From 03e8acbdf9730c677892bbcc3fb187fc91a5bee6 Mon Sep 17 00:00:00 2001 From: Cezary Kierzyk Date: Wed, 27 Nov 2024 17:15:34 +0100 Subject: [PATCH] add signing commits to workflows and actions --- .github/workflows/_branchpreview-create.yml | 2 ++ .github/workflows/_branchpreview-delete.yml | 2 ++ create-branchpreview/action.yml | 17 +++++++++++++++++ delete-branchpreview/action.yml | 16 ++++++++++++++++ 4 files changed, 37 insertions(+) diff --git a/.github/workflows/_branchpreview-create.yml b/.github/workflows/_branchpreview-create.yml index 202f59d..9cc2165 100644 --- a/.github/workflows/_branchpreview-create.yml +++ b/.github/workflows/_branchpreview-create.yml @@ -63,6 +63,8 @@ jobs: argo-sync-user-token: ${{ secrets.ARGO_SYNC_USER_TOKEN }} git-commit-author: ${{ secrets.AUTOCOMMIT_AUTHOR }} git-commit-email: ${{ secrets.AUTOCOMMIT_EMAIL }} + git-commit-gpg-key-b64: ${{ secrets.AUTOCOMMIT_GPG_KEY_B64 }} + git-commit-gpg-key-fingerprint: ${{ secrets.AUTOCOMMIT_GPG_KEY_FINGERPRINT }} hard-refresh: 'true' post-frontend-url: '${{ inputs.post-frontend-url }}' pull-request-number: '${{ inputs.pull-request-number }}' diff --git a/.github/workflows/_branchpreview-delete.yml b/.github/workflows/_branchpreview-delete.yml index f99b6cb..ff0f7c7 100644 --- a/.github/workflows/_branchpreview-delete.yml +++ b/.github/workflows/_branchpreview-delete.yml @@ -36,3 +36,5 @@ jobs: argo-sync-user-token: ${{ secrets.ARGO_SYNC_USER_TOKEN }} git-commit-author: ${{ secrets.AUTOCOMMIT_AUTHOR }} git-commit-email: ${{ secrets.AUTOCOMMIT_EMAIL }} + git-commit-gpg-key-b64: ${{ secrets.AUTOCOMMIT_GPG_KEY_B64 }} + git-commit-gpg-key-fingerprint: ${{ secrets.AUTOCOMMIT_GPG_KEY_FINGERPRINT }} diff --git a/create-branchpreview/action.yml b/create-branchpreview/action.yml index c188141..ce701da 100644 --- a/create-branchpreview/action.yml +++ b/create-branchpreview/action.yml @@ -29,6 +29,12 @@ inputs: git-commit-email: description: 'Git commit email when pushing to branchpreviews repository' required: true + git-commit-gpg-key-b64: + description: base64 encoded signing key + required: true + git-commit-gpg-key-fingerprint: + description: fingerprint of gpg key + required: true image: description: 'Full docker image in format of host/repo:tag' required: true @@ -118,11 +124,22 @@ runs: echo "all-base64=${all_base64}" >> $GITHUB_OUTPUT # yamllint enable rule:line-length + - name: Configure signing key + shell: bash + # yamllint disable rule:line-length + run: | + echo ${{ inputs.git-commit-gpg-key-b64 }} | base64 -d > key.gpg + gpg --import key.gpg + rm key.gpg + git config --global user.signingkey $(echo ${{ inputs.git-commit-gpg-key-fingerprint }} | tail -c 17) + # yamllint enable rule:line-length + - name: Commit branchpreview change uses: EndBug/add-and-commit@v9.1.1 with: author_name: '${{ inputs.git-commit-author }}' author_email: '${{ inputs.git-commit-email }}' + commit: -S # yamllint disable-line rule:line-length message: 'Upsert ${{ inputs.repository-name }}:${{ inputs.branch-name }} with image tag: ${{ steps.start-branchpreview.outputs.image-tag }}' add: '["*.yaml","*.txt"]' diff --git a/delete-branchpreview/action.yml b/delete-branchpreview/action.yml index 3dfd8c1..61cfb6c 100644 --- a/delete-branchpreview/action.yml +++ b/delete-branchpreview/action.yml @@ -30,6 +30,12 @@ inputs: git-commit-email: description: 'Git commit email when pushing to branchpreviews repository' required: true + git-commit-gpg-key-b64: + description: base64 encoded signing key + required: true + git-commit-gpg-key-fingerprint: + description: fingerprint of gpg key + required: true runs: using: "composite" @@ -79,6 +85,16 @@ runs: '${{ inputs.repository-name }}' \ '${{ inputs.branch-name }}' + - name: Configure signing key + shell: bash + # yamllint disable rule:line-length + run: | + echo ${{ inputs.git-commit-gpg-key-b64 }} | base64 -d > key.gpg + gpg --import key.gpg + rm key.gpg + git config --global user.signingkey $(echo ${{ inputs.git-commit-gpg-key-fingerprint }} | tail -c 17) + # yamllint enable rule:line-length + - name: Commit deletion of the branchpreview uses: EndBug/add-and-commit@v9.1.1 with: