Skip to content

Allow Commit Signing #39

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 9, 2024
Merged

Allow Commit Signing #39

merged 1 commit into from
Sep 9, 2024

Conversation

RoseSecurity
Copy link
Contributor

what

Important

This pull request is a work in progress as I would love to see this feature but do not want to encroach on any work from the CloudPosse team. If this PR is not on the right track, feel free to close at your will

why

  • Provides an interface for teams to sign component updater commits
  • The following is an example of how this could be leveraged to sign component updater commits:
name: "atmos-components"

on:
  workflow_dispatch: {}

  schedule:
    - cron:  '0 8 * * 1'         # Execute every week on Monday at 08:00

permissions:
  contents: write
  pull-requests: write

jobs:
  update:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Import GPG Key
        run: |
          echo "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --batch --import
          git config --global user.signingkey ${{ secrets.GPG_KEY_ID }}
          git config --global commit.gpgSign true

      - name: Update Atmos Components
        uses: cloudposse/github-action-atmos-component-updater@v2
        with:
          github-access-token: ${{ secrets.GITHUB_TOKEN }}
          max-number-of-prs: 5
          include: |
            aws-*
            eks/*
            bastion
          exclude: aws-sso,aws-saml
        env:
          GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }}

@RoseSecurity RoseSecurity marked this pull request as ready for review August 27, 2024 19:39
@goruha goruha self-assigned this Aug 28, 2024
@goruha goruha changed the base branch from main to add-signed-commits September 9, 2024 20:49
@goruha goruha merged commit 53d37eb into cloudposse:add-signed-commits Sep 9, 2024
7 of 9 checks passed
@goruha goruha mentioned this pull request Sep 9, 2024
Merged
goruha added a commit that referenced this pull request Sep 10, 2024
@goruha @RoseSecurity
Add GPG Key ID (#39) (#40)
4679b89 
* Add GPG Key ID (#39)

* Update action.yml

---------

Co-authored-by: RoseSecurity <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@goruha goruha

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@RoseSecurity @goruha