fix(plugins): use separate logic for gpg and git

dalisoft · Apr 25, 2024 · 9793e65 · 9793e65
1 parent c389ffd
commit 9793e65
Show file tree

Hide file tree

Showing 2 changed files with 55 additions and 8 deletions.
diff --git a/plugins/git.sh b/plugins/git.sh
@@ -64,10 +64,6 @@ cleanup() {
   log_verbose "Git config cleanup"
 }
 
-# Used for GPG re-using
-export GIT_PREPARE=prepare
-export GIT_CLEANUP=cleanup
-
 release() {
   # Create a `git` tag
   log "Creating Git tag..."

diff --git a/plugins/npm-post.sh b/plugins/npm-post.sh
@@ -1,16 +1,67 @@
 #!/bin/sh
 set -eu
 
+# Global variables
+export GPG_TTY=
+export GNUPGHOME=
+
 prepare() {
-  if [ "$(command -v GIT_PREPARE)" ]; then
-    GIT_PREPARE
+  unset GIT_CONFIG
+
+  GPG_TTY=$(tty)
+  GNUPGHOME=$(mktemp -d)
+
+  if [ -n "${GIT_USERNAME-}" ] && [ -n "${GIT_EMAIL-}" ]; then
+    git config --local user.email "$GIT_EMAIL"
+    git config --local user.name "$GIT_USERNAME"
+    log_verbose "Git username [$GIT_USERNAME] and Git e-mail [$GIT_EMAIL] set"
+  fi
+
+  if [ -z "${GPG_NO_SIGN-}" ] && [ -n "${GPG_KEY_ID-}" ]; then
+    echo "$GPG_KEY" | base64 --decode | gpg --homedir "$GNUPGHOME" --quiet --batch --import
+
+    git config --local commit.gpgsign true
+    git config --local user.signingkey "$GPG_KEY_ID"
+    git config --local tag.forceSignAnnotated true
+    git config --local gpg.program gpg
+    log_verbose "Git GPG sign and key ID [$GPG_KEY_ID] are set"
+
+    echo "allow-loopback-pinentry" >>"$GNUPGHOME/gpg-agent.conf"
+    echo "pinentry-mode loopback" >>"$GNUPGHOME/gpg.conf"
+    gpg-connect-agent --homedir "$GNUPGHOME" reloadagent /bye
+
+    if [ -n "${GPG_PASSPHRASE}" ]; then
+      echo "" | gpg --homedir "$GNUPGHOME" --quiet --passphrase "$GPG_PASSPHRASE" --batch --pinentry-mode loopback --sign >/dev/null
+      log_verbose "Git GPG passphrase set"
+    fi
   fi
 }
 
 cleanup() {
-  if [ "$(command -v GIT_CLEANUP)" ]; then
-    GIT_CLEANUP
+  if [ -n "${GIT_USERNAME-}" ] && [ -n "${GIT_EMAIL-}" ]; then
+    git config --local --unset user.email
+    git config --local --unset user.name
+    log_verbose "Git username and Git e-mail unset"
+  fi
+
+  if [ -z "${GPG_NO_SIGN-}" ] && [ -n "${GPG_KEY_ID-}" ]; then
+    git config --local --unset commit.gpgsign
+    git config --local --unset user.signingkey
+    git config --local --unset tag.forceSignAnnotated
+    git config --local --unset gpg.program
+    log_verbose "Git GPG sign unset"
+
+    if [ -n "${GPG_PASSPHRASE}" ]; then
+      gpg --homedir "$GNUPGHOME" --quiet --passphrase "$GPG_PASSPHRASE" --batch --yes --delete-secret-and-public-key "$GPG_KEY_ID"
+
+      log_verbose "Git GPG key deleted"
+    fi
+
+    rm -rf "$GNUPGHOME"
+    log_verbose "Git GPG config cleanup"
   fi
+
+  log_verbose "Git config cleanup"
 }
 
 release() {