Added many, many more actions.

rpm/rpm-verifysign/action.yaml

@@ -0,0 +1,20 @@
+name: rpm-verifysign
+description: "Verify the signature a given .rpm file with a given .gpg key."
+inputs:
+  file:
+    description: "File to verify."
+    required: true
+  gpgKey:
+    description: "GPG public key to check with. Can be a file or raw key."
+    required: true
+runs:
+  using: "composite"
+  steps:
+  - run: cp -f ${{ github.action_path }}/verify_file.sh _verify_file.sh
+    shell: bash
+  - name: "Verify file."
+    uses: act/common/distros/rockylinux@master
+    with:
+      args: bash "_verify_file.sh" "${{ inputs.file }}" "${{ inputs.gpgKey }}"
+  - run: rm _verify_file.sh
+    shell: bash

rpm/rpm-verifysign/verify_file.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+#Importing gpg key via cli
+#https://d.sb/2016/11/gpg-inappropriate-ioctl-for-device-errors
+FILE="$1"
+GPG_KEY="$2"
+TMP_KEY_PATH="/tmp_key.gpg"
+
+if [[ ! -f "$GPG_KEY" ]]; then
+    cat <<EOF > "$TMP_KEY_PATH"
+$GPG_KEY
+EOF
+    GPG_KEY="$TMP_KEY_PATH"
+fi
+
+#Only seems to import files, not STDIN.
+#gpg --import does not work with 'rpm -K'
+rpm --import "$GPG_KEY"
+rm -f "$TMP_KEY_PATH"
+
+rpm -K $FILE
+
+exit $?