GitHub action to import GPG private key
Note [5/6/2021]: This was supposed to be a fork (paultyng/ghaction-import-gpg) of a fork (crazy-max/ghaction-import-gpg) of the upstream repo. Due to the restrictions on using a sign-only key, we encountered this issue. This is an internal action that overrides this fork until the issue is resolved upstream.
Following environment variables must be used as step.env
keys
Name | Description |
---|---|
GPG_PRIVATE_KEY |
GPG private key exported as an ASCII armored version (required) |
PASSPHRASE |
Passphrase of the GPG_PRIVATE_KEY key if set |
name: sign
on: push
jobs:
goreleaser:
runs-on: ubuntu-latest
steps:
- name: Import GPG key
id: import_gpg
uses: hashicorp/[email protected]
env:
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- run: |
touch foo.txt
echo {{ steps.import_gpg.outputs.fingerprint }}
echo {{ steps.import_gpg.outputs.pubkey }}
gpg --detach-sig foo.txt