From 01ba8d557a1a66d58ceec4f4b8f6ea30581a4dce Mon Sep 17 00:00:00 2001 From: Marek Counts Date: Wed, 2 Oct 2024 08:54:52 -0400 Subject: [PATCH] DEVOPS-271: Feat/gpg tests and examples (#6) * add gpg, rpm and deb examples * added test files --- .github/workflows/sign-deb-example.yaml | 20 ++++++++++++++++++++ .github/workflows/sign-file-example.yaml | 23 +++++++++++++++++++++++ .github/workflows/sign-rpm-example.yaml | 22 ++++++++++++++++++++++ tests/test-1.0-2.noarch.rpm | Bin 0 -> 6409 bytes tests/test.deb | Bin 0 -> 630 bytes 5 files changed, 65 insertions(+) create mode 100644 .github/workflows/sign-deb-example.yaml create mode 100644 .github/workflows/sign-file-example.yaml create mode 100644 .github/workflows/sign-rpm-example.yaml create mode 100644 tests/test-1.0-2.noarch.rpm create mode 100644 tests/test.deb diff --git a/.github/workflows/sign-deb-example.yaml b/.github/workflows/sign-deb-example.yaml new file mode 100644 index 0000000..83f3f36 --- /dev/null +++ b/.github/workflows/sign-deb-example.yaml @@ -0,0 +1,20 @@ +name: GPG sign DEB +on: workflow_dispatch +jobs: + security: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@master + + - name: setup GPG + uses: ./shared-workflows/devops/setup-gpg + with: + gpg-private-key: ${{ secrets.GPG_SECRET_KEY }} + gpg-public-key: ${{ secrets.GPG_PUBLIC_KEY }} + gpg-key-pass: ${{ secrets.GPG_PASS }} + gpg-key-name: "aerospike-inc" + + - name: GPG sign deb # gpg sign and verify deb packages + run: | + dpkg-sig --sign builder tests/*.deb + dpkg-sig --verify tests/*.deb diff --git a/.github/workflows/sign-file-example.yaml b/.github/workflows/sign-file-example.yaml new file mode 100644 index 0000000..eac031f --- /dev/null +++ b/.github/workflows/sign-file-example.yaml @@ -0,0 +1,23 @@ +name: GPG sign file +on: workflow_dispatch +jobs: + security: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@master + + - name: setup GPG + uses: ./shared-workflows/devops/setup-gpg + with: + gpg-private-key: ${{ secrets.GPG_SECRET_KEY }} + gpg-public-key: ${{ secrets.GPG_PUBLIC_KEY }} + gpg-key-pass: ${{ secrets.GPG_PASS }} + gpg-key-name: "aerospike-inc" + + - name: GPG sign artifacts # Signing other artifacts + env: + GPG_TTY: no-tty + GPG_PASSPHRASE: ${{ secrets.GPG_PASS }} + run: | + gpg --detach-sign --no-tty --batch --yes --output README.md.asc --passphrase "$GPG_PASSPHRASE" README.md + gpg --verify README.md.asc README.md diff --git a/.github/workflows/sign-rpm-example.yaml b/.github/workflows/sign-rpm-example.yaml new file mode 100644 index 0000000..c3f7c16 --- /dev/null +++ b/.github/workflows/sign-rpm-example.yaml @@ -0,0 +1,22 @@ +name: GPG sign RPM +on: workflow_dispatch +jobs: + security: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@master + + - name: setup GPG + uses: ./shared-workflows/devops/setup-gpg + with: + gpg-private-key: ${{ secrets.GPG_SECRET_KEY }} + gpg-public-key: ${{ secrets.GPG_PUBLIC_KEY }} + gpg-key-pass: ${{ secrets.GPG_PASS }} + gpg-key-name: "aerospike-inc" + + - name: Sign and check rpm # gpg sign and verify rpm packages + # your rpm here + run: | + rpm --addsign tests/*.rpm + rpm --checksig tests/*.rpm + diff --git a/tests/test-1.0-2.noarch.rpm b/tests/test-1.0-2.noarch.rpm new file mode 100644 index 0000000000000000000000000000000000000000..4897ce5bd95a44897530f0beca8343065cb0da12 GIT binary patch literal 6409 zcmeI0Ux-vy9LLY>O#WGu6qVK_x{2R}k_)9+bpGAhOS5xl@10q9 zg<#Dk2qB~%vYreQj4)p|SOO_3q(FLz9)f!C!BQhFMZ(P5e!rPxijTc^4}0c&Kj-&5 zzjN;IoSB8+r4KHDUnJ1xS}JRm%?d4Bi2tb-$US$@d;P?Pf*zYs$dVa&ejGYJzX!U6 zkiufndC;+eZ(%7Y@<5l17eGtU>zaQ7h54ij9p)E*1x5Q5beLcK4HWIuU^ZOtafb>| zNoHDR6a=n_l;z8SQW{BLxwcY@Q=7;r3QXY%=`ul0E96!{d8jyN!ig9QY-zH9I{~*G z8Zu?O9uHh9L_{Os4uymTVcD^p8)&#e$FMc?<@OD*rP+=t|Hw0tXCTi&o`F0A zc?R+fi%0lQ^e?j{t&Hb7$gO;E-HDjFx7H7^H+Jrt%vAz!5xpg8}C zw%-qm{zpO4-Uo{IdwLQ?hSKBv%;{4}9aX!XHenImd%^Vc>gZaXEQuC;0r8(7%e(1kX zb6xYK<`yWv&tXtpudVr3{>FiEKS#UvWp8Rbo+qro>@+CGKdbp1DEj}T`A1NQU+mX> zv1>1`M;;_t-y~4qBo-MSi8BNKn1O=^Yc}h#V68Z5kSIxwCKE5QTHL7h_V)G)b_%_c9;pi5%*yw2ja*OFT|~uCP|Cj z^>MqxT**>VNtvo@S#e8z9<-BSUcw z(sz4oC!4G%tmB+*W#ejRs-k#efY=pUamprfDjrn1QM;d}50|35G%nxia6db3!CeLM z0`9YtjdX5PMI?=gRC(N}lB#NnDk<-+)4EGK0*f?PC_~em~W`|A& z2RH9tdgiI^>%Ttx%`S3i&H3}k#*VG2omDXm=`zu$M zy_S9WZsD_2@2~#qM)NI`(y6_2RnPLXd{cYTl~>=G_hQ3eurR%LZEW!~!^5RV4;ILD KS{j;#WB&*F0i*K( literal 0 HcmV?d00001 diff --git a/tests/test.deb b/tests/test.deb new file mode 100644 index 0000000000000000000000000000000000000000..a0d5255e4a16680e9442d2c1da0b9a477b4651d8 GIT binary patch literal 630 zcmY$iNi0gvu;WTeP0CEn(@o0EODw8XP*5;5H!?RjGBdU?RZuVh@?oT*fq|KciGl(U zK|unSk)8opa(-S(QGSkINn(*+RdESH{YJ(>gTWwyOJl44Uxo}(c7{(r8gd1mw;#;) zRLOM{@;BS+_pfLP7uT5+9J4R@^IuqOrCA}wv-?ZjiN!s$i)YR1mlTq*uFfuCo0fJ| z>rLEmt%KFeGPiLo*|g4EZQuC~a&xYkO#b?8W@F{S%vV;E+tTyPj#T#UuiVC=&bUA+ z^^l2ueCy|Y`^mm54v91hO%a#zz8jzc-a_~PDn`?WR|w{SiOJ7 zm%gK({Ey6)SM#oAt&i_{d6832 z;e(fwml403)e75)YkjL8X7VO4n51xCW&+Fa^#%)APpw-e$?OrL`uNq-v~35@3TPy3 mSmh}9rcr&e+E)d(1+Ox>9y46{r+>WTZ8e8VLuSLzFLwZ)u