Merge pull request #32 from umlaeute/feature/positive-feedback

gh-action: give some feedback whether the submission was correctly signed

.github/workflows/join.yml

@@ -30,8 +30,13 @@ jobs:
           echo "KEY: ${key}"
           echo "fetching GPG key from keyring.debian.org..."
           gpg --homedir mygpg --keyserver keyring.debian.org --recv-keys "$key"
+          debuser=$(gpg --homedir mygpg -k ${key} | grep "@debian.org>" | sed -e 's|.*<\([^@]*\)@debian.org>.*|\1|')
+          echo "USER: ${debuser}"
           echo "verifying the signature..."
           gpg --homedir mygpg --verify file.txt
+          echo "::set-output name=DEBUSER::${debuser}"
+    outputs:
+      deb-username: ${{ steps.gpg-check.outputs.DEBUSER }}
 
   decline:
     name: Decline membership
@@ -48,3 +53,21 @@ jobs:
 
             Therefore this issue is closed automatically.
             If you feel that this is unwarranted (e.g. because the auto-closing :robot: has a bug), please leave a comment.
+
+  debuser:
+    name: Debian user
+    runs-on: ubuntu-latest
+    needs: ["keycheck"]
+    if: "${{ needs.keycheck.outputs.deb-username != '' }}"
+    steps:
+    - name: Post username
+      env:
+        DEBUSERNAME: ${{ needs.keycheck.outputs.deb-username }}
+      uses: peter-evans/create-or-update-comment@v2
+      with:
+        issue-number: ${{ github.event.issue.number }}
+        body: |
+          Your membership application was correctly PGP signed with a key that is in the Debian keyring :tada:,
+          and you were were identified via your debian.org email as Debian user `${{ needs.keycheck.outputs.deb-username }}`.
+
+          Please stay tuned until some human administrator accepts your application.