-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaction.yml
65 lines (55 loc) · 2.19 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
name: "Setup Common Fate CLI"
description: "GitHub Action to install and configure the Common Fate CLI"
branding:
icon: arrow-down-circle
color: gray-dark
inputs:
version:
description: "The CLI version to install"
required: true
default: "1.16.0"
oidc-client-id:
description: "The OIDC client ID to authenticate with"
required: true
oidc-client-secret:
description: "The OIDC client secret to authenticate with"
required: true
oidc-issuer:
description: "The OIDC issuer to authenticate with"
required: true
api-url:
description: "The Common Fate API URL"
required: true
runs:
using: "composite"
steps:
- name: Download 'cf' CLI
shell: bash
env:
CLI_VERSION: ${{ inputs.version }}
run: |
cd ${{ github.action_path }}
KEY_FPATH=common-fate-signing-key.asc
# import the Common Fate signing key
gpg --import $KEY_FPATH
# extract the public key ID
KEY_ID=$(gpg --list-packets <"$KEY_FPATH" | awk '$1=="keyid:"{print$2;exit}')
# mark the key as trusted
(echo 5; echo y; echo save) |
gpg --command-fd 0 --no-tty --no-greeting -q --edit-key "$KEY_ID" trust
curl -OL releases.commonfate.io/cf/v${CLI_VERSION}/cf_${CLI_VERSION}_linux_x86_64.tar.gz
# verify the CLI signature (see: https://docs.commonfate.io/granted/security)
curl -OL releases.commonfate.io/cf/v${CLI_VERSION}/checksums.txt
curl -OL releases.commonfate.io/cf/v${CLI_VERSION}/checksums.txt.sig
shasum -a 256 -c checksums.txt --ignore-missing
gpg --verify ./checksums.txt.sig
sudo tar -zxvf ./cf_${CLI_VERSION}_linux_x86_64.tar.gz -C /usr/local/bin/
- name: Export environment variables to configure the CLI
shell: bash
run: |
echo "CF_OIDC_CLIENT_ID=${{ inputs.oidc-client-id }}" >> $GITHUB_ENV
echo "CF_OIDC_CLIENT_SECRET=${{ inputs.oidc-client-secret }}" >> $GITHUB_ENV
echo "CF_OIDC_ISSUER=${{ inputs.oidc-issuer }}" >> $GITHUB_ENV
echo "CF_API_URL=${{ inputs.api-url }}" >> $GITHUB_ENV
echo "CF_ACCESS_URL=${{ inputs.api-url }}" >> $GITHUB_ENV
echo "CF_CONFIG_SOURCES=env" >> $GITHUB_ENV