diff --git a/README.md b/README.md index 82ef1bf..ea53eaa 100644 --- a/README.md +++ b/README.md @@ -37,6 +37,7 @@ jobs: with: version: latest args: release --rm-dist + key: ${{ secrets.YOUR_PRIVATE_KEY }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} ``` @@ -51,6 +52,20 @@ Following inputs can be used as `step.with` keys |---------------|---------|-----------|------------------------------------------| | `version` | String | `latest` | GoReleaser version. Example: `v0.117.0` | | `args` | String | | Arguments to pass to GoReleaser | +| `key` | String | | Private key to import + +### Signing + +If signing is enabled in your GoReleaser configuration, populate the `key` input with your private key +and reference the key in your signing configuration, e.g. + +``` +signs: + - artifacts: checksum + args: ["--batch", "-u", "", "--output", "${signature}", "--detach-sign", "${artifact}"] +``` + +This feature is currently only compatible when using the default `gpg` command and a private key without a passphrase. ## 🤝 How can I help ? diff --git a/action.yml b/action.yml index cd95a18..ec276db 100644 --- a/action.yml +++ b/action.yml @@ -12,6 +12,8 @@ inputs: default: 'latest' args: description: 'Arguments to pass to GoReleaser' + key: + description: 'Private key to import' runs: using: 'node12' diff --git a/lib/main.js b/lib/main.js index 6c3b392..6a978f7 100644 --- a/lib/main.js +++ b/lib/main.js @@ -19,11 +19,13 @@ Object.defineProperty(exports, "__esModule", { value: true }); const installer = __importStar(require("./installer")); const core = __importStar(require("@actions/core")); const exec = __importStar(require("@actions/exec")); +const fs = __importStar(require("fs")); function run(silent) { return __awaiter(this, void 0, void 0, function* () { try { const version = core.getInput('version') || 'latest'; const args = core.getInput('args'); + const key = core.getInput('key'); const goreleaser = yield installer.getGoReleaser(version); let snapshot = ''; if (!process.env.GITHUB_REF || @@ -36,6 +38,14 @@ function run(silent) { else { console.log(`✅ ${process.env.GITHUB_REF.split('/')[2]} tag found`); } + if (key) { + console.log('🔑 Importing signing key...'); + let path = `${process.env.HOME}/key.asc`; + fs.writeFileSync(path, key, { mode: 0o600 }); + yield exec.exec('gpg', ['--import', path], { + silent: silent + }); + } console.log('🏃 Running GoReleaser...'); yield exec.exec(`${goreleaser} ${args}${snapshot}`, undefined, { silent: silent diff --git a/src/main.ts b/src/main.ts index a075a5e..8d5b67d 100644 --- a/src/main.ts +++ b/src/main.ts @@ -1,11 +1,13 @@ import * as installer from './installer'; import * as core from '@actions/core'; import * as exec from '@actions/exec'; +import * as fs from 'fs'; export async function run(silent?: boolean) { try { const version = core.getInput('version') || 'latest'; const args = core.getInput('args'); + const key = core.getInput('key'); const goreleaser = await installer.getGoReleaser(version); let snapshot = ''; @@ -21,6 +23,15 @@ export async function run(silent?: boolean) { console.log(`✅ ${process.env.GITHUB_REF!.split('/')[2]} tag found`); } + if (key) { + console.log('🔑 Importing signing key...'); + let path = `${process.env.HOME}/key.asc`; + fs.writeFileSync(path, key, {mode: 0o600}) + await exec.exec('gpg', ['--import', path], { + silent: silent + }) + } + console.log('🏃 Running GoReleaser...'); await exec.exec(`${goreleaser} ${args}${snapshot}`, undefined, { silent: silent