adding support for gpg commit signing

This commit is contained in:
Eduardo Robles Elvira 2022-07-15 04:49:42 +02:00
parent 2026a4bf1a
commit 1c5f270731
No known key found for this signature in database
GPG Key ID: 491C6606E148460C
1 changed files with 36 additions and 1 deletions

View File

@ -25,6 +25,18 @@ inputs:
description: 'A comma or newline separated list of labels to set on the Pull Request to be created' description: 'A comma or newline separated list of labels to set on the Pull Request to be created'
required: false required: false
default: '' default: ''
sign-commits:
description: 'Set to true if the action should sign the commit with GPG'
required: false
default: ''
gpg-private-key:
description: 'GPG Private Key with which to sign the commits in the PR to be created'
required: false
default: ''
gpg-passphrase:
description: 'GPG Private Key Passphrase for the GPG Private Key with which to sign the commits in the PR to be created'
required: false
default: ''
outputs: outputs:
pull-request-number: pull-request-number:
description: 'The number of the opened pull request' description: 'The number of the opened pull request'
@ -32,7 +44,30 @@ outputs:
runs: runs:
using: "composite" using: "composite"
steps: steps:
- run: $GITHUB_ACTION_PATH/update-flake-lock.sh - name: Import bot's GPG key for signing commits
if: ${{ inputs.sign-commits }}
id: import-gpg
uses: crazy-max/ghaction-import-gpg@v4
with:
gpg_private_key: ${{ inputs.gpg-private-key }}
passphrase: ${{ inputs.gpg-passphrase }}
git_config_global: true
git_user_signingkey: true
git_commit_gpgsign: true
- name: Run update-flake-lock.sh (signed commit)
run: $GITHUB_ACTION_PATH/update-flake-lock.sh
if: ${{ inputs.sign-commits }}
shell: bash
env:
GIT_AUTHOR_NAME: ${{ steps.import-gpg.outputs.name }}
GIT_AUTHOR_EMAIL: ${{ steps.import-gpg.outputs.email }}
GIT_COMMITTER_NAME: ${{ steps.import-gpg.outputs.name }}
GIT_COMMITTER_EMAIL: ${{ steps.import-gpg.outputs.email }}
TARGETS: ${{ inputs.inputs }}
COMMIT_MSG: ${{ inputs.commit-msg }}
- name: Run update-flake-lock.sh (no commit signing)
run: $GITHUB_ACTION_PATH/update-flake-lock.sh
if: ${{ !inputs.sign-commits }}
shell: bash shell: bash
env: env:
GIT_AUTHOR_NAME: github-actions[bot] GIT_AUTHOR_NAME: github-actions[bot]