fix(plugins/git): improvements for gpg signing

dalisoft · Feb 21, 2024 · baebe9e · baebe9e
1 parent abcaa38
commit baebe9e
Showing 1 changed file with 12 additions and 4 deletions.
diff --git a/plugins/git.sh b/plugins/git.sh
@@ -17,10 +17,12 @@ prepare() {
     git config commit.gpgsign true
     git config user.signingkey "$GPG_KEY_ID"
     git config tag.forceSignAnnotated true
+    git config gpg.program gpg
     log_verbose "Git GPG sign set"
   fi
-  if [[ -n "$GPG_KEY_PASSPHRASE" ]]; then
-    echo 'ALLOW_LOOPBACK_PINENTRY=yes' >>~/.gnupg/gpg-agent.conf
+  if [[ -n "$GPG_PASSPHRASE" ]]; then
+    echo "allow-loopback-pinentry" >>~/.gnupg/gpg-agent.conf
+    echo "pinentry-mode loopback" >>~/.gnupg/gpg.conf
     gpg-connect-agent reloadagent /bye
   fi
 }
@@ -35,8 +37,13 @@ cleanup() {
     git config --unset commit.gpgsign
     git config --unset user.signingkey
     git config --unset tag.forceSignAnnotated
+    git config --unset gpg.program
     log_verbose "Git GPG sign unset"
   fi
+  if [[ -n "$GPG_PASSPHRASE" ]]; then
+    rm -rf ~/.gnupg/gpg-agent.conf
+    rm -rf ~/.gnupg/gpg.conf
+  fi
 
   git config --unset credential.helper
   rm -rf "$TMP_GIT_CONFIG_FILE"
@@ -49,9 +56,10 @@ release() {
 
   if ! $IS_DRY_RUN; then
     prepare
+    export GPG_TTY=$(tty)
 
-    if [[ -n "$GPG_KEY_ID" ]]; then
-      echo "$GPG_KEY_PASSPHRASE" | git tag --sign "$RELEASE_TAG_NAME" --local-user "$GPG_KEY_ID" "$CHECKOUT_SHA" --message "$RELEASE_BODY" --batch --pinentry-mode loopback --passphrase-fd 0
+    if [[ -n "$GPG_KEY_ID" && -n "$GPG_PASSPHRASE" ]]; then
+      git tag --sign "$RELEASE_TAG_NAME" "$CHECKOUT_SHA" --message "Release, tag and sign $RELEASE_TAG_NAME"
     else
       git tag "$RELEASE_TAG_NAME" "$CHECKOUT_SHA"
     fi