Skip to content

please add me to this organization #21

please add me to this organization

please add me to this organization #21

Workflow file for this run

name: Check Join Requests
on:
issues:
types: [opened]
jobs:
keycheck:
name: Check requirements
if: contains(github.event.issue.labels.*.name, 'auto join')
runs-on: ubuntu-latest
steps:
- name: Check signature of join request
id: gpg-check
env:
DATA: ${{ github.event.issue.body }}
run: |
echo "${DATA}" > file.txt
sed -e '0,/^```plain text$/d' -e '/```$/,$d' -i file.txt
rm -rf mypgp
mkdir -v -m 0700 mygpg
gpg --homedir mygpg --verify --status-fd 1 file.txt 2>/dev/null || true
# 0: success
# 2: no public key
echo "extracting GPG key ID..."
key=$(gpg --homedir mygpg --verify --status-fd 1 file.txt 2>/dev/null | awk '{if ($2 == "ERRSIG") print $9; else if ($2 == "VALIDSIG") print $3}')
echo "KEY: ${key}"
echo "fetching GPG key from keyring.debian.org..."
gpg --homedir mygpg --keyserver keyring.debian.org --recv-keys "$key"
debuser=$(gpg --homedir mygpg -k ${key} | grep "@debian.org>" | sed -e 's|.*<\([^@]*\)@debian.org>.*|\1|')
echo "USER: ${debuser}"
echo "verifying the signature..."
gpg --homedir mygpg --verify file.txt
echo "::set-output name=DEBUSER::${debuser}"
outputs:
deb-username: ${{ steps.gpg-check.outputs.DEBUSER }}
decline:
name: Decline membership
if: always() && (needs.keycheck.result == 'failure')
runs-on: ubuntu-latest
needs: ["keycheck"]
steps:
- name: Close issue
uses: peter-evans/close-issue@v2
with:
comment: |
It seems that the membership application was either not PGP signed at all, or signed with a key that is not currently in the Debian keyring (as offered by https://keyring.debian.org).
The [Debian GitHub](https://github.com/Debian) organization is intended for [Debian Developers (DD)](https://wiki.debian.org/DebianDeveloper).
Therefore this issue is closed automatically.
If you feel that this is unwarranted (e.g. because the auto-closing :robot: has a bug), please leave a comment.
debuser:
name: Debian user
runs-on: ubuntu-latest
needs: ["keycheck"]
if: "${{ needs.keycheck.outputs.deb-username != '' }}"
steps:
- name: Post username
env:
DEBUSERNAME: ${{ needs.keycheck.outputs.deb-username }}
uses: peter-evans/create-or-update-comment@v2
with:
issue-number: ${{ github.event.issue.number }}
body: |
Your membership application was correctly PGP signed with a key that is in the Debian keyring :tada:,
and you were were identified via your debian.org email as Debian user `${{ needs.keycheck.outputs.deb-username }}`.
Please stay tuned until some human administrator accepts your application.