{"id":22137298,"url":"https://github.com/thomasdesr/minisign-action","last_synced_at":"2026-01-05T01:21:12.684Z","repository":{"id":38095939,"uuid":"236106121","full_name":"thomasdesr/minisign-action","owner":"thomasdesr","description":"Github action to sign and verify minisign/signify signatures","archived":false,"fork":false,"pushed_at":"2023-01-30T22:47:50.000Z","size":7,"stargazers_count":2,"open_issues_count":0,"forks_count":3,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-01-12T06:40:39.255Z","etag":null,"topics":["crypto","cryptography","github-actions","gpg","minisign","pgp","signify"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/thomasdesr.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-01-25T00:24:14.000Z","updated_at":"2022-08-04T15:00:57.000Z","dependencies_parsed_at":"2023-02-16T12:31:20.826Z","dependency_job_id":null,"html_url":"https://github.com/thomasdesr/minisign-action","commit_stats":{"total_commits":13,"total_committers":3,"mean_commits":4.333333333333333,"dds":0.3076923076923077,"last_synced_commit":"7c6b44acbfcf7c0c501228ebfdff8cb6f4db41c7"},"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thomasdesr%2Fminisign-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thomasdesr%2Fminisign-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thomasdesr%2Fminisign-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thomasdesr%2Fminisign-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/thomasdesr","download_url":"https://codeload.github.com/thomasdesr/minisign-action/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":234444602,"owners_count":18833658,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["crypto","cryptography","github-actions","gpg","minisign","pgp","signify"],"created_at":"2024-12-01T19:31:47.047Z","updated_at":"2026-01-05T01:21:12.677Z","avatar_url":"https://github.com/thomasdesr.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Minisign Github Action\n\nThis action makes [Minisign](https://jedisct1.github.io/minisign/) available to\nyou in your github actions.\n\n## Inputs\n\n### `minisign_key`\n\n_Optional_\n\nContents of this input should be a plaintext minisign key. At the start of the\nrun the contents are written to disk at `~/.minisign/minisign.key` (by default).\n\nYou can also provide a signing key via some other mechanism. This input exists\nto provide a convenient mechanism to get a key from a github repo secret onto\ndisk.\n\nIf you want to change the path where this writes, you can set the environment\nvariable `MINISIGN_KEY_PATH` to another value via your action's `env` field. If\nyou do this, make sure to remember to set `-p` correctly in your args.\n\n\n### `password`\n\n_Optional_\n\nIf your minisign key has a password attached, put the contents of that password\nin here.\n\n## Outputs\n\nNone\n\n## Example Usage\n\n### Verification\n```yaml\nsteps:\n  - name: Fetch \"third-party\" artifact\n    run: |\n      wget \\\n        https://github.com/jedisct1/minisign/releases/download/0.12/minisign-0.12.tar.gz \\\n        https://github.com/jedisct1/minisign/releases/download/0.12/minisign-0.12.tar.gz.minisig\n  - name: Verify artifact's integrity with their published key\n    uses: thomasdesr/minisign-action@v1\n    with:\n        args: -Vm \"minisign-0.12.tar.gz\" -P \"RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3\"\n```\n\n### Signing\n```yaml\nsteps:\n    - name: Sign our test file\n      uses: thomasdesr/minisign-action@v1\n      with:\n        args: -Sm path/to/artifact\n        minisign_key: ${{ secrets.minisign_key }}\n        password: ${{ secrets.minisign_password }}\n    - name: Upload the signature\n      uses: actions/upload-artifact@v1\n      with:\n        name: my-signature\n        path: path/to/artifact.minisig\n```\n\n## Contributions / Help Wanted\nI feel like maybe this should be more than a thin wrapper around the CLI but it\nhas been good enough for me solve my immediate needs so I've stopped here for\nnow.\n\nIf you want to add features just open an issue and I'd be happy to work on it\nwith you!\n\n### Future work?\n- [ ] Investigate if it is worth it to switch from using docker to JS via the\n  [wasm impl](https://wapm.io/package/jedisct1/minisign) so we can spend less\n  time installing c++ toolchains.\n- [ ] Maybe publish a copy of this container to a registry somewhere so we can\n  swap compile for download times?\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthomasdesr%2Fminisign-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fthomasdesr%2Fminisign-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthomasdesr%2Fminisign-action/lists"}