use runner temp for private key directory

__tests__/auth.test.ts

@@ -19,11 +19,12 @@ jest.mock('@actions/exec', () => {
 
 import * as auth from '../src/auth';
 
-const env = process.env;
 const m2Dir = path.join(__dirname, auth.M2_DIR);
 const settingsFile = path.join(m2Dir, auth.SETTINGS_FILE);
-const privateKeyDir = path.join(__dirname, auth.PRIVATE_KEY_DIR);
-const privateKeyFile = auth.PRIVATE_KEY_FILE;
+const tempDir = path.join(__dirname, 'runner', 'temp');
+const privateKeyFile = path.join(tempDir, auth.PRIVATE_KEY_FILE);
+
+process.env['RUNNER_TEMP'] = tempDir;
 
 describe('auth tests', () => {
   beforeEach(async () => {
@@ -33,7 +34,7 @@ describe('auth tests', () => {
   afterAll(async () => {
     try {
       await io.rmRF(m2Dir);
-      await io.rmRF(privateKeyDir);
+      await io.rmRF(tempDir);
     } catch {
       console.log('Failed to remove test directories');
     }
@@ -176,11 +177,11 @@ describe('auth tests', () => {
 
     expect(exec.exec).toHaveBeenCalledWith(
       'gpg',
-      ['--import', '--batch', privateKeyFile],
-      {cwd: privateKeyDir}
+      expect.anything(),
+      expect.anything()
     );
 
-    expect(fs.existsSync(privateKeyDir)).toBe(false);
+    expect(fs.existsSync(privateKeyFile)).toBe(false);
   }, 100000);
 
   it('does not import gpg private key when private key is not set', async () => {
@@ -196,6 +197,6 @@ describe('auth tests', () => {
       expect.anything()
     );
 
-    expect(fs.existsSync(privateKeyDir)).toBe(false);
+    expect(fs.existsSync(privateKeyFile)).toBe(false);
   }, 100000);
 });

dist/index.js

@@ -2881,8 +2881,8 @@ const core = __importStar(__webpack_require__(470));
 const io = __importStar(__webpack_require__(1));
 const exec = __importStar(__webpack_require__(986));
 exports.M2_DIR = '.m2';
+exports.TEMP_DIR = process.env['RUNNER_TEMP'] || '';
 exports.SETTINGS_FILE = 'settings.xml';
-exports.PRIVATE_KEY_DIR = '.keys';
 exports.PRIVATE_KEY_FILE = 'private-key.asc';
 exports.DEFAULT_ID = 'github';
 exports.DEFAULT_USERNAME = 'GITHUB_ACTOR';
@@ -2900,12 +2900,7 @@ function configAuthentication(id = exports.DEFAULT_ID, username = exports.DEFAUL
         yield write(settingsDirectory, exports.SETTINGS_FILE, generate(id, username, password, gpgPassphrase));
         if (gpgPrivateKey !== exports.DEFAULT_GPG_PRIVATE_KEY) {
             console.log('importing gpg key');
-            const privateKeyDirectory = path.join(os.homedir(), exports.PRIVATE_KEY_DIR);
-            yield io.mkdirP(privateKeyDirectory);
-            core.debug(`created directory ${privateKeyDirectory}`);
-            yield write(privateKeyDirectory, exports.PRIVATE_KEY_FILE, gpgPrivateKey);
-            yield importGpgKey(privateKeyDirectory, exports.PRIVATE_KEY_FILE);
-            yield remove(privateKeyDirectory);
+            yield importGPG(gpgPrivateKey);
         }
     });
 }
@@ -2958,9 +2953,13 @@ function remove(path) {
         return io.rmRF(path);
     });
 }
-function importGpgKey(directory, file) {
+function importGPG(gpgPrivateKey) {
     return __awaiter(this, void 0, void 0, function* () {
-        return exec.exec('gpg', ['--import', '--batch', file], { cwd: directory });
+        yield write(exports.TEMP_DIR, exports.PRIVATE_KEY_FILE, gpgPrivateKey);
+        yield exec.exec('gpg', ['--import', '--batch', exports.PRIVATE_KEY_FILE], {
+            cwd: exports.TEMP_DIR
+        });
+        yield remove(path.join(exports.TEMP_DIR, exports.PRIVATE_KEY_FILE));
     });
 }
 

src/auth.ts

@@ -6,8 +6,8 @@ import * as io from '@actions/io';
 import * as exec from '@actions/exec';
 
 export const M2_DIR = '.m2';
+export const TEMP_DIR = process.env['RUNNER_TEMP'] || '';
 export const SETTINGS_FILE = 'settings.xml';
-export const PRIVATE_KEY_DIR = '.keys';
 export const PRIVATE_KEY_FILE = 'private-key.asc';
 
 export const DEFAULT_ID = 'github';
@@ -46,15 +46,7 @@ export async function configAuthentication(
 
   if (gpgPrivateKey !== DEFAULT_GPG_PRIVATE_KEY) {
     console.log('importing gpg key');
-    const privateKeyDirectory: string = path.join(
-      os.homedir(),
-      PRIVATE_KEY_DIR
-    );
-    await io.mkdirP(privateKeyDirectory);
-    core.debug(`created directory ${privateKeyDirectory}`);
-    await write(privateKeyDirectory, PRIVATE_KEY_FILE, gpgPrivateKey);
-    await importGpgKey(privateKeyDirectory, PRIVATE_KEY_FILE);
-    await remove(privateKeyDirectory);
+    await importGPG(gpgPrivateKey);
   }
 }
 
@@ -110,6 +102,10 @@ async function remove(path: string) {
   return io.rmRF(path);
 }
 
-async function importGpgKey(directory: string, file: string) {
-  return exec.exec('gpg', ['--import', '--batch', file], {cwd: directory});
+async function importGPG(gpgPrivateKey: string) {
+  await write(TEMP_DIR, PRIVATE_KEY_FILE, gpgPrivateKey);
+  await exec.exec('gpg', ['--import', '--batch', PRIVATE_KEY_FILE], {
+    cwd: TEMP_DIR
+  });
+  await remove(path.join(TEMP_DIR, PRIVATE_KEY_FILE));
 }