Add quality workflow, build info, README

Author: hf

.github/workflows/quality.yaml

@@ -0,0 +1,18 @@
+name: Quality
+
+on: pull_request
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-java@v2
+        with:
+          distribution: microsoft
+          java-version: 11
+          cache: gradle
+      - run: |
+          set -x
+
+          ./gradlew --no-daemon jar

.github/workflows/release.yaml

@@ -22,17 +22,18 @@ jobs:
           set -x
 
           ./gradlew --no-daemon jar distZip
-          
+
           docker run \
             -v $(pwd)/build:/build \
             -w /build \
             -t ghcr.io/graalvm/native-image \
             --no-fallback \
+            --enable-http \
             --enable-https \
             -jar "libs/kmspgp-$GITHUB_RELEASE_NAME.jar" \
-          "kmspgp-$GITHUB_RELEASE_NAME-linux-amd64"
-          
+            "kmspgp-$GITHUB_RELEASE_NAME-linux-amd64"
+
           gh release upload "$GITHUB_RELEASE_NAME" \
             "build/distributions/kmspgp-$GITHUB_RELEASE_NAME.zip" \
             "build/libs/kmspgp-$GITHUB_RELEASE_NAME.jar" \
-            "build/kmspgp-$GITHUB_RELEASE_NAME-linux-amd64"
+            "build/kmspgp-$GITHUB_RELEASE_NAME-linux-amd64"

README.md

@@ -1,11 +1,14 @@
 # KMS for PGP/GPG
 
 This tool allows you to use [AWS KMS][aws-kms] asymmetric keys as if they were
-PGP/GPG keys.
+PGP/GPG keys. (Only for signatures for now.)
 
 This can be useful if you have CI/CD pipelines signing code or artifacts and
 you don't wish to do all the hassle of proper cryptographic key management.
 
+It's also useful if you wish to use AWS CloudHSM keys via the KMS API for
+PGP/GPG operations.
+
 ## How to use?
 
 Download the latest release from the Github Releases page. Since this is a Java
@@ -49,7 +52,7 @@ project specify the following configuration:
 
 ```
 git config --local gpg.program <PATH-TO-KMSPGP>
-git config --local user.signingkey <KMS-KEY-ID>
+git config --local user.signingkey <KMS-KEY-ARN>
 git config --local commit.gpgsign true
 git config --local tag.forceSignAnnotated true
 ```

build.gradle

@@ -65,7 +65,7 @@ task("generateBuildInfo") {
 
     def fileWriter = new FileWriter(file)
 
-    fileWriter.write("object BuildInfo { val version = \"${determineVersion()}\" }")
+    fileWriter.write("object BuildInfo {\n  val version = \"${determineVersion()}\"\n  val commit = \"${System.getenv("GITHUB_SHA") ?: "<snapshot>"}\"\n}")
     fileWriter.flush()
     fileWriter.close()
 }

src/main/kotlin/me/stojan/kmspgp/cli/CLI.kt

@@ -5,6 +5,7 @@ import com.github.ajalt.clikt.core.subcommands
 
 object CLI {
     val version = BuildInfo.version
+    val commit = BuildInfo.commit
 
     fun run(args: Array<String>) = Root()
         .run {

src/main/kotlin/me/stojan/kmspgp/cli/Version.kt

@@ -5,5 +5,6 @@ import com.github.ajalt.clikt.core.CliktCommand
 class Version(val root: Root) : CliktCommand(help = "Get the version.") {
     override fun run() {
         echo(message = "Version: ${CLI.version}")
+        echo(message = "Commit:  ${CLI.commit}")
     }
 }

src/main/kotlin/me/stojan/kmspgp/crypto/PGP.kt

@@ -40,7 +40,7 @@ object PGP {
                     throw UnsupportedOperationException("ECDSA public key of type '${pubRes.customerMasterKeySpecAsString()}' has SubjectPublicKeyInfo which does not start with 0x04, see https://datatracker.ietf.org/doc/html/rfc5480#section-2.2")
                 }
 
-                BigInteger(this, 1, size - 1)
+                BigInteger(this)
             }
         )