Add git_tag_gpgsign and git_push_gpgsign inputs

Some inputs and secrets have been renamed

Author: crazy-max

.github/workflows/ci.yml

@@ -34,12 +34,15 @@ jobs:
         run: |
           env|sort
       -
-        name: Import GPG key
+        name: Import GPG private key
         uses: ./
         with:
-          git_gpgsign: true
+          git_user_gpgsign: true
+          git_commit_gpgsign: true
+          git_tag_gpgsign: true
+          git_push_gpgsign: true
           git_committer_name: Joe Tester
           git_committer_email: joe@foo.bar
         env:
-          SIGNING_KEY: ${{ secrets.SIGNING_KEY_TEST }}
+          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY_TEST }}
           PASSPHRASE: ${{ secrets.PASSPHRASE_TEST }}

README.md

@@ -28,7 +28,7 @@ On your local machine, export the GPG private key as an ASCII armored version:
 gpg --armor --export-secret-key --output key.pgp joe@foo.bar
 ```
 
-Copy the content of `key.pgp` file as a [`secret`](https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets) named `SIGNING_KEY` for example. Create another secret with your `PASSPHRASE` if applicable.
+Copy the content of `key.pgp` file as a [`secret`](https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets) named `GPG_PRIVATE_KEY` for example. Create another secret with your `PASSPHRASE` if applicable.
 
 ```yaml
 name: import-gpg
@@ -48,10 +48,19 @@ jobs:
         name: Import GPG key
         uses: crazy-max/ghaction-import-gpg@v1
         with:
-          git_gpgsign: true
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+          git_tag_gpgsign: true
         env:
-          SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
+          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
           PASSPHRASE: ${{ secrets.PASSPHRASE }}
+      -
+        name: Sign commit and push changes
+        run: |
+          echo foo > bar.txt
+          git add .
+          git commit -S -m "This commit is signed!"
+          git push
 ```
 
 ## Customizing
@@ -62,18 +71,21 @@ Following inputs can be used as `step.with` keys
 
 | Name                   | Type    | Description                                              |
 |------------------------|---------|----------------------------------------------------------|
-| `git_gpgsign`          | Bool    | Enable signing for this Git repository (default `false`) |
+| `git_user_signingkey`  | Bool    | Set GPG signing keyID for this Git repository (default `false`) |
+| `git_commit_gpgsign`   | Bool    | Sign all commits automatically. `git_user_signingkey` needs to be enabled. (default `false`) |
+| `git_tag_gpgsign`      | Bool    | Sign all tags automatically. `git_user_signingkey` needs to be enabled. (default `false`) |
+| `git_push_gpgsign`     | Bool    | Sign all pushes automatically. `git_user_signingkey` needs to be enabled. (default `false`) |
 | `git_committer_name`   | String  | Commit author's name (default [GITHUB_ACTOR](https://help.github.com/en/github/automating-your-workflow-with-github-actions/using-environment-variables#default-environment-variables) or `github-actions`) |
 | `git_committer_email`  | String  | Commit author's email (default `<committer_name>@users.noreply.github.com`) |
 
 ### environment variables
 
 Following environment variables can be used as `step.env` keys
 
-| Name           | Description                           |
-|----------------|---------------------------------------|
-| `SIGNING_KEY`  | GPG private key exported as an ASCII armored version |
-| `PASSPHRASE`   | Passphrase of your GPG key if setted for your `SIGNING_KEY` |
+| Name               | Description                           |
+|--------------------|---------------------------------------|
+| `GPG_PRIVATE_KEY`  | GPG private key exported as an ASCII armored version |
+| `PASSPHRASE`       | Passphrase of your `GPG_PRIVATE_KEY` key if setted |
 
 ## How can I help?
 

dist/index.js

@@ -6,12 +6,15 @@ import * as stateHelper from './state-helper';
 
 async function run(): Promise<void> {
   try {
-    if (!process.env.SIGNING_KEY) {
-      core.setFailed('Signing key required');
+    if (!process.env.GPG_PRIVATE_KEY) {
+      core.setFailed('GPG private key required');
       return;
     }
 
-    const git_gpgsign = /true/i.test(core.getInput('git_gpgsign'));
+    const git_commit_gpgsign = /true/i.test(core.getInput('git_commit_gpgsign'));
+    const git_tag_gpgsign = /true/i.test(core.getInput('git_tag_gpgsign'));
+    const git_push_gpgsign = /true/i.test(core.getInput('git_push_gpgsign'));
+    const git_user_signingkey = /true/i.test(core.getInput('git_user_signingkey'));
     const git_committer_name: string =
       core.getInput('git_committer_name') || process.env['GITHUB_ACTOR'] || 'github-actions';
     const git_committer_email: string =
@@ -26,16 +29,16 @@ async function run(): Promise<void> {
     core.info(`Datadir    : ${dirs.datadir}`);
     core.info(`Homedir    : ${dirs.homedir}`);
 
-    core.info('🔮 Checking signing key');
-    const privateKey = await openpgp.readPrivateKey(process.env.SIGNING_KEY);
+    core.info('🔮 Checking GPG private key');
+    const privateKey = await openpgp.readPrivateKey(process.env.GPG_PRIVATE_KEY);
     core.debug(`Fingerprint  : ${privateKey.fingerprint}`);
     core.debug(`KeyID        : ${privateKey.keyID}`);
     core.debug(`Name         : ${privateKey.name}`);
     core.debug(`Email        : ${privateKey.email}`);
     core.debug(`CreationTime : ${privateKey.creationTime}`);
 
-    core.info('🔑 Importing secret key');
-    await gpg.importKey(process.env.SIGNING_KEY).then(stdout => {
+    core.info('🔑 Importing GPG private key');
+    await gpg.importKey(process.env.GPG_PRIVATE_KEY).then(stdout => {
       core.debug(stdout);
     });
 
@@ -53,32 +56,45 @@ async function run(): Promise<void> {
       });
     }
 
-    if (git_gpgsign) {
-      core.info(`🔨 Configuring Git committer (${git_committer_name} <${git_committer_email}>)`);
+    if (git_user_signingkey) {
+      core.info('🔐 Setting GPG signing keyID for this Git repository');
+      await git.setConfig('user.signingkey', privateKey.keyID);
+
       if (git_committer_email != privateKey.email) {
         core.setFailed('Committer email does not match GPG key user address');
         return;
       }
+
+      core.info(`🔨 Configuring Git committer (${git_committer_name} <${git_committer_email}>)`);
       await git.setConfig('user.name', git_committer_name);
       await git.setConfig('user.email', git_committer_email);
 
-      core.info('💎 Enable signing for this Git repository');
-      await git.setConfig('commit.gpgsign', 'true');
-      await git.setConfig('user.signingkey', privateKey.keyID);
+      if (git_commit_gpgsign) {
+        core.info('💎 Sign all commits automatically');
+        await git.setConfig('commit.gpgsign', 'true');
+      }
+      if (git_tag_gpgsign) {
+        core.info('💎 Sign all tags automatically');
+        await git.setConfig('tag.gpgsign', 'true');
+      }
+      if (git_push_gpgsign) {
+        core.info('💎 Sign all pushes automatically');
+        await git.setConfig('push.gpgsign', 'true');
+      }
     }
   } catch (error) {
     core.setFailed(error.message);
   }
 }
 
 async function cleanup(): Promise<void> {
-  if (!process.env.SIGNING_KEY) {
-    core.debug('Signing key is not defined. Skipping cleanup.');
+  if (!process.env.GPG_PRIVATE_KEY) {
+    core.debug('GPG private key is not defined. Skipping cleanup.');
     return;
   }
   try {
     core.info('🚿 Removing keys');
-    const privateKey = await openpgp.readPrivateKey(process.env.SIGNING_KEY);
+    const privateKey = await openpgp.readPrivateKey(process.env.GPG_PRIVATE_KEY);
     await gpg.deleteKey(privateKey.fingerprint);
 
     core.info('💀 Killing GnuPG agent');