From e2ca8d85a23b1dfc271ad4821e47c71533735bda Mon Sep 17 00:00:00 2001 From: Cezary Kierzyk Date: Mon, 25 Nov 2024 17:26:30 +0100 Subject: [PATCH] add commit signing --- .github/actions/deploy/action.yaml | 25 +++++++++++++++++-- .../workflows/build-and-deploy-to-devnet.yaml | 4 +++ .../build-and-deploy-to-mainnet.yaml | 4 +++ .../build-and-deploy-to-testnet.yaml | 4 +++ 4 files changed, 35 insertions(+), 2 deletions(-) diff --git a/.github/actions/deploy/action.yaml b/.github/actions/deploy/action.yaml index eeda42b3f4..51579d5c4e 100644 --- a/.github/actions/deploy/action.yaml +++ b/.github/actions/deploy/action.yaml @@ -4,6 +4,18 @@ inputs: image_tag: description: Tag of the docker image to be deployed required: true + autocommit-gpg-key-b64: + description: base64 encoded signing key + required: true + autocommit-gpg-key-fingerprint: + description: fingerprint of gpg key + required: true + autocommit-author: + description: Commit author + required: true + autocommit-email: + description: Commit author's mail + required: true github_token: required: true environment: @@ -41,13 +53,22 @@ runs: cd aleph-apps/aleph-zero-dashboard/overlays/${{ inputs.environment }}/eu-central-1 kustomize edit set image "aleph-zero-dashboard-image-placeholder=${{ env.DEPLOY_IMAGE }}" + - name: Configure signing key + shell: bash + run: | + echo ${{ inputs.autocommit-gpg-key-b64 }} | base64 -d > key.gpg + gpg --import key.gpg + rm key.gpg + git config --global user.signingkey $(echo ${{ inputs.autocommit-gpg-key-fingerprint }} | tail -c 17) + - name: GIT | Commit changes to aleph-apps repository uses: EndBug/add-and-commit@v5.1.0 env: GITHUB_TOKEN: ${{ inputs.github_token }} with: - author_name: AlephZero Automation - author_email: alephzero@10clouds.com + author_name: ${{ inputs.autocommit-author }} + author_email: ${{ inputs.autocommit-email }} + commit: "-S" message: 'Updating aleph-zero-dashboard ${{ inputs.environment }} docker image tag: ${{ inputs.image_tag }}' add: '*.yaml' cwd: 'aleph-apps' diff --git a/.github/workflows/build-and-deploy-to-devnet.yaml b/.github/workflows/build-and-deploy-to-devnet.yaml index a03739ae8f..cfbd65421e 100644 --- a/.github/workflows/build-and-deploy-to-devnet.yaml +++ b/.github/workflows/build-and-deploy-to-devnet.yaml @@ -43,6 +43,10 @@ jobs: with: environment: devnet kustomize_version: ${{ vars.KUSTOMIZE_VERSION }} + autocommit-author: ${{ secrets.AUTOCOMMIT_AUTHOR }} + autocommit-email: ${{ secrets.AUTOCOMMIT_EMAIL }} + autocommit-gpg-key-b64: ${{ secrets.AUTOCOMMIT_GPG_KEY_B64 }} + autocommit-gpg-key-fingerprint: ${{ secrets.AUTOCOMMIT_GPG_KEY_FINGERPRINT }} image_tag: ${{ needs.build-and-push.outputs.image_tag }} github_token: ${{ secrets.CI_GH_TOKEN }} diff --git a/.github/workflows/build-and-deploy-to-mainnet.yaml b/.github/workflows/build-and-deploy-to-mainnet.yaml index e6b794ebc4..0e4ddee0f0 100644 --- a/.github/workflows/build-and-deploy-to-mainnet.yaml +++ b/.github/workflows/build-and-deploy-to-mainnet.yaml @@ -40,6 +40,10 @@ jobs: with: environment: mainnet kustomize_version: ${{ vars.KUSTOMIZE_VERSION }} + autocommit-author: ${{ secrets.AUTOCOMMIT_AUTHOR }} + autocommit-email: ${{ secrets.AUTOCOMMIT_EMAIL }} + autocommit-gpg-key-b64: ${{ secrets.AUTOCOMMIT_GPG_KEY_B64 }} + autocommit-gpg-key-fingerprint: ${{ secrets.AUTOCOMMIT_GPG_KEY_FINGERPRINT }} image_tag: ${{ needs.build-and-push.outputs.image_tag }} github_token: ${{ secrets.CI_GH_TOKEN }} diff --git a/.github/workflows/build-and-deploy-to-testnet.yaml b/.github/workflows/build-and-deploy-to-testnet.yaml index 7bffc89dba..d73c13da64 100644 --- a/.github/workflows/build-and-deploy-to-testnet.yaml +++ b/.github/workflows/build-and-deploy-to-testnet.yaml @@ -40,6 +40,10 @@ jobs: with: environment: testnet kustomize_version: ${{ vars.KUSTOMIZE_VERSION }} + autocommit-author: ${{ secrets.AUTOCOMMIT_AUTHOR }} + autocommit-email: ${{ secrets.AUTOCOMMIT_EMAIL }} + autocommit-gpg-key-b64: ${{ secrets.AUTOCOMMIT_GPG_KEY_B64 }} + autocommit-gpg-key-fingerprint: ${{ secrets.AUTOCOMMIT_GPG_KEY_FINGERPRINT }} image_tag: ${{ needs.build-and-push.outputs.image_tag }} github_token: ${{ secrets.CI_GH_TOKEN }}