{"id":13531022,"url":"https://github.com/crazy-max/ghaction-import-gpg","last_synced_at":"2025-05-14T21:09:46.663Z","repository":{"id":37489850,"uuid":"260488959","full_name":"crazy-max/ghaction-import-gpg","owner":"crazy-max","description":"GitHub Action to import a GPG key","archived":false,"fork":false,"pushed_at":"2025-03-29T23:17:21.000Z","size":8788,"stargazers_count":336,"open_issues_count":8,"forks_count":82,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-04-06T15:04:06.928Z","etag":null,"topics":["actions","git","github-actions","gnupg","gnupg2","openpgp","signing"],"latest_commit_sha":null,"homepage":"https://github.com/marketplace/actions/import-gpg","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/crazy-max.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":".github/SUPPORT.md","governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"crazy-max","custom":"https://www.paypal.me/crazyws"}},"created_at":"2020-05-01T15:11:18.000Z","updated_at":"2025-04-06T11:38:03.000Z","dependencies_parsed_at":"2023-02-08T07:00:55.759Z","dependency_job_id":"32aa50d8-fcbf-4f64-ad2f-432d5adf7ceb","html_url":"https://github.com/crazy-max/ghaction-import-gpg","commit_stats":{"total_commits":300,"total_committers":9,"mean_commits":"33.333333333333336","dds":0.3566666666666667,"last_synced_commit":"cb9bde2e2525e640591a934b1fd28eef1dcaf5e5"},"previous_names":[],"tags_count":41,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crazy-max%2Fghaction-import-gpg","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crazy-max%2Fghaction-import-gpg/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crazy-max%2Fghaction-import-gpg/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crazy-max%2Fghaction-import-gpg/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/crazy-max","download_url":"https://codeload.github.com/crazy-max/ghaction-import-gpg/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248589265,"owners_count":21129577,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["actions","git","github-actions","gnupg","gnupg2","openpgp","signing"],"created_at":"2024-08-01T07:00:59.127Z","updated_at":"2025-04-13T17:36:59.294Z","avatar_url":"https://github.com/crazy-max.png","language":"TypeScript","funding_links":["https://github.com/sponsors/crazy-max","https://www.paypal.me/crazyws"],"categories":["Community Resources","TypeScript"],"sub_categories":["Utility"],"readme":"[![GitHub release](https://img.shields.io/github/release/crazy-max/ghaction-import-gpg.svg?style=flat-square)](https://github.com/crazy-max/ghaction-import-gpg/releases/latest)\n[![GitHub marketplace](https://img.shields.io/badge/marketplace-import--gpg-blue?logo=github\u0026style=flat-square)](https://github.com/marketplace/actions/import-gpg)\n[![Test workflow](https://img.shields.io/github/actions/workflow/status/crazy-max/ghaction-import-gpg/test.yml?branch=master\u0026label=test\u0026logo=github\u0026style=flat-square)](https://github.com/crazy-max/ghaction-import-gpg/actions?workflow=test)\n[![Codecov](https://img.shields.io/codecov/c/github/crazy-max/ghaction-import-gpg?logo=codecov\u0026style=flat-square)](https://codecov.io/gh/crazy-max/ghaction-import-gpg)\n[![Become a sponsor](https://img.shields.io/badge/sponsor-crazy--max-181717.svg?logo=github\u0026style=flat-square)](https://github.com/sponsors/crazy-max)\n[![Paypal Donate](https://img.shields.io/badge/donate-paypal-00457c.svg?logo=paypal\u0026style=flat-square)](https://www.paypal.me/crazyws)\n\n## About\n\nGitHub Action to easily import a GPG key.\n\n![Import GPG](.github/ghaction-import-gpg.png)\n\n___\n\n* [Features](#features)\n* [Prerequisites](#prerequisites)\n* [Usage](#usage)\n * [Workflow](#workflow)\n * [Sign commits](#sign-commits)\n * [Use a subkey](#use-a-subkey)\n * [Set key's trust level](#set-keys-trust-level)\n* [Customizing](#customizing)\n * [inputs](#inputs)\n * [outputs](#outputs)\n* [Contributing](#contributing)\n* [License](#license)\n\n## Features\n\n* Works on Linux, macOS and Windows [virtual environments](https://help.github.com/en/articles/virtual-environments-for-github-actions#supported-virtual-environments-and-hardware-resources)\n* Allow seeding the internal cache of `gpg-agent` with provided passphrase\n* Signing-only subkeys support\n* Purge imported GPG key, cache information and kill agent from runner\n* (Git) Enable signing for Git commits, tags and pushes\n* (Git) Configure and check committer info against GPG key\n\n## Prerequisites\n\nFirst, [generate a GPG key](https://docs.github.com/en/github/authenticating-to-github/generating-a-new-gpg-key) and\nexport the GPG private key as an ASCII armored version to your clipboard:\n\n```shell\n# macOS\ngpg --armor --export-secret-key joe@foo.bar | pbcopy\n\n# Ubuntu (assuming GNU base64)\ngpg --armor --export-secret-key joe@foo.bar -w0 | xclip\n\n# Arch\ngpg --armor --export-secret-key joe@foo.bar | xclip -selection clipboard -i\n\n# FreeBSD (assuming BSD base64)\ngpg --armor --export-secret-key joe@foo.bar | xclip\n```\n\nPaste your clipboard as a [`secret`](https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets)\nnamed `GPG_PRIVATE_KEY` for example. Create another secret with the\n`PASSPHRASE` if applicable.\n\n## Usage\n\n### Workflow\n\n```yaml\nname: import-gpg\n\non:\n push:\n branches: master\n\njobs:\n import-gpg:\n runs-on: ubuntu-latest\n steps:\n -\n name: Checkout\n uses: actions/checkout@v4\n -\n name: Import GPG key\n uses: crazy-max/ghaction-import-gpg@v6\n with:\n gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}\n passphrase: ${{ secrets.PASSPHRASE }}\n -\n name: List keys\n run: gpg -K\n```\n\n### Sign commits\n\n```yaml\nname: import-gpg\n\non:\n push:\n branches: master\n\njobs:\n sign-commit:\n runs-on: ubuntu-latest\n steps:\n -\n name: Checkout\n uses: actions/checkout@v4\n -\n name: Import GPG key\n uses: crazy-max/ghaction-import-gpg@v6\n with:\n gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}\n passphrase: ${{ secrets.PASSPHRASE }}\n git_user_signingkey: true\n git_commit_gpgsign: true\n -\n name: Sign commit and push changes\n run: |\n echo foo \u003e bar.txt\n git add .\n git commit -S -m \"This commit is signed!\"\n git push\n```\n\n### Use a subkey\n\nWith the input `fingerprint`, you can specify which one of the subkeys in a GPG\nkey you want to use for signing.\n\n```yaml\nname: import-gpg\n\non:\n push:\n branches: master\n\njobs:\n import-gpg:\n runs-on: ubuntu-latest\n steps:\n -\n name: Checkout\n uses: actions/checkout@v4\n -\n name: Import GPG key\n uses: crazy-max/ghaction-import-gpg@v6\n with:\n gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}\n passphrase: ${{ secrets.PASSPHRASE }}\n fingerprint: \"C17D11ADF199F12A30A0910F1F80449BE0B08CB8\"\n -\n name: List keys\n run: gpg -K\n```\n\nFor example, given this GPG key with a signing subkey:\n\n```\npub ed25519 2021-09-24 [C]\n 87F257B89CE462100BEC0FFE6071D218380FDCC8\n Keygrip = F5C3ABFAAB36B427FD98C4EDD0387E08EA1E8092\nuid [ unknown] Joe Bar \u003cjoe@bar.foo\u003e\nsub ed25519 2021-09-24 [S]\n C17D11ADF199F12A30A0910F1F80449BE0B08CB8\n Keygrip = DEE0FC98F441519CA5DE5D79773CB29009695FEB\n```\n\nYou can use the subkey with signing capability whose fingerprint is `C17D11ADF199F12A30A0910F1F80449BE0B08CB8`.\n\n### Set key's trust level\n\nWith the `trust_level` input, you can specify the trust level of the GPG key.\n\nValid values are:\n* `1`: unknown\n* `2`: never\n* `3`: marginal\n* `4`: full\n* `5`: ultimate\n\n```yaml\nname: import-gpg\n\non:\n push:\n branches: master\n\njobs:\n import-gpg:\n runs-on: ubuntu-latest\n steps:\n -\n name: Checkout\n uses: actions/checkout@v4\n -\n name: Import GPG key\n uses: crazy-max/ghaction-import-gpg@v6\n with:\n gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}\n passphrase: ${{ secrets.PASSPHRASE }}\n trust_level: 5\n```\n\n## Customizing\n\n### inputs\n\nThe following inputs can be used as `step.with` keys:\n\n| Name | Type | Description |\n|-----------------------|--------|--------------------------------------------------------------------------------------------|\n| `gpg_private_key` | String | GPG private key exported as an ASCII armored version or its base64 encoding (**required**) |\n| `passphrase` | String | Passphrase of the GPG private key |\n| `trust_level` | String | Set key's trust level |\n| `git_config_global` | Bool | Set Git config global (default `false`) |\n| `git_user_signingkey` | Bool | Set GPG signing keyID for this Git repository (default `false`) |\n| `git_commit_gpgsign` | Bool | Sign all commits automatically. (default `false`) |\n| `git_tag_gpgsign` | Bool | Sign all tags automatically. (default `false`) |\n| `git_push_gpgsign` | String | Sign all pushes automatically. (default `if-asked`) |\n| `git_committer_name` | String | Set commit author's name (defaults to the name associated with the GPG key) |\n| `git_committer_email` | String | Set commit author's email (defaults to the email address associated with the GPG key) |\n| `workdir` | String | Working directory (below repository root) (default `.`) |\n| `fingerprint` | String | Specific fingerprint to use (subkey) |\n\n\u003e [!NOTE]\n\u003e `git_user_signingkey` needs to be enabled for `git_commit_gpgsign`, `git_tag_gpgsign`,\n\u003e `git_push_gpgsign`, `git_committer_name`, `git_committer_email` inputs.\n\n### outputs\n\nThe following outputs are available:\n\n| Name | Type | Description |\n|---------------|--------|---------------------------------------------------------------------------------------------------------------------------------|\n| `fingerprint` | String | Fingerprint of the GPG key (recommended as [user ID](https://www.gnupg.org/documentation/manuals/gnupg/Specify-a-User-ID.html)) |\n| `keyid` | String | Low 64 bits of the X.509 certificate SHA-1 fingerprint |\n| `name` | String | Name associated with the GPG key |\n| `email` | String | Email address associated with the GPG key |\n\n## Contributing\n\nWant to contribute? Awesome! The most basic way to show your support is to star\nthe project, or to raise issues. You can also support this project by [**becoming a sponsor on GitHub**](https://github.com/sponsors/crazy-max)\nor by making a [PayPal donation](https://www.paypal.me/crazyws) to ensure this\njourney continues indefinitely!\n\nThanks again for your support, it is much appreciated! :pray:\n\n## License\n\nMIT. See `LICENSE` for more details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcrazy-max%2Fghaction-import-gpg","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcrazy-max%2Fghaction-import-gpg","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcrazy-max%2Fghaction-import-gpg/lists"}