From 0312a8e342164223955d0fa7f0d951ad654d821b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Ricks?= <bjoern.ricks@greenbone.net>
Date: Tue, 16 Jan 2024 10:07:02 +0100
Subject: [PATCH] Change: Mark bash inputs as literal string

Let bash not interpret the inputs. This fixes using passwords containing
special characters like `$`.
---
 signature/action.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/signature/action.yml b/signature/action.yml
index 0d3971e4..fe1c6af0 100644
--- a/signature/action.yml
+++ b/signature/action.yml
@@ -29,13 +29,13 @@ runs:
       shell: bash
       run: |
         echo -e "${{ inputs.gpg-key }}" >> tmp.file
-        gpg --pinentry-mode loopback --passphrase ${{ inputs.gpg-passphrase }} --import tmp.file
+        gpg --pinentry-mode loopback --passphrase '${{ inputs.gpg-passphrase }}' --import tmp.file
         rm tmp.file
     - name: "Create a GPG signature"
       shell: bash
       run: |
         if [ -z "${{ inputs.signature-file }}"]; then
-          gpg --pinentry-mode loopback --local-user ${{ inputs.gpg-fingerprint }} --yes --detach-sign --passphrase ${{ inputs.gpg-passphrase }} --armor ${{ inputs.file }}
+          gpg --pinentry-mode loopback --local-user '${{ inputs.gpg-fingerprint }}' --yes --detach-sign --passphrase '${{ inputs.gpg-passphrase }}' --armor '${{ inputs.file }}'
         else
-          gpg --pinentry-mode loopback --local-user ${{ inputs.gpg-fingerprint }} --yes --detach-sign --passphrase ${{ inputs.gpg-passphrase }} --armor --output ${{ inputs.signature-file }} ${{ inputs.file }}
+          gpg --pinentry-mode loopback --local-user '${{ inputs.gpg-fingerprint }}' --yes --detach-sign --passphrase '${{ inputs.gpg-passphrase }}' --armor --output ${{ inputs.signature-file }} '${{ inputs.file }}'
         fi