• Stars
    star
    291
  • Rank 142,563 (Top 3 %)
  • Language
    TypeScript
  • License
    MIT License
  • Created over 4 years ago
  • Updated 8 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

GitHub Action to import a GPG key

GitHub release GitHub marketplace Test workflow Codecov Become a sponsor Paypal Donate

About

GitHub Action to easily import a GPG key.

Import GPG


Features

  • Works on Linux, macOS and Windows virtual environments
  • Allow seeding the internal cache of gpg-agent with provided passphrase
  • Signing-only subkeys support
  • Purge imported GPG key, cache information and kill agent from runner
  • (Git) Enable signing for Git commits, tags and pushes
  • (Git) Configure and check committer info against GPG key

Prerequisites

First, generate a GPG key and export the GPG private key as an ASCII armored version to your clipboard:

# macOS
gpg --armor --export-secret-key [email protected] | pbcopy

# Ubuntu (assuming GNU base64)
gpg --armor --export-secret-key [email protected] -w0 | xclip

# Arch
gpg --armor --export-secret-key [email protected] | xclip -selection clipboard -i

# FreeBSD (assuming BSD base64)
gpg --armor --export-secret-key [email protected] | xclip

Paste your clipboard as a secret named GPG_PRIVATE_KEY for example. Create another secret with the PASSPHRASE if applicable.

Usage

Workflow

name: import-gpg

on:
  push:
    branches: master

jobs:
  import-gpg:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Import GPG key
        uses: crazy-max/ghaction-import-gpg@v6
        with:
          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
          passphrase: ${{ secrets.PASSPHRASE }}
      -
        name: List keys
        run: gpg -K

Sign commits

name: import-gpg

on:
  push:
    branches: master

jobs:
  sign-commit:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Import GPG key
        uses: crazy-max/ghaction-import-gpg@v6
        with:
          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
          passphrase: ${{ secrets.PASSPHRASE }}
          git_user_signingkey: true
          git_commit_gpgsign: true
      -
        name: Sign commit and push changes
        run: |
          echo foo > bar.txt
          git add .
          git commit -S -m "This commit is signed!"
          git push

Use a subkey

With the input fingerprint, you can specify which one of the subkeys in a GPG key you want to use for signing.

name: import-gpg

on:
  push:
    branches: master

jobs:
  import-gpg:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Import GPG key
        uses: crazy-max/ghaction-import-gpg@v6
        with:
          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
          passphrase: ${{ secrets.PASSPHRASE }}
          fingerprint: "C17D11ADF199F12A30A0910F1F80449BE0B08CB8"
      -
        name: List keys
        run: gpg -K

For example, given this GPG key with a signing subkey:

pub   ed25519 2021-09-24 [C]
      87F257B89CE462100BEC0FFE6071D218380FDCC8
      Keygrip = F5C3ABFAAB36B427FD98C4EDD0387E08EA1E8092
uid           [ unknown] Joe Bar <[email protected]>
sub   ed25519 2021-09-24 [S]
      C17D11ADF199F12A30A0910F1F80449BE0B08CB8
      Keygrip = DEE0FC98F441519CA5DE5D79773CB29009695FEB

You can use the subkey with signing capability whose fingerprint is C17D11ADF199F12A30A0910F1F80449BE0B08CB8.

Set key's trust level

With the trust_level input, you can specify the trust level of the GPG key.

Valid values are:

  • 1: unknown
  • 2: never
  • 3: marginal
  • 4: full
  • 5: ultimate
name: import-gpg

on:
  push:
    branches: master

jobs:
  import-gpg:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Import GPG key
        uses: crazy-max/ghaction-import-gpg@v6
        with:
          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
          passphrase: ${{ secrets.PASSPHRASE }}
          trust_level: 5

Customizing

inputs

The following inputs can be used as step.with keys

Name Type Description
gpg_private_key String GPG private key exported as an ASCII armored version or its base64 encoding (required)
passphrase String Passphrase of the GPG private key
trust_level String Set key's trust level
git_config_global Bool Set Git config global (default false)
git_user_signingkey Bool Set GPG signing keyID for this Git repository (default false)
git_commit_gpgsign Bool Sign all commits automatically. (default false)
git_tag_gpgsign Bool Sign all tags automatically. (default false)
git_push_gpgsign String Sign all pushes automatically. (default if-asked)
git_committer_name String Set commit author's name (defaults to the name associated with the GPG key)
git_committer_email String Set commit author's email (defaults to the email address associated with the GPG key)
workdir String Working directory (below repository root) (default .)
fingerprint String Specific fingerprint to use (subkey)

Note

git_user_signingkey needs to be enabled for git_commit_gpgsign, git_tag_gpgsign, git_push_gpgsign, git_committer_name, git_committer_email inputs.

outputs

Following outputs are available

Name Type Description
fingerprint String Fingerprint of the GPG key (recommended as user ID)
keyid String Low 64 bits of the X.509 certificate SHA-1 fingerprint
name String Name associated with the GPG key
email String Email address associated with the GPG key

Contributing

Want to contribute? Awesome! The most basic way to show your support is to star the project, or to raise issues. You can also support this project by becoming a sponsor on GitHub or by making a PayPal donation to ensure this journey continues indefinitely!

Thanks again for your support, it is much appreciated! πŸ™

License

MIT. See LICENSE for more details.

More Repositories

1

WindowsSpyBlocker

Block spying and tracking on Windows
Go
4,186
star
2

diun

Receive notifications when an image is updated on a Docker registry
Go
2,073
star
3

docker-jetbrains-license-server

JetBrains License Server Docker image
Dockerfile
1,241
star
4

swarm-cronjob

Create jobs on a time-based schedule on Docker Swarm
Go
641
star
5

csgo-server-launcher

Counter-Strike Global Offensive Dedicated Server Launcher
Shell
580
star
6

docker-fail2ban

Fail2ban Docker image
Dockerfile
542
star
7

docker-samba

Samba Docker image
Dockerfile
451
star
8

ftpgrab

Grab your files periodically from a remote FTP or SFTP server easily
Go
438
star
9

ghaction-github-pages

:octocat: GitHub Action to deploy to GitHub Pages
TypeScript
408
star
10

nodejs-portable

Node.js portable on Windows
Go
385
star
11

docker-rtorrent-rutorrent

rTorrent and ruTorrent Docker image
Dockerfile
356
star
12

docker-cloudflared

Cloudflared proxy-dns Docker image
Dockerfile
266
star
13

ghaction-docker-buildx

:octocat: GitHub Action to set up Docker Buildx
TypeScript
233
star
14

docker-nextcloud

Nextcloud Docker image
Dockerfile
213
star
15

ddns-route53

Dynamic DNS for Amazon Route 53 on a time-based schedule
Go
203
star
16

docker-firefox-syncserver

Firefox Sync Server Docker image
Dockerfile
188
star
17

undock

Extract contents of a container image in a local folder
Go
170
star
18

docker-matomo

Matomo (formerly Piwik) Docker image
Dockerfile
161
star
19

docker-flarum

Flarum Docker image
Dockerfile
157
star
20

ghaction-virustotal

GitHub Action to upload and scan files with VirusTotal
TypeScript
149
star
21

xgo

Go CGO cross compiler
Shell
145
star
22

ghaction-github-labeler

:octocat: GitHub Action to manage labels on GitHub
TypeScript
123
star
23

firefox-history-merger

Merge Firefox history and repair missing favicons with ease
Go
87
star
24

docker-msmtpd

Lightweight SMTP relay Docker image using msmtpd
Dockerfile
72
star
25

docker-osxcross

MacOSX cross toolchain as Docker image
Dockerfile
71
star
26

ghaction-chocolatey

:octocat: GitHub Action for Chocolatey, the package manager for Windows
Dockerfile
67
star
27

docker-qbittorrent

qBittorrent Docker image
Dockerfile
65
star
28

ghaction-container-scan

GitHub Action to check for vulnerabilities in your container image
TypeScript
58
star
29

ghaction-github-runtime

GitHub Action to expose GitHub runtime to the workflow
Dockerfile
56
star
30

geoip-updater

Download and update MaxMind's GeoIP2 databases on a time-based schedule
Go
55
star
31

dokuwiki-plugin-syntaxhighlighter4

SyntaxHighlighter4 plugin for DokuWiki
PHP
53
star
32

ghaction-xgo

:octocat: GitHub Action for xgo, a Golang CGO cross compiler
TypeScript
52
star
33

docker-unbound

Unbound Docker image
Dockerfile
50
star
34

git-rewrite-author

Rewrite authors / commiters history of a git repository with ease
Go
48
star
35

ghaction-upx

GitHub Action for UPX, the Ultimate Packer for eXecutables
TypeScript
48
star
36

docker-docker

Docker in Docker (DinD) image
Dockerfile
47
star
37

docker-pure-ftpd

Pure-FTPd Docker image based on Alpine Linux with MySQL, PostgreSQL and LDAP support
Dockerfile
47
star
38

goxx

Go CGO cross-compiler Docker image
Shell
43
star
39

CwsMailBounceHandler

πŸ“¬ PHP class to help webmasters handle bounce-back, feedback loop and ARF mails in standard DSN
PHP
41
star
40

docker-dokuwiki

DokuWiki Docker image
Dockerfile
38
star
41

docker-healthchecks

Healthchecks Docker image
Dockerfile
38
star
42

ghaction-dump-context

GitHub Action composite to dump context
37
star
43

rocketchat-uptimerobot

Uptime Robot integration for Rocket.Chat
JavaScript
34
star
44

goreleaser-xx

Cross compilation helper for GoReleaser
Go
33
star
45

ghaction-github-status

GitHub Action to check GitHub Status in your workflow
TypeScript
33
star
46

aetraymenu

Aestan Tray Menu
Pascal
33
star
47

docker-alpine-s6

Alpine Linux with s6 overlay
Dockerfile
33
star
48

ghaction-dockerhub-mirror

GitHub Action to mirror a DockerHub repo to another registry
30
star
49

docker-linguist

GitHub Linguist Docker image
HCL
27
star
50

artifactory-cleanup

Cleanup artifacts on Jfrog Artifactory with advanced settings
Go
27
star
51

docker-7zip

7-Zip Docker image
Dockerfile
26
star
52

IconsRefresh

Refresh icons on Desktop, Start Menu and Taskbar
Go
26
star
53

ghaction-setup-docker

GitHub Action to set up (download and install) Docker CE
TypeScript
19
star
54

docker-ejtserver

EJT License Server Docker image
Dockerfile
19
star
55

yasu

Yet Another Switch User
Dockerfile
17
star
56

docker-rrdcached

RRDcached Docker image
Dockerfile
17
star
57

travis-wait-enhanced

Prevent Travis CI from thinking a long-running process has stalled
Go
17
star
58

ghaction-setup-containerd

GitHub Action to set up containerd
TypeScript
16
star
59

login-servers-enhanced

Fork of the official login-servers Adminer plugin with enhancements
PHP
16
star
60

docker-n8n

n8n Docker image
Dockerfile
15
star
61

ghaction-hugo

:octocat: GitHub Action for Hugo, the world's fastest framework for building websites
TypeScript
13
star
62

docker-svn2git-mirror

🐳 Docker image to mirror SVN repositories to Git periodically
Dockerfile
13
star
63

CwsShareCount

PHP class to get social share count for Delicious, Facebook, Google+, Linkedin, Pinterest, Reddit, StumbleUpon and Twitter.
PHP
13
star
64

docker-allhands2-buildx-bake

buildx bake demo @ Docker Community All-Hands #2
HCL
13
star
65

crazy-max

12
star
66

gonfig

Lightweight config handling for Go
Go
11
star
67

ghaction-docker-status

GitHub Action to check Docker system status in your workflow
TypeScript
10
star
68

docker-spliit

Spliit Docker image
Dockerfile
10
star
69

docker-artifactory

JFrog Artifactory Docker images
10
star
70

docker-shodan

Shodan Docker image
HCL
10
star
71

echo-ipfilter

Middleware that provides ipfilter support for echo framework
Go
10
star
72

expect-nt

Fork of Expect for Windows NT by Gordon Chaffee
C
8
star
73

gotestlist

List tests in the given Go packages
Go
8
star
74

dockerfile

Official Dockerfile frontend that enables building Dockerfiles with BuildKit
Go
8
star
75

ghaction-github-release

GitHub Action for creating GitHub Releases
TypeScript
7
star
76

CwsCaptcha

PHP class to generate a captcha to avoid spam.
PHP
6
star
77

crazy-max.github.io

Homepage
HTML
6
star
78

CwsDump

PHP class to replace var_dump(), print_r() based on the Xdebug style.
PHP
6
star
79

CwsCrypto

PHP class for password hashing with multi encryption methods
PHP
6
star
80

CwsSession

PHP class to manipulate sessions. Data are securely encrypted and sessions are stored in database.
PHP
5
star
81

buildkit-nofrontend

Go
5
star
82

Killer

Kill a program by process name and clean-up notify and tray icons
C#
5
star
83

rtorrent-launcher

πŸš€ A simple bash script to launch rtorrent as a daemon
Shell
4
star
84

docker-snmpd

🐳 SNMP daemon Docker image based on Alpine Linux
Dockerfile
4
star
85

dokuwiki-plugin-syntaxhighlighter3

πŸ“ Fork of SyntaxHighlighter3 plugin for DokuWiki
CSS
4
star
86

docker-loop

Simple loop for dummy services
Dockerfile
4
star
87

docker-syntaxhighlighter

🐳 Docker image to build SyntaxHighlighter javascript plugin
Dockerfile
4
star
88

rocketchat-xray

JFrog Xray integration for Rocket.Chat
JavaScript
4
star
89

rocketchat-appveyor

AppVeyor integration for Rocket.Chat
JavaScript
4
star
90

CwsDebug

PHP class to output additional messages for debug
PHP
4
star
91

docker-syspass

🐳 sysPass Docker image based on Alpine Linux
Dockerfile
4
star
92

shares-erasor

A DOS Batch script to remove all shares and disable auto shares on Windows systems.
Shell
4
star
93

IOPriority

Fork of IO Priority
C#
3
star
94

docker-inboxen

🐳 Inboxen Docker image based on Alpine Linux
Dockerfile
3
star
95

rocketchat-microbadger

MicroBadger integration for Rocket.Chat
JavaScript
3
star
96

CwsCurl

A flexible wrapper PHP class for the cURL extension.
PHP
3
star
97

geass

A multi-user front-end client for rTorrent with many features
3
star
98

CwsOvhLogsDownloader

PHP class to download the Apache access and error, FTP, CGI, Out and SSH logs available on http://logs.ovh.net from a shared hosting.
PHP
3
star
99

ama

Ask me Anything!
2
star
100

crossfit-reader

πŸ’³ Card reader application for ACR122U device affiliate to the Crossfit Nancy booking application
Java
2
star