feat(entrypoing.sh): add gpg sign

adam-grant-hendry · Hendry, Adam · woile · commit 4f2ea3363004 · 2023-01-07T08:46:24.000+01:00
fix: check_consistency flag being ignored Add input for GPG key and passphrase and whether or not to sign. Add `-s` to `bump` command if `gpg_sign` is 'true'. Set `gpg.program`, `commit.gpgsign`, and `tag.gpgsign`. Git requires `signingkey` to sign commits and tags. feat(debug): add option for debug output Git takes the UID for the signing key, not the key itself. Add `gpg.program` to Git config. Use bash script to configure the GPG agent, import keys, set the passphrase, and configure Git. Use `service` as `systemctl` is not on GitHub Actions runners. This reverts commit 2cf68aa. This reverts commit a1c8571. This reverts commit 94d316f. Only sign tags. It may be that `commitizen` only supports signing tags. See: commitizen-tools/commitizen#616 Remove `tag.gpgsign` and `commit.gpgsign` from local Git config. See if Git will sign for us instead of through `cz`. Remove specifying `gpg.program` and add `commit.gpgsign` back. Add `--gpg-sign` back to `commitizen`. Switch `--gpg-sign` applies to `bump` subcommand. Move `--debug` switch to after `bump` command. This reverts commit e543aff. This reverts commit 3b2cae5. Closes: #50 Closes: #53 Co-authored-by: Hendry, Adam <adam.hendry@metronic.com>
diff --git a/action.yml b/action.yml
@@ -72,6 +72,17 @@ inputs:
     description: "Manually specify the desired increment"
     required: false
   check_consistency:
-    default: false
+    default: 'false'
     description: "check consistency among versions defined in commitizen configuration and version_files"
     required: false
+  gpg_sign:
+    description: >
+      If true, use GPG to sign commits and tags (for git operations). Requires separate
+      setup of GPG key and passphrase in GitHub Actions (e.g. with the action
+      crazy-max/ghaction-import-gpg)
+    required: false
+    default: "false"
+  debug:
+    description: "If true, prints debug output to GitHub Actions stdout."
+    required: false
+    default: "false"
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -1,7 +1,9 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 set -e
 
+gpg --version
+
 if [[ -z $INPUT_GITHUB_TOKEN ]]; then
   echo 'Missing input "github_token: ${{ secrets.GITHUB_TOKEN }}".' >&2
   exit 1
@@ -29,10 +31,16 @@ echo "Commitizen version: $(cz version)"
 PREV_REV="$(cz version --project)"
 
 CZ_CMD=('cz')
+if [[ $INPUT_DEBUG == 'true' ]]; then
+  CZ_CMD+=('--debug')
+fi
 if [[ $INPUT_NO_RAISE ]]; then
   CZ_CMD+=('--no-raise' "$INPUT_NO_RAISE")
 fi
 CZ_CMD+=('bump' '--yes')
+if [[ $INPUT_GPG_SIGN == 'true' ]]; then
+  CZ_CMD+=('--gpg-sign')
+fi
 if [[ $INPUT_DRY_RUN == 'true' ]]; then
   CZ_CMD+=('--dry-run')
 fi
