-
Notifications
You must be signed in to change notification settings - Fork 265
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added support for ssh signed commits and completed gpg signed commit work #710
Conversation
e0534a2
to
50e5a05
Compare
Hey @dlactin, thanks for this PR. I was wondering what the value-add for this would be, because Argo CD would not be able to validate those commits signed by SSH just yet? |
Hey @jannfis, in our case we require signed commits on our infrastructure repositories. So we are unable to have image updater commit to any of our protected branches without this change. Adding commit signing capability to image updater will allow verified commits to the target repo, commit validation with ArgoCD would be a bonus when that feature is available. |
Thanks for the clarification, @dlactin. The feature makes sense to me, then. Also, I guess with Source Verification Policies hopefully coming to Argo CD, we could as well integrate verification of SSH signatures and Image Updater would already know how to do sign using SSH then. +1 from me for this feature. Please give us some time to review. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I got a couple of comments, PTAL.
acc51ad
to
04cf492
Compare
Just as a heads up, this is good to go. Waiting for #737 to be merged, then we'd need to rebase this one on top of the Git client changes. It shouldn't be too much work though. |
Hey, not a problem! I won't have time to finish this up until sometime next week so feel free to resolve them if you'd like! Otherwise I'm happy to pick this back up later. |
…work Signed-off-by: Dustin Lactin <[email protected]>
…ed commit function and documentation Signed-off-by: Dustin Lactin <[email protected]>
04cf492
to
4ce19f2
Compare
…mmit-signing-method Signed-off-by: Dustin Lactin <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome, thank you so much @dlactin, and also thank you @chengfang for the additional review!
LGTM.
Signed-off-by: Renaud Subiger <[email protected]>
Signed-off-by: Dustin Lactin <[email protected]>
) Signed-off-by: Renaud Subiger <[email protected]>
Building upon the work done in PR 428 to add support for SSH signed commits.
Updated Documentation to include instructions and examples for adding an SSH signing key along with links to repository provider documentation for setting up commit verification.
Updated deployment to include volumes for SSH key secrets and the respective volume mounts.