 🐛 (#204) trial * fix: 🐛 (#204) * fix: 🐛 trial for gpg sign * fix: 🚧 wip * fix: 🚧 WIP * fix: 🚧 WIP * fix: 🐛 * fix: 🐛
AndreasAugustin · Mar 11, 2024 · cec582e · cec582e
1 parent 34c494e
commit cec582e
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -254,6 +254,7 @@ jobs:
 | git_user_email | `[optional]` set the committer git user.email | `false` | `github-action@actions-template-sync.noreply.${SOURCE_REPO_HOSTNAME}` |
 | git_remote_pull_params | `[optional]` set remote pull parameters | `false` | `--allow-unrelated-histories --squash --strategy=recursive -X theirs` |
 | gpg_private_key | `[optional]` set if you want to sign commits | `false` | |
+| gpg_passphrase | `[optional]` set if your optionial gpg private key has a passphrase | `false` | |
 
 ### Action Outputs
 
@@ -332,7 +333,7 @@ gpg --armor --export-secret-key jon@doe.example | xclip
 
 :warning: the gpg username and email must match the `git_user_name` and `git_user_email` parameters.
 Paste your clipboard as a [secret][github-create-secret] named `GPG_PRIVATE_KEY` for example.
-:warning: currently a pgp key with passphrase is not supported (yet).
+If your key has a password, create another secret named `GPG_PASSPHRASE`.
 
 ```yaml
 # File: .github/workflows/template-sync.yml

diff --git a/action.yml b/action.yml
@@ -59,6 +59,8 @@ inputs:
  description: "[optional] set the pull parameters for the remote repository"
  gpg_private_key:
  description: "[optional] set the gpg private key if you want to sign your commits"
+ gpg_passphrase:
+ description: "[optional] set if your private gpg key has a password"
 runs:
  using: "docker"
  image: "src/Dockerfile"
@@ -84,3 +86,4 @@ runs:
  GIT_USER_EMAIL: ${{ inputs.git_user_email }}
  GIT_REMOTE_PULL_PARAMS: ${{ inputs.git_remote_pull_params }}
  GPG_PRIVATE_KEY: ${{ inputs.gpg_private_key }}
+ GPG_PASSPHRASE: ${{ inputs.gpg_passphrase }}
diff --git a/src/gpg_no_tty.sh b/src/gpg_no_tty.sh
@@ -1,9 +1,7 @@
 #!/usr/bin/env bash
 
 if [[ -n "${GPG_PASSPHRASE}" ]] &>/dev/null; then
- # echo -e "${GPG_PASSPHRASE}" | gpg --pinentry-mode loopback --batch --yes --passphrase-fd 0 "$@" <&0
- echo "::error::currently gpg with passphrase is not supported"
- exit 1
+ gpg --pinentry-mode loopback --batch --yes --passphrase "${GPG_PASSPHRASE}" "$@" <&0
 else
  gpg --pinentry-mode loopback --yes --batch "$@" <&0
 fi

diff --git a/src/sync_template.sh b/src/sync_template.sh
@@ -312,7 +312,7 @@ function handle_templatesyncignore() {
 
 function prechecks() {
  info "prechecks"
- echo "::group::force file deletion"
+ echo "::group::prechecks"
  check_branch_remote_existing "${NEW_BRANCH}"
 
  check_if_commit_already_in_hist_graceful_exit "${TEMPLATE_REMOTE_GIT_HASH}"