From bb9d928d17930db5f808fa68520e2dc2e0ff1f2c Mon Sep 17 00:00:00 2001
From: Martin Man <mman@martinman.net>
Date: Thu, 25 Sep 2025 19:47:50 +0200
Subject: [PATCH] fix: Handle compressed/noncompressed GPG keys in robust way

---
 dist/index.js | 5 ++++-
 src/gpg.ts    | 6 +++++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/dist/index.js b/dist/index.js
index d94c7e24..57f52026 100644
--- a/dist/index.js
+++ b/dist/index.js
@@ -79,8 +79,11 @@ const toolCache = __importStar(__nccwpck_require__(7784));
 async function setupKeys() {
     core.debug("Fetching verification keys");
     let path = await toolCache.downloadTool("https://swift.org/keys/all-keys.asc");
+    core.debug("Examining verification keys");
+    await (0, exec_1.exec)(`file "${path}"`);
+    const isPlaintext = await (0, exec_1.exec)(`gunzip --test "${path}"`, undefined, { silent: true, ignoreReturnCode: true });
     core.debug("Importing verification keys");
-    await (0, exec_1.exec)(`gpg --import "${path}"`);
+    await (0, exec_1.exec)('bash', ['-c', `${isPlaintext ? "cat" : "zcat"} "${path}" | gpg --import`]);
     core.debug("Refreshing keys");
     await refreshKeys();
 }
diff --git a/src/gpg.ts b/src/gpg.ts
index 8a69ad87..68038744 100644
--- a/src/gpg.ts
+++ b/src/gpg.ts
@@ -8,8 +8,12 @@ export async function setupKeys() {
     "https://swift.org/keys/all-keys.asc"
   );
 
+  core.debug("Examining verification keys");
+  await exec(`file "${path}"`);
+  const isPlaintext = await exec(`gunzip --test "${path}"`, undefined, { silent: true, ignoreReturnCode: true });
+
   core.debug("Importing verification keys");
-  await exec(`gpg --import "${path}"`);
+  await exec('bash', ['-c', `${isPlaintext ? "cat" : "zcat"} "${path}" | gpg --import`]);
 
   core.debug("Refreshing keys");
   await refreshKeys();