From f59ad6ccef2f74f6fff72fdfe0980a79950de3c9 Mon Sep 17 00:00:00 2001 From: Adrien Kantcheff Date: Thu, 15 Feb 2024 14:45:03 +0100 Subject: [PATCH] feat(action): add initial version --- .github/dependabot.yml | 11 +++++++++++ .github/workflows/ci.yml | 37 +++++++++++++++++++++++++++++++++++++ README.md | 19 +++++++++++++++++++ action.yml | 36 ++++++++++++++++++++++++++++++++++++ 4 files changed, 103 insertions(+) create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/ci.yml create mode 100644 action.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..87a11ac --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,11 @@ +version: 2 +updates: + - package-ecosystem: github-actions + directory: / + schedule: + interval: weekly + groups: + actions-minor: + update-types: + - minor + - patch diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..9b4eb28 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,37 @@ +name: Continuous Integration + +on: + pull_request: + push: + branches: + - main + +permissions: + contents: read + +jobs: + test-action: + name: GitHub Actions Test + runs-on: ubuntu-latest + + steps: + - name: Checkout + id: checkout + uses: actions/checkout@v4 + + - name: Create dummy file + run: | + echo 'Hello World' > test-file.txt + + - name: Test Local Action + id: test-action + uses: ./ + with: + keeper-secret-config: ${{ secrets.KSM_CONFIG }} + + - name: Commit + run: | + git add . + git commit -m "Test verified commit" + git show --show-signature + git verify-commit HEAD diff --git a/README.md b/README.md index 3105958..7347b83 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,21 @@ # git-setup-action Configure Git user with signing key for Github Actions + +## Input + +| Name | Description | +| ------------------------ |---------------------------------------------------------| +| `keeper-secret-config` | The Keeper Secret Manager configuration | + +## Usage + +```yaml +jobs: + setup-git: + runs-on: ubuntu-latest + steps: + - name: Setup Git Settings + uses: bonitasoft/git-setup-action@TAGNAME + with: + keeper-secret-config: ${{ secrets.KSM_CONFIG }} +``` diff --git a/action.yml b/action.yml new file mode 100644 index 0000000..fda57b8 --- /dev/null +++ b/action.yml @@ -0,0 +1,36 @@ +name: Setup Git Settings +description: Composite GitHub Action to configure Git to sign commits with CI technical user +inputs: + keeper-secret-config: + description: The Keeper Secret Manager configuration + required: true + +runs: + using: composite + steps: + - name: Retrieve Artifactory secrets from Keeper + uses: Keeper-Security/ksm-action@master + with: + keeper-secret-config: ${{ inputs.keeper-secret-config }} + secrets: | + kE5H6L68vUluOHvClGRl9A/custom_field/gpg-private-key > env.GPG_PRIVATE_KEY + kE5H6L68vUluOHvClGRl9A/custom_field/gpg-passphrase > env.GPG_PASSPHRASE + + # commit author's name and email are set automatically with those associated to GPG key + - name: Import GPG key + id: import-gpg + uses: crazy-max/ghaction-import-gpg@v6 + with: + gpg_private_key: ${{ env.GPG_PRIVATE_KEY }} + passphrase: ${{ env.GPG_PASSPHRASE }} + git_user_signingkey: true + git_commit_gpgsign: true + git_tag_gpgsign: true + + - name: GPG user IDs + shell: bash + run: | + echo "fingerprint: ${{ steps.import-gpg.outputs.fingerprint }}" + echo "keyid: ${{ steps.import-gpg.outputs.keyid }}" + echo "name: ${{ steps.import-gpg.outputs.name }}" + echo "email: ${{ steps.import-gpg.outputs.email }}"