# GPG Import

Easily import a GPG key within any CI workflow. Runs on any Linux, MacOs or Windows build agent.

## Features

- Configures local git config (`.git/config`) within a detected repository, syncing committer details and enabling GPG signing of commits, tags, and pushes. You can skip this step by setting the `GPG_SKIP_GIT=true` environment variable.
- Seed the GPG Agent with your key's passphrase to remove the need for manual passphrase entry by simply setting the `GPG_PASSPHRASE` environment variable. For best security practice, mask the variable in your chosen CI tool.
- Set the owner trust level of a private GPG key by defining the `GPG_TRUST_LEVEL` environment variable. Trust levels range between 1 (`undefined`) and 5 (`ultimate`), details of each can be found [here](https://gpgtools.tenderapp.com/kb/faq/what-is-ownertrust-trust-levels-explained).

## Install

To install the latest version using a bash script:

```sh
sh -c "$(curl https://raw.githubusercontent.com/purpleclay/gpg-import/main/scripts/install)"
```

Download a specific version using the `-v` flag. The script uses `sudo` by default but can be disabled through the `--no-sudo` flag. You can also provide a different installation directory from the default `/usr/local/bin` by using the `-d` flag:

```sh
sh -c "$(curl https://raw.githubusercontent.com/purpleclay/gpg-import/main/scripts/install)" \
  -- -v 0.3.0 --no-sudo -d ./bin
```

## Prerequisites

[Generate](https://docs.github.com/en/authentication/managing-commit-signature-verification/generating-a-new-gpg-key) a GPG key and export it to your clipboard as a base64 encoded ASCII armored private key:

```sh
# macos
gpg --armor --export-secret-key batman@dc.com | base64 -w 0 | pbcopy

# linux
gpg --armor --export-secret-key batman@dc.com | base64 -w 0  | xclip
```

## Quick Start

For seamless integration into your CI platform, set the `GPG_PRIVATE_KEY` and any optional environment variables (`GPG_PASSPHRASE` and `GPG_TRUST_LEVEL`), then let `gpg-import` import do the rest.

```sh
$ gpg-import

> Detected GnuPG:
version: 2.4.1 (libgcrypt: 1.10.2)
homedir: /root/.gnupg

> Imported GPG key:
fingerprint: 241315DDAB6865162C0389BFE5389A1079D5A52F
keygrip:     147098685499F4C183A39CA1A51CDE6316DDD479
key_id:      E5389A1079D5A52F
user:        batman <batman@dc.com>
created_on:  Tue, 09 May 2023 19:39:26 +0000
sub_keygrip: A213D84D786B8DBED68195C178B650CD24B88B2D
sub_key_id:  2D219DD41933A2D5

> Setting Passphrase:
keygrip: 147098685499F4C183A39CA1A51CDE6316DDD479 [E5389A1079D5A52F]
keygrip: A213D84D786B8DBED68195C178B650CD24B88B2D [2D219DD41933A2D5]

> Setting Trust Level:
trust_level: 5 [E5389A1079D5A52F]

> Git config set:
user.name:       batman
user.email:      batman@dc.com
user.signingKey: E5389A1079D5A52F
commit.gpgsign:  true
tag.gpgsign:     true
push.gpgsign:    if-asked
```