Skip to content

purpleclay/gpg-import

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

50 Commits

.github

.github

 
 

scripts

scripts

 
 

src

src

 
 

.deepsource.toml

.deepsource.toml

 
 

.dockerignore

.dockerignore

 
 

.envrc

.envrc

 
 

.gitignore

.gitignore

 
 

CODE_OF_CONDUCT.md

CODE_OF_CONDUCT.md

 
 

Cargo.lock

Cargo.lock

 
 

Cargo.toml

Cargo.toml

 
 

Dockerfile.test

Dockerfile.test

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

flake.lock

flake.lock

 
 

flake.nix

flake.nix

 
 

Repository files navigation

GPG Import

Easily import a GPG key within any CI workflow. Runs on any Linux, MacOs or Windows build agent.

Features

  • Configures local git config (.git/config) within a detected repository, syncing committer details and enabling GPG signing of commits, tags, and pushes. You can skip this step by setting the GPG_SKIP_GIT=true environment variable.
  • Seed the GPG Agent with your key's passphrase to remove the need for manual passphrase entry by simply setting the GPG_PASSPHRASE environment variable. For best security practice, mask the variable in your chosen CI tool.
  • Set the owner trust level of a private GPG key by defining the GPG_TRUST_LEVEL environment variable. Trust levels range between 1 (undefined) and 5 (ultimate), details of each can be found here.

Install

To install the latest version using a bash script:

sh -c "$(curl https://raw.githubusercontent.com/purpleclay/gpg-import/main/scripts/install)"

Download a specific version using the -v flag. The script uses sudo by default but can be disabled through the --no-sudo flag. You can also provide a different installation directory from the default /usr/local/bin by using the -d flag:

sh -c "$(curl https://raw.githubusercontent.com/purpleclay/gpg-import/main/scripts/install)" \
  -- -v 0.3.0 --no-sudo -d ./bin

Prerequisites

Generate a GPG key and export it to your clipboard as a base64 encoded ASCII armored private key:

# macos
gpg --armor --export-secret-key batman@dc.com | base64 -w 0 | pbcopy

# linux
gpg --armor --export-secret-key batman@dc.com | base64 -w 0  | xclip

Quick Start

For seamless integration into your CI platform, set the GPG_PRIVATE_KEY and any optional environment variables (GPG_PASSPHRASE and GPG_TRUST_LEVEL), then let gpg-import import do the rest.

$ gpg-import

> Detected GnuPG:
version: 2.4.1 (libgcrypt: 1.10.2)
homedir: /root/.gnupg

> Imported GPG key:
fingerprint: 241315DDAB6865162C0389BFE5389A1079D5A52F
keygrip:     147098685499F4C183A39CA1A51CDE6316DDD479
key_id:      E5389A1079D5A52F
user:        batman <batman@dc.com>
created_on:  Tue, 09 May 2023 19:39:26 +0000
sub_keygrip: A213D84D786B8DBED68195C178B650CD24B88B2D
sub_key_id:  2D219DD41933A2D5

> Setting Passphrase:
keygrip: 147098685499F4C183A39CA1A51CDE6316DDD479 [E5389A1079D5A52F]
keygrip: A213D84D786B8DBED68195C178B650CD24B88B2D [2D219DD41933A2D5]

> Setting Trust Level:
trust_level: 5 [E5389A1079D5A52F]

> Git config set:
user.name:       batman
user.email:      batman@dc.com
user.signingKey: E5389A1079D5A52F
commit.gpgsign:  true
tag.gpgsign:     true
push.gpgsign:    if-asked

About

Easily import a GPG key within any CI workflow

Topics

git rust signing ci gpg gpg-import

Resources

Readme

License

MIT license

Code of conduct

Code of conduct
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases 6

0.4.0 Latest
Jun 10, 2024
+ 5 releases

Contributors 3

Languages