From abcaa3892cc62c29b65f98bf04fb2c12ac5f9563 Mon Sep 17 00:00:00 2001
From: Davlatjon Shavkatov <opensource@dalisoft.uz>
Date: Wed, 21 Feb 2024 23:21:50 +0500
Subject: [PATCH] fix(plugins/git): refactor `gpg` decrypt action

---
 plugins/git.sh | 16 +++-------------
 1 file changed, 3 insertions(+), 13 deletions(-)

diff --git a/plugins/git.sh b/plugins/git.sh
index 1032e86..6698a3c 100644
--- a/plugins/git.sh
+++ b/plugins/git.sh
@@ -1,11 +1,8 @@
 #!/usr/bin/env bash
 set -e
 
-TEMP_GPG_FILE=$(mktemp)
 TMP_GIT_CONFIG_FILE=$(mktemp)
 
-export GPG_TTY=$(tty)
-
 prepare() {
   export GIT_CONFIG="$TMP_GIT_CONFIG_FILE"
   if [[ -n "$GIT_USERNAME" && -n "$GIT_EMAIL" ]]; then
@@ -23,11 +20,8 @@ prepare() {
     log_verbose "Git GPG sign set"
   fi
   if [[ -n "$GPG_KEY_PASSPHRASE" ]]; then
-    rm -rf "$TEMP_GPG_FILE"
-    echo '#!/bin/bash' >>"$TEMP_GPG_FILE"
-    echo 'gpg --batch --pinentry-mode=loopback --passphrase $GPG_KEY_PASSPHRASE $@' >>"$TEMP_GPG_FILE"
-    chmod +x "$TEMP_GPG_FILE"
-    git config gpg.program "$TEMP_GPG_FILE"
+    echo 'ALLOW_LOOPBACK_PINENTRY=yes' >>~/.gnupg/gpg-agent.conf
+    gpg-connect-agent reloadagent /bye
   fi
 }
 
@@ -43,10 +37,6 @@ cleanup() {
     git config --unset tag.forceSignAnnotated
     log_verbose "Git GPG sign unset"
   fi
-  if [[ -n "$GPG_KEY_ID" && -n "$GPG_KEY" && -n "$GPG_KEY_PASSPHRASE" ]]; then
-    rm -rf "$TEMP_GPG_FILE"
-    git config --unset gpg.program
-  fi
 
   git config --unset credential.helper
   rm -rf "$TMP_GIT_CONFIG_FILE"
@@ -61,7 +51,7 @@ release() {
     prepare
 
     if [[ -n "$GPG_KEY_ID" ]]; then
-      git tag --sign "$RELEASE_TAG_NAME" --local-user "$GPG_KEY_ID" "$CHECKOUT_SHA" --message "$RELEASE_BODY"
+      echo "$GPG_KEY_PASSPHRASE" | git tag --sign "$RELEASE_TAG_NAME" --local-user "$GPG_KEY_ID" "$CHECKOUT_SHA" --message "$RELEASE_BODY" --batch --pinentry-mode loopback --passphrase-fd 0
     else
       git tag "$RELEASE_TAG_NAME" "$CHECKOUT_SHA"
     fi