Skip to content

Latest commit

 

History

History
35 lines (29 loc) · 1.41 KB

README.md

File metadata and controls

35 lines (29 loc) · 1.41 KB

ghaction-import-gpg

GitHub action to import GPG private key

Note [5/6/2021]: This was supposed to be a fork (paultyng/ghaction-import-gpg) of a fork (crazy-max/ghaction-import-gpg) of the upstream repo. Due to the restrictions on using a sign-only key, we encountered this issue. This is an internal action that overrides this fork until the issue is resolved upstream.

Environment Variables

Following environment variables must be used as step.env keys

Name Description
GPG_PRIVATE_KEY GPG private key exported as an ASCII armored version (required)
PASSPHRASE Passphrase of the GPG_PRIVATE_KEY key if set

Workflow Example

name: sign
on: push

jobs:
  goreleaser:
    runs-on: ubuntu-latest
    steps:
      - name: Import GPG key
        id: import_gpg
        uses: hashicorp/[email protected]
        env:
          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
          PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
      - run: |
          touch foo.txt
          echo {{ steps.import_gpg.outputs.fingerprint }}
          echo {{ steps.import_gpg.outputs.pubkey }}
          gpg --detach-sig foo.txt