Add GPG Key ID (#39) (#40)

* Add GPG Key ID (#39)

* Update action.yml

---------

Co-authored-by: RoseSecurity <[email protected]>

Author: goruha

action.yml

@@ -41,6 +41,10 @@ inputs:
     description: "Skip creation of remote branches and pull requests. Only print list of affected componented into file that is defined in 'outputs.affected-components-file'"
     required: false
     default: 'false'
+  gpg-key-id:
+    description: "GPG key ID to sign commits. Default ''"
+    required: false
+    default: ''
   pr-labels:
     description: "Comma or new line separated list of labels that will added on PR creation. Default: `component-update`"
     required: false
@@ -70,6 +74,7 @@ runs:
     EXCLUDE: ${{ inputs.exclude }}
     LOG_LEVEL: ${{ inputs.log-level }}
     DRY_RUN: ${{ inputs.dry-run }}
+    GPG_KEY_ID: ${{ inputs.gpg-key-id }}
     PR_LABELS: ${{ inputs.pr-labels }}
     PR_TITLE_TEMPLATE: ${{ inputs.pr-title-template }}
     PR_BODY_TEMPLATE: ${{ inputs.pr-body-template }}

entrypoint.sh

@@ -18,6 +18,7 @@ python3 src/main.py \
     --exclude "${EXCLUDE}" \
     --log-level ${LOG_LEVEL} \
     --dry-run ${DRY_RUN} \
+    --gpg-key-id "${GPG_KEY_ID}" \
     --pr-labels "${PR_LABELS}" \
     --pr-title-template "${PR_TITLE_TEMPLATE}" \
     --pr-body-template "${PR_BODY_TEMPLATE}" \
@@ -28,4 +29,4 @@ affected=$(jq -c '.' < affected-components.json)
 echo "affected=$affected" >> $GITHUB_OUTPUT
 
 [[ "$affected" == "[]" ]] && has_affected_stacks=true || has_affected_stacks=false
-echo "has-affected-stacks=$has_affected_stacks" >> $GITHUB_OUTPUT
+echo "has-affected-stacks=$has_affected_stacks" >> $GITHUB_OUTPUT

src/config.py

@@ -16,6 +16,7 @@ def __init__(self,
                  go_getter_tool: str,
                  dry_run: bool,
                  affected_components_file: str = '',
+                 gpg_key_id: str = '',
                  pr_title_template: str = '',
                  pr_body_template: str = '',
                  pr_labels: str = 'component-update'):
@@ -30,6 +31,7 @@ def __init__(self,
         self.dry_run: bool = dry_run
         self.components_download_dir: str = io.create_tmp_dir()
         self.skip_component_repo_fetching: bool = False
+        self.gpg_key_id: str = gpg_key_id
         self.pr_title_template: str = pr_title_template
         self.pr_body_template: str = pr_body_template
         self.pr_labels: List[str] = utils.parse_comma_or_new_line_separated_list(pr_labels)

src/github_provider.py

@@ -89,7 +89,11 @@ def create_branch_and_push_all_changes(self, repo_dir: str, branch_name: str, co
 
         repo.git.checkout(new_branch)
         repo.git.add("-A")
-        repo.index.commit(commit_message)
+
+        if self.__config.gpg_key_id:
+            repo.index.commit(commit_message, gpg_sign=True, gpg_signing_key=self.__config.gpg_key_id)
+        else:
+            repo.index.commit(commit_message)
 
         if not self.__config.dry_run:
             repo.git.push("--set-upstream", "origin", branch_name)

src/main.py

@@ -69,6 +69,11 @@ def main(github_api_token: str, config: Config):
               show_default=True,
               default="affected_components.json",
               help="Path to output file that will contain list of affected components in json format")
+@click.option('--gpg-key-id',
+              required=False,
+              show_default=True,
+              default="",
+              help="GPG key ID to sign commits")
 @click.option('--pr-title-template',
               required=False,
               show_default=True,
@@ -96,6 +101,7 @@ def cli_main(github_api_token,
              log_level,
              dry_run,
              affected_components_file,
+             gpg_key_id,
              pr_title_template,
              pr_body_template,
              pr_labels):
@@ -113,6 +119,7 @@ def cli_main(github_api_token,
                     go_getter_tool,
                     dry_run,
                     affected_components_file,
+                    gpg_key_id,
                     pr_title_template,
                     pr_body_template,
                     pr_labels)