ci #2597
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions | |
| permissions: | |
| contents: read | |
| on: | |
| schedule: | |
| - cron: '0 10 * * *' | |
| push: | |
| branches: | |
| - 'master' | |
| - 'releases/v*' | |
| tags: | |
| - 'v*' | |
| pull_request: | |
| branches: | |
| - 'master' | |
| - 'releases/v*' | |
| jobs: | |
| gpg: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - | |
| name: GPG conf | |
| run: | | |
| cat ~/.gnupg/gpg.conf || true | |
| armored: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| key: | |
| - test-key | |
| - test-subkey | |
| global: | |
| - false | |
| - true | |
| os: | |
| - ubuntu-latest | |
| - macos-latest | |
| - windows-latest | |
| include: | |
| - key: test-subkey | |
| fingerprint: C17D11ADF199F12A30A0910F1F80449BE0B08CB8 | |
| steps: | |
| - | |
| name: Checkout | |
| uses: actions/checkout@v4 | |
| - | |
| name: GPG conf | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| const fs = require('fs'); | |
| const gnupgfolder = `${require('os').homedir()}/.gnupg`; | |
| if (!fs.existsSync(gnupgfolder)){ | |
| fs.mkdirSync(gnupgfolder); | |
| } | |
| fs.chmodSync(gnupgfolder, '0700'); | |
| fs.copyFile('__tests__/fixtures/gpg.conf', `${gnupgfolder}/gpg.conf`, (err) => { | |
| if (err) throw err; | |
| }); | |
| - | |
| name: Get test key and passphrase | |
| uses: actions/github-script@v7 | |
| id: test | |
| with: | |
| script: | | |
| const fs = require('fs'); | |
| core.setOutput('pgp', fs.readFileSync('__tests__/fixtures/${{ matrix.key }}.pgp', {encoding: 'utf8'})); | |
| core.setOutput('passphrase', fs.readFileSync('__tests__/fixtures/${{ matrix.key }}.pass', {encoding: 'utf8'})); | |
| - | |
| name: Import GPG | |
| uses: ./ | |
| with: | |
| gpg_private_key: ${{ steps.test.outputs.pgp }} | |
| passphrase: ${{ steps.test.outputs.passphrase }} | |
| trust_level: 5 | |
| git_config_global: ${{ matrix.global }} | |
| git_user_signingkey: true | |
| git_commit_gpgsign: true | |
| git_tag_gpgsign: true | |
| git_push_gpgsign: if-asked | |
| fingerprint: ${{ matrix.fingerprint }} | |
| - | |
| name: List keys | |
| run: | | |
| gpg -K | |
| shell: bash | |
| base64: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| key: | |
| - test-key | |
| - test-subkey | |
| os: | |
| - ubuntu-latest | |
| - macos-latest | |
| - windows-latest | |
| include: | |
| - key: test-subkey | |
| fingerprint: C17D11ADF199F12A30A0910F1F80449BE0B08CB8 | |
| steps: | |
| - | |
| name: Checkout | |
| uses: actions/checkout@v4 | |
| - | |
| name: Get test key and passphrase | |
| uses: actions/github-script@v7 | |
| id: test | |
| with: | |
| script: | | |
| const fs = require('fs'); | |
| core.setOutput('pgp-base64', fs.readFileSync('__tests__/fixtures/${{ matrix.key }}-base64.pgp', {encoding: 'utf8'})); | |
| core.setOutput('passphrase', fs.readFileSync('__tests__/fixtures/${{ matrix.key }}.pass', {encoding: 'utf8'})); | |
| - | |
| name: Import GPG | |
| uses: ./ | |
| with: | |
| gpg_private_key: ${{ steps.test.outputs.pgp-base64 }} | |
| passphrase: ${{ steps.test.outputs.passphrase }} | |
| git_user_signingkey: true | |
| git_commit_gpgsign: true | |
| git_tag_gpgsign: true | |
| git_push_gpgsign: if-asked | |
| fingerprint: ${{ matrix.fingerprint }} | |
| trust: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| key: | |
| - test-key | |
| level: | |
| - '' | |
| - 5 | |
| - 4 | |
| - 3 | |
| - 2 | |
| - 1 | |
| os: | |
| - ubuntu-latest | |
| - macos-latest | |
| - windows-latest | |
| steps: | |
| - | |
| name: Checkout | |
| uses: actions/checkout@v4 | |
| - | |
| name: GPG conf | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| const fs = require('fs'); | |
| const gnupgfolder = `${require('os').homedir()}/.gnupg`; | |
| if (!fs.existsSync(gnupgfolder)){ | |
| fs.mkdirSync(gnupgfolder); | |
| } | |
| fs.chmodSync(gnupgfolder, '0700'); | |
| fs.copyFile('__tests__/fixtures/gpg.conf', `${gnupgfolder}/gpg.conf`, (err) => { | |
| if (err) throw err; | |
| }); | |
| - | |
| name: Get test key and passphrase | |
| uses: actions/github-script@v7 | |
| id: test | |
| with: | |
| script: | | |
| const fs = require('fs'); | |
| core.setOutput('pgp', fs.readFileSync('__tests__/fixtures/${{ matrix.key }}.pgp', {encoding: 'utf8'})); | |
| core.setOutput('passphrase', fs.readFileSync('__tests__/fixtures/${{ matrix.key }}.pass', {encoding: 'utf8'})); | |
| - | |
| name: Import GPG | |
| id: import_gpg | |
| uses: ./ | |
| with: | |
| gpg_private_key: ${{ steps.test.outputs.pgp }} | |
| passphrase: ${{ steps.test.outputs.passphrase }} | |
| trust_level: ${{ matrix.level }} | |
| - | |
| name: List trust values | |
| run: | | |
| gpg --export-ownertrust | |
| shell: bash |