dependabot: init

We now rely on a few external actions, so let's make sure to keep them up-to-date.
chore: bump crazy-max/ghaction-import-gpg
2022-08-19 11:42:26 -07:00 · 2022-08-19 11:40:14 -07:00 · 2022-08-19 11:39:18 -07:00 · 2022-08-19 11:39:18 -07:00 · 2022-08-01 08:07:06 -07:00
4 changed files with 17 additions and 4 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
--- a/README.md
+++ b/README.md
@ -176,6 +176,8 @@ For the bot to produce signed commits, you will have to provide the GPG private

 When using commit signing, the commit author name and email for the commits produced by this bot would correspond to the ones associated to the GPG Public Key. 

+If you want to sign using a subkey, you must specify the subkey fingerprint using the `gpg-fingerprint` input parameter.
+
 You can find an example of how to using this action with commit signing below:

 ```yaml
@ -198,6 +200,7 @@ jobs:
        with:
          sign-commits: true
          gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
+          gpg-fingerprint: ${{ secrets.GPG_FINGERPRINT }} # specify subkey fingerprint (optional)
          gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }}
 ```

--- a/action.yml
+++ b/action.yml
@ -57,6 +57,9 @@ inputs:
    description: 'GPG Private Key with which to sign the commits in the PR to be created'
    required: false
    default: ''
+  gpg-fingerprint:
+    description: 'Fingerprint of specific GPG subkey to use'
+    required: false
  gpg-passphrase:
    description: 'GPG Private Key Passphrase for the GPG Private Key with which to sign the commits in the PR to be created'
    required: false
@ -71,9 +74,10 @@ runs:
    - name: Import bot's GPG key for signing commits
      if: ${{ inputs.sign-commits == 'true' }}
      id: import-gpg
-      uses: crazy-max/ghaction-import-gpg@v4
+      uses: crazy-max/ghaction-import-gpg@v5
      with:
        gpg_private_key: ${{ inputs.gpg-private-key }}
+        fingerprint: ${{ inputs.gpg-fingerprint }}
        passphrase: ${{ inputs.gpg-passphrase }}
        git_config_global: true
        git_user_signingkey: true
--- a/flake.lock
+++ b/flake.lock
@ -2,11 +2,11 @@
  "nodes": {
    "nixpkgs": {
      "locked": {
-        "lastModified": 1654682581,
-        "narHash": "sha256-Jb1PQCwKgwdNAp907eR5zPzuxV+kRroA3UIxUxCMJ9s=",
+        "lastModified": 1659131907,
+        "narHash": "sha256-8bz4k18M/FuVC+EVcI4aREN2PsEKT7LGmU2orfjnpCg=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "e0169d7a9d324afebf5679551407756c77af8930",
+        "rev": "8d435fca5c561da8168abb30270788d2da2a7951",
        "type": "github"
      },
      "original": {
Author	SHA1	Message	Date
Cole Helbling	03bec486c7	dependabot: init We now rely on a few external actions, so let's make sure to keep them up-to-date.	2022-08-19 11:42:26 -07:00
Nicola Squartini	235f95922e	chore: bump `crazy-max/ghaction-import-gpg`	2022-08-19 11:40:14 -07:00
Nicola Squartini	42dbe10fb3	docs: explain the `gpg-fingerprint` input parameter	2022-08-19 11:39:18 -07:00
Nicola Squartini	a8f58509de	feat: allow using a subkey for GPG signing	2022-08-19 11:39:18 -07:00
github-actions[bot]	ea4115a12c	flake.lock: Update Flake lock file updates: • Updated input 'nixpkgs': 'github:nixos/nixpkgs/e0169d7a9d324afebf5679551407756c77af8930' (2022-06-08) → 'github:nixos/nixpkgs/8d435fca5c561da8168abb30270788d2da2a7951' (2022-07-29)	2022-08-01 08:07:06 -07:00