common/rpm/rpm-verifysign/action.yaml

name: rpm-verifysign
description: "Verify the signature a given .rpm file with a given .gpg key."
inputs:
  file:
    description: "File to verify."
    required: true
  gpgKey:
    description: "GPG public key to check with. Can be a file or raw key."
    required: true
runs:
  using: "composite"
  steps:
  - run: cp -f ${{ github.action_path }}/verify_file.sh _verify_file.sh
    shell: bash
  - name: "Verify file."
    uses: act/common/distros/rockylinux@master
    with:
      args: bash "_verify_file.sh" "${{ inputs.file }}" "${{ inputs.gpgKey }}"
  - run: rm _verify_file.sh
    shell: bash