Fixes #524 - allow adding gpg keys to dev containers (#525)

jessesanford · web-flow · commit b3e3942ec92f · 2025-06-10T15:20:12.000-04:00
Signed-off-by: Jesse Sanford &lt;108698+jessesanford@users.noreply.github.com&gt;
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -7,6 +7,7 @@
     "ghcr.io/devcontainers/features/docker-in-docker:2": {}
   },
   "postCreateCommand": ".devcontainer/postCreateCommand.sh",
+  "postStartCommand": ".devcontainer/postStartCommand.sh",
   "workspaceFolder": "/home/vscode/idpbuilder",
   "workspaceMount": "source=${localWorkspaceFolder},target=/home/vscode/idpbuilder,type=bind",
   "hostRequirements": {
diff --git a/.devcontainer/postCreateCommand.sh b/.devcontainer/postCreateCommand.sh
@@ -31,3 +31,22 @@ if [ -n "$GIT_COMMITER_EMAIL" ]; then
     echo "Configuring git user.email to: $GIT_COMMITER_EMAIL"
     git config --global user.email "$GIT_COMMITER_EMAIL"
 fi
+
+# 1. Configure GPG agent
+mkdir -p ~/.gnupg
+echo "pinentry-program /usr/bin/pinentry" > ~/.gnupg/gpg-agent.conf
+echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf
+
+# 2. Configure GPG client
+echo "use-agent" > ~/.gnupg/gpg.conf
+echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf
+
+# 3. Restart GPG agent and set environment
+gpgconf --kill gpg-agent
+export GPG_TTY=$(tty)
+echo 'export GPG_TTY=$(tty)' >> ~/.bashrc
+
+# 4. Configure Git for GPG signing
+git config --global commit.gpgsign true
+git config --global tag.gpgsign true
+git config --global gpg.program gpg
diff --git a/.devcontainer/postStartCommand.sh b/.devcontainer/postStartCommand.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+# Import GPG key if both parts are available
+if [ -n "$GPG_SECRET_KEY_PART1" ] && [ -n "$GPG_SECRET_KEY_PART2" ]; then
+    echo "Importing GPG key..."
+    echo "$GPG_SECRET_KEY_PART1$GPG_SECRET_KEY_PART2" | tr -d "'" | base64 -d | gunzip | gpg --batch --yes --no-tty --import
+    if [ $? -eq 0 ]; then
+        echo "GPG key imported successfully"
+        
+        # Automatically configure Git to use the imported key for signing
+        echo "Configuring Git to use the imported GPG key..."
+        GPG_KEY_ID=$(gpg --list-secret-keys --keyid-format LONG | grep -E "^sec" | head -1 | awk '{print $2}' | cut -d'/' -f2)
+        
+        if [ -n "$GPG_KEY_ID" ]; then
+            git config --global user.signingkey "$GPG_KEY_ID"
+            echo "Git configured to use GPG key: $GPG_KEY_ID"
+        else
+            echo "Warning: Could not detect GPG key ID for Git configuration"
+        fi
+    else
+        echo "Failed to import GPG key"
+    fi
+else
+    echo "GPG key parts not found, skipping GPG import"
+fi 
