From cec582ee2fc98db86d2cb5335a33a2fdaa59f418 Mon Sep 17 00:00:00 2001 From: andy Augustin Date: Mon, 11 Mar 2024 20:45:14 +0100 Subject: [PATCH] feat: :sparkles: gpg sign with passphrase (#460) * feat: :sparkles: (#204) add gnupg to docker image * feat: :sparkles: (#204) add option to sign commits * fix: :bug: (#204) issue with tty * fix: :bug: (#204) fix issue with no tty * fix: :bug: (#204) fix issue with no passphrase * fix: :bug: (#204) trial * fix: :bug: (#204) trial for fix * fix: :bug: (#204) fix * fix: :bug: (#204) trial * fix: :bug: (#204) add pinentry mode loopback * fix: :bug: (#204) * feat: :sparkles: (#204) add signoff and tig * fix: :bug: (#204) fix commit * fix: :bug: (#204) * fix: :bug: (#204) trial * fix: :bug: (#204) * fix: :bug: trial for gpg sign * fix: :construction: wip * fix: :construction: WIP * fix: :construction: WIP * fix: :bug: * fix: :bug: --- README.md | 3 ++- action.yml | 3 +++ src/gpg_no_tty.sh | 4 +--- src/sync_template.sh | 2 +- 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index d3f79d1e..cf438697 100644 --- a/README.md +++ b/README.md @@ -254,6 +254,7 @@ jobs: | git_user_email | `[optional]` set the committer git user.email | `false` | `github-action@actions-template-sync.noreply.${SOURCE_REPO_HOSTNAME}` | | git_remote_pull_params | `[optional]` set remote pull parameters | `false` | `--allow-unrelated-histories --squash --strategy=recursive -X theirs` | | gpg_private_key | `[optional]` set if you want to sign commits | `false` | | +| gpg_passphrase | `[optional]` set if your optionial gpg private key has a passphrase | `false` | | ### Action Outputs @@ -332,7 +333,7 @@ gpg --armor --export-secret-key jon@doe.example | xclip :warning: the gpg username and email must match the `git_user_name` and `git_user_email` parameters. Paste your clipboard as a [secret][github-create-secret] named `GPG_PRIVATE_KEY` for example. -:warning: currently a pgp key with passphrase is not supported (yet). +If your key has a password, create another secret named `GPG_PASSPHRASE`. ```yaml # File: .github/workflows/template-sync.yml diff --git a/action.yml b/action.yml index 3bb3e6f2..41f8b6b5 100644 --- a/action.yml +++ b/action.yml @@ -59,6 +59,8 @@ inputs: description: "[optional] set the pull parameters for the remote repository" gpg_private_key: description: "[optional] set the gpg private key if you want to sign your commits" + gpg_passphrase: + description: "[optional] set if your private gpg key has a password" runs: using: "docker" image: "src/Dockerfile" @@ -84,3 +86,4 @@ runs: GIT_USER_EMAIL: ${{ inputs.git_user_email }} GIT_REMOTE_PULL_PARAMS: ${{ inputs.git_remote_pull_params }} GPG_PRIVATE_KEY: ${{ inputs.gpg_private_key }} + GPG_PASSPHRASE: ${{ inputs.gpg_passphrase }} diff --git a/src/gpg_no_tty.sh b/src/gpg_no_tty.sh index e742a973..63d1c85c 100644 --- a/src/gpg_no_tty.sh +++ b/src/gpg_no_tty.sh @@ -1,9 +1,7 @@ #!/usr/bin/env bash if [[ -n "${GPG_PASSPHRASE}" ]] &>/dev/null; then - # echo -e "${GPG_PASSPHRASE}" | gpg --pinentry-mode loopback --batch --yes --passphrase-fd 0 "$@" <&0 - echo "::error::currently gpg with passphrase is not supported" - exit 1 + gpg --pinentry-mode loopback --batch --yes --passphrase "${GPG_PASSPHRASE}" "$@" <&0 else gpg --pinentry-mode loopback --yes --batch "$@" <&0 fi diff --git a/src/sync_template.sh b/src/sync_template.sh index 3e7c8dc0..e09309d4 100644 --- a/src/sync_template.sh +++ b/src/sync_template.sh @@ -312,7 +312,7 @@ function handle_templatesyncignore() { function prechecks() { info "prechecks" - echo "::group::force file deletion" + echo "::group::prechecks" check_branch_remote_existing "${NEW_BRANCH}" check_if_commit_already_in_hist_graceful_exit "${TEMPLATE_REMOTE_GIT_HASH}"