-
Notifications
You must be signed in to change notification settings - Fork 70
GPG Signing
Adam Ormsby edited this page Mar 9, 2024
·
7 revisions
The default user email for Github Actions is actions@github.com, but GPG signing is not supported when using that email. You can create a service account with a GPG key and use that as the author of your actions.
Fork Sync does not support GPG signing by default. I suggest using the Import GPG action in your worfklow as a pre-sync step.
steps:
# Step 1: run a standard checkout action, provided by Github
- name: Checkout repo
uses: actions/checkout@v2
with:
# fetch-depth: 0
# ref: my-branch
ref: main
persist-credentials: false
# Step 2: set up GPG config
- name: Import GPG key
uses: crazy-max/ghaction-import-gpg@v4 # or whatever is latest
with:
gpg_private_key: ${{ secrets.GPG_KEY }}
passphrase: ${{ secrets.PASSPHRASE }}
git_user_signingkey: true # sets GPG key
git_commit_gpgsign: true # sets all commits to use signing (no need to modify sync args)
# Step 3: run sync action - you know how this goes...
- name: Pull (Fast-Forward) upstream changes
uses: aormsby/Fork-Sync-With-Upstream-action@v3.1
with:
target_sync_branch: main
target_repo_token: ${{ secrets.GITHUB_TOKEN }}
yada
yada
yadaFurther instructions on setting up the gpg_private_key and passphrase can be found in the Import GPG docs.