-
Notifications
You must be signed in to change notification settings - Fork 2
/
entrypoint.sh
executable file
·47 lines (42 loc) · 1.74 KB
/
entrypoint.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
#!/bin/bash -l
SIGUL_PASS_FILE=/etc/sigul/sigul-pass
# Use values passed in from the calling workflow to create needed files
echo "$SIGUL_IP" "$SIGUL_URI" >> /etc/hosts
mkdir -p /etc/sigul
echo "$SIGUL_CONF" > /etc/sigul/client.conf
echo "$SIGUL_PASS" > $SIGUL_PASS_FILE
# Extract sigul config
cd "$HOME" || exit 1
gpg --batch --passphrase "${SIGUL_PASS}" -o sigul.tar.xz -d <<< "${SIGUL_PKI}"
tar Jxf sigul.tar.xz
# Any future use of $SIGUL_PASSWORD needs to have it null terminated
sed -i 's/$/\x0/' "${SIGUL_PASS_FILE}"
cd "$GITHUB_WORKSPACE" || exit 1
if [ "$SIGN_TYPE" = "sign-data" ]; then
# Read lines from SIGN_OBJECT until we run out
while read -r filename && [[ -n "$filename" ]]; do
# If the object includes a wildcard, we need to parse the file list
if [[ $filename =~ \* ]]; then
for wcfile in $filename; do
# Don't sign directories or symlinks
if [[ ! -f $wcfile ]]; then
continue
fi
echo "Signing $wcfile"
sigul --batch "$SIGN_TYPE" -o "$wcfile.asc" "$SIGUL_KEY_NAME" \
"$wcfile" < "${SIGUL_PASS_FILE}"
chmod 644 "$wcfile.asc"
done
else
echo "Signing $filename"
sigul --batch "$SIGN_TYPE" -o "$filename.asc" "$SIGUL_KEY_NAME" \
"$filename" < "${SIGUL_PASS_FILE}"
chmod 644 "$filename.asc"
fi
done <<< "${SIGN_OBJECT}"
elif [ "$SIGN_TYPE" = "sign-git-tag" ]; then
git remote add github "https://${GH_USER}:${GH_KEY}@github.com/${GITHUB_REPOSITORY}"
git fetch --tags
sigul --batch "$SIGN_TYPE" "$SIGUL_KEY_NAME" "$SIGN_OBJECT" < "${SIGUL_PASS_FILE}"
git push -f github "$SIGN_OBJECT"
fi