Merge pull request #804 from peter-evans/gpg-sign-fix

fix: remove unnecessary gpg-sign input

.eslintrc.json

@@ -9,8 +9,7 @@
     "plugin:import/errors",
     "plugin:import/warnings",
     "plugin:import/typescript",
-    "plugin:prettier/recommended",
-    "prettier/@typescript-eslint"
+    "plugin:prettier/recommended"
   ],
   "plugins": ["@typescript-eslint"],
   "rules": {

README.md

@@ -157,6 +157,11 @@ To create a project card for the pull request, pass the `pull-request-number` st
           issue-number: ${{ steps.cpr.outputs.pull-request-number }}
 ```
 
+### Auto-merge
+
+Auto-merge can be enabled on a pull request allowing it to be automatically merged once requirements have been satisfied.
+See [enable-pull-request-automerge](https://github.com/peter-evans/enable-pull-request-automerge) action for usage details.
+
 ## Reference Example
 
 The following workflow sets many of the action's inputs for reference purposes.

docs/concepts-guidelines.md

@@ -16,6 +16,7 @@ This document covers terminology, how the action works, general usage guidelines
   - [Push using SSH (deploy keys)](#push-using-ssh-deploy-keys)
   - [Push pull request branches to a fork](#push-pull-request-branches-to-a-fork)
   - [Authenticating with GitHub App generated tokens](#authenticating-with-github-app-generated-tokens)
+  - [GPG commit signature verification](#gpg-commit-signature-verification)
   - [Running in a container or on self-hosted runners](#running-in-a-container-or-on-self-hosted-runners)
 
 ## Terminology
@@ -129,6 +130,8 @@ jobs:
     if: github.event.pull_request.head.repo.full_name == github.repository
 ```
 
+For further reading regarding the security of pull requests, see this GitHub blog post titled [Keeping your GitHub Actions and workflows secure: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)
+
 ### Triggering further workflow runs
 
 Pull requests created by the action using the default `GITHUB_TOKEN` cannot trigger other workflows. If you have `on: pull_request` or `on: push` workflows acting as checks on pull requests, they will not run.
@@ -272,6 +275,48 @@ GitHub App generated tokens are more secure than using a PAT because GitHub App
           token: ${{ steps.generate-token.outputs.token }}
 ```
 
+### GPG commit signature verification
+
+The action can use GPG to sign commits with a GPG key that you generate yourself.
+
+1. Follow GitHub's guide to [generate a new GPG key](https://docs.github.com/en/github/authenticating-to-github/generating-a-new-gpg-key).
+
+2. [Add the public key](https://docs.github.com/en/github/authenticating-to-github/adding-a-new-gpg-key-to-your-github-account) to the user account associated with the [Personal Access Token (PAT)](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token) that you will use with the action.
+
+3. Copy the private key to your clipboard, replacing `email@example.com` with the email address of your GPG key.
+   ```
+   # macOS
+   gpg --armor --export-secret-key email@example.com | pbcopy
+   ```
+
+4. Paste the private key into a repository secret where the workflow will run. e.g. `GPG_PRIVATE_KEY`
+
+5. Create another repository secret for the key's passphrase, if applicable. e.g. `GPG_PASSPHRASE`
+
+6. The following example workflow shows how to use [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg) to import your GPG key and allow the action to sign commits.
+
+   Note that the `committer` email address *MUST* match the email address used to create your GPG key.
+
+```yaml
+    steps:
+      - uses: actions/checkout@v2
+
+      - uses: crazy-max/ghaction-import-gpg@v3
+        with:
+          gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.GPG_PASSPHRASE }}
+          git-user-signingkey: true
+          git-commit-gpgsign: true
+
+      # Make changes to pull request here
+
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v3
+        with:
+          token: ${{ secrets.PAT }}
+          committer: example <email@example.com>
+```
+
 ### Running in a container or on self-hosted runners
 
 This action can be run inside a container, or on [self-hosted runners](https://docs.github.com/en/actions/hosting-your-own-runners), by installing the necessary dependencies.

docs/examples.md

@@ -21,6 +21,7 @@
   - [Filtering push events](#filtering-push-events)
   - [Dynamic configuration using variables](#dynamic-configuration-using-variables)
   - [Setting the pull request body from a file](#setting-the-pull-request-body-from-a-file)
+  - [Using a markdown template](#using-a-markdown-template)
   - [Debugging GitHub Actions](#debugging-github-actions)
 
 
@@ -560,6 +561,31 @@ The content must be [escaped to preserve newlines](https://github.community/t/se
           body: ${{ steps.get-pr-body.outputs.body }}
 ```
 
+### Using a markdown template
+
+In this example, a markdown template file is added to the repository at `.github/pull-request-template.md` with the following content.
+```
+This is a test pull request template
+Render template variables such as {{ .foo }} and {{ .bar }}.
+```
+
+The template is rendered using the [render-template](https://github.com/chuhlomin/render-template) action and the result is used to create the pull request.
+```yml
+      - name: Render template
+        id: template
+        uses: chuhlomin/render-template@v1.2
+        with:
+          template: .github/pull-request-template.md
+          vars: |
+            foo: this
+            bar: that
+
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v3
+        with:
+          body: ${{ steps.template.outputs.result }}
+```
+
 ### Debugging GitHub Actions
 
 #### Runner Diagnostic Logging

package.json

@@ -31,24 +31,24 @@
   "dependencies": {
     "@actions/core": "1.2.6",
     "@actions/exec": "1.0.4",
-    "@octokit/core": "3.2.4",
-    "@octokit/plugin-paginate-rest": "2.8.0",
-    "@octokit/plugin-rest-endpoint-methods": "4.5.2",
+    "@octokit/core": "3.3.2",
+    "@octokit/plugin-paginate-rest": "2.13.3",
+    "@octokit/plugin-rest-endpoint-methods": "5.0.0",
     "uuid": "8.3.2"
   },
   "devDependencies": {
-    "@types/jest": "26.0.20",
-    "@types/node": "14.14.22",
-    "@typescript-eslint/parser": "4.14.0",
+    "@types/jest": "26.0.22",
+    "@types/node": "14.14.37",
+    "@typescript-eslint/parser": "4.20.0",
     "@vercel/ncc": "0.27.0",
-    "eslint": "7.18.0",
-    "eslint-plugin-github": "4.1.1",
-    "eslint-plugin-jest": "24.1.3",
+    "eslint": "7.23.0",
+    "eslint-plugin-github": "4.1.2",
+    "eslint-plugin-jest": "24.3.2",
     "jest": "26.6.3",
     "jest-circus": "26.6.3",
     "js-yaml": "4.0.0",
     "prettier": "2.2.1",
-    "ts-jest": "26.4.4",
-    "typescript": "4.1.3"
+    "ts-jest": "26.5.4",
+    "typescript": "4.2.3"
   }
 }

src/github-helper.ts

@@ -43,7 +43,7 @@ export class GitHubHelper {
   ): Promise<Pull> {
     // Try to create the pull request
     try {
-      const {data: pull} = await this.octokit.pulls.create({
+      const {data: pull} = await this.octokit.rest.pulls.create({
         ...this.parseRepository(baseRepository),
         title: inputs.title,
         head: headBranch,
@@ -71,13 +71,13 @@ export class GitHubHelper {
     }
 
     // Update the pull request that exists for this branch and base
-    const {data: pulls} = await this.octokit.pulls.list({
+    const {data: pulls} = await this.octokit.rest.pulls.list({
       ...this.parseRepository(baseRepository),
       state: 'open',
       head: headBranch,
       base: inputs.base
     })
-    const {data: pull} = await this.octokit.pulls.update({
+    const {data: pull} = await this.octokit.rest.pulls.update({
       ...this.parseRepository(baseRepository),
       pull_number: pulls[0].number,
       title: inputs.title,
@@ -95,7 +95,7 @@ export class GitHubHelper {
   }
 
   async getRepositoryParent(headRepository: string): Promise<string> {
-    const {data: headRepo} = await this.octokit.repos.get({
+    const {data: headRepo} = await this.octokit.rest.repos.get({
       ...this.parseRepository(headRepository)
     })
     if (!headRepo.parent) {
@@ -120,7 +120,7 @@ export class GitHubHelper {
     // Apply milestone
     if (inputs.milestone) {
       core.info(`Applying milestone '${inputs.milestone}'`)
-      await this.octokit.issues.update({
+      await this.octokit.rest.issues.update({
         ...this.parseRepository(baseRepository),
         issue_number: pull.number,
         milestone: inputs.milestone
@@ -129,7 +129,7 @@ export class GitHubHelper {
     // Apply labels
     if (inputs.labels.length > 0) {
       core.info(`Applying labels '${inputs.labels}'`)
-      await this.octokit.issues.addLabels({
+      await this.octokit.rest.issues.addLabels({
         ...this.parseRepository(baseRepository),
         issue_number: pull.number,
         labels: inputs.labels
@@ -138,10 +138,10 @@ export class GitHubHelper {
     // Apply assignees
     if (inputs.assignees.length > 0) {
       core.info(`Applying assignees '${inputs.assignees}'`)
-      await this.octokit.issues.addAssignees({
+      await this.octokit.rest.issues.addAssignees({
         ...this.parseRepository(baseRepository),
         issue_number: pull.number,
-        labels: inputs.assignees
+        assignees: inputs.assignees
       })
     }
 
@@ -157,7 +157,7 @@ export class GitHubHelper {
     }
     if (Object.keys(requestReviewersParams).length > 0) {
       try {
-        await this.octokit.pulls.requestReviewers({
+        await this.octokit.rest.pulls.requestReviewers({
           ...this.parseRepository(baseRepository),
           pull_number: pull.number,
           ...requestReviewersParams