From 2198c24da39f5a90304b15c112e2de958422e11a Mon Sep 17 00:00:00 2001 From: Adrian Dvergsdal Date: Fri, 17 Jul 2020 00:51:46 +0200 Subject: [PATCH] Improved github actions --- .github/actions/git-verify-ref/Dockerfile | 13 ++ .github/actions/git-verify-ref/action.yml | 6 + .github/actions/git-verify-ref/entrypoint.sh | 60 ++++++ .../git-verify-ref/public-keys/atmoz.asc | 179 ++++++++++++++++++ .github/workflows/docker-image.yml | 28 +-- 5 files changed, 265 insertions(+), 21 deletions(-) create mode 100644 .github/actions/git-verify-ref/Dockerfile create mode 100644 .github/actions/git-verify-ref/action.yml create mode 100755 .github/actions/git-verify-ref/entrypoint.sh create mode 100644 .github/actions/git-verify-ref/public-keys/atmoz.asc diff --git a/.github/actions/git-verify-ref/Dockerfile b/.github/actions/git-verify-ref/Dockerfile new file mode 100644 index 0000000..f9f8c00 --- /dev/null +++ b/.github/actions/git-verify-ref/Dockerfile @@ -0,0 +1,13 @@ +FROM debian:buster-slim + +RUN apt update && \ + apt install -y git gnupg && \ + rm -rf /var/lib/apt/lists/* + +#RUN apk add --no-cache git gnupg + +COPY ./public-keys/atmoz.asc /tmp/atmoz.asc +RUN gpg --import /tmp/atmoz.asc + +COPY ./entrypoint.sh / +ENTRYPOINT ["/entrypoint.sh"] diff --git a/.github/actions/git-verify-ref/action.yml b/.github/actions/git-verify-ref/action.yml new file mode 100644 index 0000000..7b3d15e --- /dev/null +++ b/.github/actions/git-verify-ref/action.yml @@ -0,0 +1,6 @@ +name: 'Verify git ref' +description: 'Verify GPG signed commits or tags' + +runs: + using: 'docker' + image: 'Dockerfile' diff --git a/.github/actions/git-verify-ref/entrypoint.sh b/.github/actions/git-verify-ref/entrypoint.sh new file mode 100755 index 0000000..fa79f83 --- /dev/null +++ b/.github/actions/git-verify-ref/entrypoint.sh @@ -0,0 +1,60 @@ +#!/bin/bash +set -eo pipefail + +# Git reference +ref="${1:-HEAD}" + +# Number of required signatures +required="${2:-"1"}" + +# Options passed to git +git_options="${*:3}" + + +# GitHub Actions fix +if [ "$HOME" == "/github/home/" ]; then + cp -r /root/.gnupg /github/home/ +fi + +# Show imported public keys +gpg --list-keys --keyid LONG + +# Check signatures +raw_gpg_status=$( + # shellcheck disable=SC2086 + git $git_options verify-commit --raw "$ref" 2>&1 + tags="$(git tag --points-at "$ref")" + + if [ -n "$tags" ]; then + # shellcheck disable=SC2046,SC2086 + git $git_options verify-tag --raw $tags 2>&1 + fi +) + +goodsig=0 +readarray -t status_line <<<"$raw_gpg_status" +# read -r -a info <<<"$status" +for status in "${status_line[@]}"; do + #readarray -t -d" " info <<<"$status" + read -r -a info <<<"$status" + + case "${info[1]}" in + "GOODSIG") + echo "Verified signature from ${info[2]}" + ((goodsig++)) || true + ;; + + "NO_PUBKEY") + echo "WARNING: Missing public key for ${info[2]}" + ;; + esac +done + +echo "RESULT: Found $goodsig good signatures" + +if [ "$goodsig" -lt "$required" ]; then + echo "FAIL: Not enough signatures ($required was required)" + exit 1 +else + exit 0 +fi diff --git a/.github/actions/git-verify-ref/public-keys/atmoz.asc b/.github/actions/git-verify-ref/public-keys/atmoz.asc new file mode 100644 index 0000000..434781e --- /dev/null +++ b/.github/actions/git-verify-ref/public-keys/atmoz.asc @@ -0,0 +1,179 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFnfpzIBEAC5rEA7zyYl8JdcXowGzFquerQBhFEJkH2fiJ544v/9pCkkaCIv +5tqSWDHAL2mbhh6Y5wVJtXuOGzPgJXd1zl8H88NlZpUInOyPtgLpy6Mr7H/0VzS6 +U6+SusR4u8Mwi+glNuVCFla7N0WsnWCK9sLo1hhvpFRoDY0cRPE8TnlhU5WO30b6 +g64yeZEqSIApgPftDolfDprtO4ah3br6bGLyfwOfOODPV4Aqn347WX8o0afP5gHp +ogG2xHdwk2beLXR9CSnS1RiMQw/zthXb6aP5w3BpwevN5MHWx3wfatceyfhTACst +LcliiOXLJvlvUiOL4W+vwkKp9v1N4aEDq4fPlEfE9Fh8YpN6/AHAafaxqfLaDLGn +Grm2GGWSKlWcyfqfKd3RyAIXVnBv3ceg5331vRGtW17bKKzoRgPRJwqRM+0QfSX/ +rqPDjoJTmmlI2NWfdtYmarbGn3ipGFdm4zCEG6tDAYHUMti+ynC3mXaoH9G7KH6r +7TI3Q4EETYbS9+QV+EfV4cEaJ/m9lHyPqAgcUHSd+MpdJVMqpRDSac8xD0Oixo8I +fIfWIOMbMTgrE4xmA5DHdET2Htj8LE8ayQQ7sr1XIMuEHmCTMdZ+zf/7Lfja/pwZ +/qc8lWOBYCC+kPUf3B3TLhdyWPO7yW0g9jGd+2Pqg3o4KRgekAyFT8HSKQARAQAB +tCJBZHJpYW4gRHZlcmdzZGFsIDxwcml2YXRAYXRtb3oubm8+iQI3BBMBCgAhBQJZ +4disAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJELn7aPmPiLpHgggQAIgT +tp5ilnAR5pXUXmObN8gTf469jLphiClTlxr05dVp+yknZ8JhA5fEmbzf1OIzyc0K +P7hz91Lh2f7a4+OygSSyKHh8TwmCcYDM607NBd6oSF8H1XPOsZgJ+e0Wp5gGPB9M +7LsCB4oopUcdqk5Zp4tlUWNDqmfQ1ZEztxSFCXXY/bSHDaOTSJUZ8IMPpll/190q +pMSglwQrbKd+ifCl4CC8nPkdmkV/4anMQtKoHL+dATueRbMrZgKq/LRyRzi1g3Wl +x03HJLyWDp2zB+4Ls68fuCUNTcmOyLqKhFbTbPUeE+98adxHuMKYSmjVH4O2u14y +ForfUWZT6gk4PnSOnEV8/+hgmTnKwYHHZqIET2u644fcmDhDUsg61C8FBGFLFzxr +ClGzScx9TyyZFBwpMnxbRnDpNzwVTEH9HZkvFnssBFMzTxSrFawpim/alcDbSXw5 +FA0ab9SFhIGHIYTOykJxniGLTxRlUdtR4IX9ceVUrt+2UlafTpzhVhvQzlBgWGYn +S1NvQoXDmJoB2EESUisLvRDqloFrL7Cr4ymedJ/hxviq5LALdxtgC1edx6rIeM+Q +HhgC1Tl+zkZIKLyEFf6VLOVxuLgIarD0RTfrYgybWLt8dL1H8/Oh7gsSFfOKiePV +OIi7wcunphY5WCYFQHzuPoPYs0TmhHIIVf1ydLuaiQI6BBMBCgAkAhsDBQsJCAcD +BRUKCQgLBRYCAwEAAh4BAheABQJZ4dpiAhkBAAoJELn7aPmPiLpHBE0QAK6OswjU +88DrGiB2hIKMvuGeuJOJYXWY14x/y16fUWd78VjIoFp+Jjn4S3bHHlCEIAkp/zg4 +Ay44N6YaojrsuiU8/G5YR1rG5w1Or+lHEDBea8fDzMqarZWE09qXWK7xUP8ry68l +nXeBxS/walH574FlvBDXal/2JythxpXmZfiGwSubFsNIwlC8a+jAizqKLEwqFeis +FmR5AwwgCNaOAIXa+0DRuvocDfOksGINW/JX05HuDIrDEyJIT5cXPEy509kLOs+9 +wggwV/wiJ5gqtTbPmMzha2eQlZYeERiGy9d/vBQmt+qLOyO3sremx5G5evuVx4ne +IVFLHf0xW2wqadHvERA1lczxFXkXkVtOdb4UE3AoAiHOG/w1N6Bwhki2oOIpCeid +3ajc4Q/mwVOrGE3FtwapBMUrbaGORRtWQr4KEawkyiRqdTR5GNu3mgp5Zx4XD/FK +a6st2ouRc4VL+Gmf/eNTtwNOFS2Gc7nDGiwjylaxHR+yB57Ud9ReN4LyyWBogS0m +rpVph75YeIM7bSLrWK8RnmW4gXE/NQg3KKKY+KpkNXDOaGi6F9fxa33jpAXztrJ4 +q+Onud2ogj3DmhT0gBabZaOsSo/Lf/WMug078C3A+1sedF6HxQxNkQc5XYWNrBGM +1ZugxljvXA9LyFhMCH3asAnuHRnxKoGqGpwWtCxBZHJpYW4gRHZlcmdzZGFsIDxn +aXRodWIuY29tQGtvbnRvLmF0bW96Lm5vPokCNwQTAQoAIQUCWeHY0wIbAwULCQgH +AwUVCgkICwUWAgMBAAIeAQIXgAAKCRC5+2j5j4i6R2ZQD/9VHcQanmR4BP9Q64jS +/iVhh361ehgOHf8c/k4rtYt9WQD7pw0Ff8lgWqrNzXhoF7ymSsfm59XBueIzBfF+ +5S+mT5G0uUpLY2x70A8Pj6/KCtzq0+gnqri6OeGwDPOlvXlNbU/0UY/mgjP9LcBp +xIfaTe37tBTv40TIl52bDavVAiSmeBc7SfC1qlmagWsL0O+c6lP2UM9Ac36w+YvB +8uC/xOTP68oJRlgIEIqYjvIO+suXp22qf541yWbC5Ti/ZhBySODmvjcH9CAVzNDh +1OkKdXgnvnwwvYeeQG8YX8GmVhYsVKdS0fzaZWuL7jQrufXS8iByz7JRRfY46hws +OGM4YveI+qIgnQkPz4z6KNv0U6ZPdvkEAV7USPlYkcIB7DBAvyGlwh1SAr1TRaFd +tYJyfHgK5tWlfZ5a4dgJOkCms8GwEwCHavHBNan/Mb5q9kxWmrKaqpJbHzvHjJqf +TyDaH5jrkNdWI57DlzqDRAxBubcFy4YBwqKYitesMtKXaVY5Iy1b9fiedELxFfcA +Zd/ECR7j793aT09ZGLyu+BgGYHhC3OGgCg0cXJXjMsIUxG498EjOOc5gueieRHBM +2Vbngks4Ho0HOoXgwxei1+TWdU3tdTkx8AmbhF0KEGCC4rAvQ5vaI1FDzJ5xxKph +/uX0bYYTfpHmYn57lFF5t2TWt7kCDQRZ36fRARAAvAEgU0w28ZEu4Rk0DK8J6wSs +ZjPMVecvo1JGs0TEZ6YkxF6RT9BkUApSy2/P35qpy1of7wkWOumYY1EFVDEdZ3Zo +tLQORoifLnBSyTdUFsHlpKC3VRW5JWaT85wWmF3D+u4uAtW05XlHe1j/2b+5iPmm ++p/erMDCY70DIlXqFestvvnmMCr98lKGzpvtPjSKVkMVTqjsGowFKROe5UQoCGaZ +u/KF93gh26iHhmLhQmnA5354dCbLaZlmZLyQKv4ADWQxJXW1z5d6yG7yJAWoFJS7 +YL4KENgspKE57l+v/N/LtcV2SrT5NbQTVM6JsGf4zTIFetekb3i8EppUE/ElJBM9 +yUXIXpnp31/Fn4barHVOVsPawWdl+9wgdV/Ctij2EKVgDFEnc8FEPKQdieVC5Twb +017lPuyQCjiq97nL5YcFMFt6Ul/1xrXFO+UwwIV12D3zmH6Kof+OKwtchjGKsF94 +UEs7Gp4h2MuTt3VsHQoJW9xXU36IHu7QKWa/4hGkDVcqqhoKeo4E4U41pBX3S764 +Kbp2TpMK2bzQgg6WSwBKBhNf1ufAHzcYUDtGr28+3mP1IKWhhkVUwFOFx66Ijk0E +PG/OMQUCjIZUhxmW5mQR1w0cy28L2+kEFlk3n+UbZjjK8d6vmLHL9efmY8zBWCMG +Vhcgr8raVnUcUIEvkh0AEQEAAYkEPgQYAQoACQUCWd+n0QIbAgIpCRC5+2j5j4i6 +R8FdIAQZAQoABgUCWd+n0QAKCRDB6eLZVSpC0m8RD/0ffPYTbNHsmKCcxvB0ShDo +MO7l3ikkOv+VJfseWPtZvvB8n9MPanKhCw5o79F+1WF7x5P0CSSFDB8Edr2gDhbh +rAdRi2ZAbTHES/IT5MK/pHUHz0zQ+F9WuHvINFowHuj/s1u/euXbjM355iyV0c6s +JrbJGh6PN/2uzQyH3i9UX2E/5kCN0ajgLAyYvFWEWqEMrUX5qLXVRKRM8Qh7VTR0 +l2D6bXPFl2pfbABTbs4qZb04rK8BUvd8mSCSxejLZc13skdW3BkhCkBsU2rrF6gn +zQ9PFqG2QkIWQ4U3obLk/kVs8e9MNK+v7Tg3TgTloH2/dP4/eEk6dv8pQZf10IVl +LfM5LA1hb3Du66YSumB5e5/LVHRg9YNSeyr0W0LpHcXL/tL1jGwaYYOAkF/GKtAr +fq6N5niyZOU1sJGR1QRCJRNLiFjtV7u6MO5C985++qobI0FrU2VYkJ7ZqvvIS1zZ +JXD+c/KGV7PZ+QFq/dsOXdVBDyiWyIRKLIHWutvtfZ/RempdFSvtA/LVm/QFspxc +oU+4f+4TjaSTEcc4HjD1G6sib9bblChrcF3L3CeMkX4Q8CylHu3FFWGS9tPZaaA2 +hAYwlQyaZpEp0OvPgllAATpzqrjNgWf+UvtUe7iG4Ft73YPzzY6KHlELFz/0521o +H3V0zK+4SsK8e9Wz7IVOvWQaD/41ka4eHnFqfE8K4hhTydyZqo3MvMaUJHKorY2h +FMweCysF2ksDztTSFdJWKb37hRz02gmRRD635EzvRhU2DAxnRuw7H7Ec4UqFaWeA +EKylHqxSbaHZJ8E2L3dpI81E5l5IQSnSZaIf9GkG4iF7Mnt89Lk3xeHF6t6fb8Zq +XYX5CCCWXYlPifmSa7f8SWU7dTs9Qmh08mx8OFoZpGIjGVf0JpaSuUwcsmFxJA/n +0ntgvE/MsXSRvTuL+tV12ScCNJjZqxa4owW0mhnCYV1z1DuM5v/IHsBSCn4uX+fU +o5UjhNrOmfAHh4cfKFCDfvVvZxWAxa8kn2kU0qiX16lx9epHlibaxogb0f0l5A8w +n5WKt+ca+IobS2JSqevOb9Q5f1jy3G8oMO1axO7wpw1dsa5FI2qDYyxixUkzTP92 +BoDmIdk3yyWZUymfL1rcGjD8lDi9WGYIjf9aCS471DtjGItwjwhMS/4j58l/YrM+ ++z90ukvRe/GVSZD9p2Ovn/Ohun3VMIJuRHgDFE/ot3BstoTWceWrTMn6i8B7I1Oy +K9fhBnC7mOdHhvBBSR0EY5ICeOH4Lm79R4U2I/6NT3yFw2+XqXvgkPD0Z0KyTPHr +900N5qD64Dj26/o7B1iAHFbF9YQ92IevEcjs1R7xbp0No6A8SeZl57MmCpVK/ikB +ItkEgIkEWwQYAQoAJgIbAhYhBIOEYNDL0mdQqybfj7n7aPmPiLpHBQJfC2irBQkG +aCjaAinBXSAEGQEKAAYFAlnfp9EACgkQweni2VUqQtJvEQ/9H3z2E2zR7JignMbw +dEoQ6DDu5d4pJDr/lSX7Hlj7Wb7wfJ/TD2pyoQsOaO/RftVhe8eT9AkkhQwfBHa9 +oA4W4awHUYtmQG0xxEvyE+TCv6R1B89M0PhfVrh7yDRaMB7o/7Nbv3rl24zN+eYs +ldHOrCa2yRoejzf9rs0Mh94vVF9hP+ZAjdGo4CwMmLxVhFqhDK1F+ai11USkTPEI +e1U0dJdg+m1zxZdqX2wAU27OKmW9OKyvAVL3fJkgksXoy2XNd7JHVtwZIQpAbFNq +6xeoJ80PTxahtkJCFkOFN6Gy5P5FbPHvTDSvr+04N04E5aB9v3T+P3hJOnb/KUGX +9dCFZS3zOSwNYW9w7uumErpgeXufy1R0YPWDUnsq9FtC6R3Fy/7S9YxsGmGDgJBf +xirQK36ujeZ4smTlNbCRkdUEQiUTS4hY7Ve7ujDuQvfOfvqqGyNBa1NlWJCe2ar7 +yEtc2SVw/nPyhlez2fkBav3bDl3VQQ8olsiESiyB1rrb7X2f0XpqXRUr7QPy1Zv0 +BbKcXKFPuH/uE42kkxHHOB4w9RurIm/W25Qoa3Bdy9wnjJF+EPAspR7txRVhkvbT +2WmgNoQGMJUMmmaRKdDrz4JZQAE6c6q4zYFn/lL7VHu4huBbe92D882Oih5RCxc/ +9OdtaB91dMyvuErCvHvVs+yFTr0JELn7aPmPiLpH6mcP/j3u+1Fmypx/mD5ZdddK +lBThSVEf66qCuGL8oDOWwo4ayGYS7yARSrcM+QsqA6gcZnLiDO1Z7N6gRNGPHagL +ZgeTpZv4LibxJXW950QMTZaLfmvkywhoGnrsSxSFRH5SGXoMwrOEze7dW3XvvKNO +2wY0V8PQ8Io/eIAzXCBxMVs7x/alLd2580/JcsfyN3nMTYN9mMq3JE/gSN/Lqv8/ +heQEkqUiNcMq0r0XcepvpGfKGVQCu556KtqBBkUguN5URv8tQc/i7/q3Nbeng9C4 +CXmF0I/Nib6PRULmzZloUS2r6o80lDvtAEv/LW91d0mKfox0rhtWTUWHGqe73MRf +CmtNLh69J/RofAjgV0WRJ4xG36nge2vL5ZKj3aMd+UVKCfwnTX5u2HY5BHpkHQe1 +iNf73m2DKNXs/E90Cxm5nJYOGja4GGgvDkhvWN6kSWzbAbSe24yY3OxESayTjlvl +E6flL4DMUJhNuO6RgHXaz6ThppmHoGzffchrd4MjBQmVMHKdCohXmQa9FGPSQdwd +Tylj9nxBQJQj4i/sc23dEnijoy2BCMVQ3xQiZpm3PcxaWuMLfbEB0W/5SogptZPM +lhLJq+ODETk+gIDhP0Xbnp/bzXv3GQaxbYa4jMln/oZa1TMGSHWa8yqxUTWgd48X +paUv/wFZvnmlK9SlKJUwoB4luQINBFnfqcQBEADYie2FXmyiqwh5ki61HAt83c+r +EjA0/PDKHLb9T7c2FzUnl8x9cgXLysvLSaYAIn5BVKMU3Dxmb8BWoLbmkuYjq0LQ +Poi/IPJqIYK62+dLNYzPRbNsvE9IWvcF93VKph9iFTnzzmGL4abChZhm2cvmY7Xf +vlCgIR7fT6MocyooIWqhNmb5k0hpxliEnZ0yHkf2Qwn5+XdBpcmUnv70w9Zn6lvD +XlIWdW1qFelOMvWLUg1Ezz6NAS1pKAqlo4ejIZSTLeRXVumate03MtmxpUUS0Hre +UxdOp68u7bL9Is3c6gtltT+wr7UUlZHRjrz21BrDlaCXZB+YDF9Jy1AIZ41P/Mo8 +ihw1TUHNKG6e9VD6PoNCFI++YqO+S5YQTwHVIgDyVPET+MlGPtY1H1H0/NQ7+yW+ +wOSBtnbBznPwMZ2ZuKyST0zqw1BguZXKNitfVVcVImLW84YMqvvpeczHSJ/FNFww +YWLNiafEyHAWkyUkXFKj2Ar46k7XAsYEU9HlDg32QUKDspvNNUZMdRVcouFoX030 +vSCh6Dnq4/M93juaPBfQu3xc3PSg1bYKNtDHF4OktxYpF2QC+hL3uFleKTEC3J9F +kYB1Oetg4/jNV+f1tFLvweA7Gg8Ab1KK+oNhtc++asIkVyVl+aqf+KPMS/T2Nw4Z +0uG+AW3i0YiHqedIQwARAQABiQIfBBgBCgAJBQJZ36nEAhsMAAoJELn7aPmPiLpH +3vUQAItC4Yea1hCohob1iWYON37cmjShnIig4LcQ2GEgT52YRc9HPIfJWJQkpS3s +GMyJGK9wQPdCmp4o2yvDym00cKYkwiFpFP1ZHkVc7rBaSnS1HK9uMcdCEW80b/Cq +SgegbbabVGpGZp4Yen4g0GcaRY5hJYVnH6ROyPNuqPwLZlvJyRXCGspqxruZyYyI +wiplrwuUCRjm0gj8/OvHS1Wkofs5BQPzNN1PXa4k0DbVhxTHjgh4v0zWbu0GavxG +58vWWpf0CZ6QN8MJBaO+8NKa9TbPxkzkEH5W9hnQp9Fjo6T2XRI8X85o+xX1syZs +nWfymKaWQdwkW6oZOmVApas/BMrgGWpdS3QBJqppiiU6uY9ST96fmkqKF5dfoSpg +WEnrBMucdk4s4kfgG0nTfJV4yf8kTgKG6YuzNYP05pJRtssA7/l8THlpT09ZXkmK +SGrnR/8LmfW0z4cvLCcwxF7DzeCG+3mKuPW1TAmpPG1jFEeAorcOiXbI39pBtvPL +N79/2e/F9ljH0TTlE4zcQDVX5yHvS1ir146ewlqsIaFe/j0H/L3mcHM5EuQ1qSUA +VHdJoOieUtNmePIOyhMC8GucrUjFTL+K72zd2OYiW4Mmd7/QDnUvcG2oa7aYkGNs +7qBg7+StYhPWcqKNasFl8efq69fBR2hSkw09VN7B2Q1EQkUTiQI8BBgBCgAmAhsM +FiEEg4Rg0MvSZ1CrJt+Pufto+Y+IukcFAl8LaL8FCQZoJucACgkQufto+Y+Iukft +0g//SM5uwxazoM0a3dDBhx66xDeDfWxri6IdJohlQb2wnKUYbEtHRkclcxTyU0cM +whHkMn+aR2yU2OlHMiDH4zby/kgraaaypu994jQVyVcobNPqRgbazrwQ9t672ATc +v0dwTww/Se7SzN+ksEI/Xi2WYj4F8wkDcFs97UAYEqcEJkZdU+0KtCUCnYOHE0bv +FnVhOXaBomn5OCXjDLJvbY2twvRw6BHkqYTLbx5WIhNYuKRSNSHVBxqXBAUJrAjR +zXVdUT6Lh8OdZSU0bHy3An0R94nA7mq9ujwXHpV7xR/zJ55hCxdP53fjvJxyBIGU +SW08rJnu/SLd+pdTwoA73D2C5AizITyeKhiqqq3pP6OynMWYQTfFkRDtsE3/cwPd +rKjY7qaaf/70nRlKHvxMUet0mhVp+2TCFAE+4gvVLhYtm8vG5vQiPZQsMLIAq2Qf +ah4IxQGFK4hYX2vdpvKIHg8N8lnkUF/6kA36IpiXEPxKxV5lbWewdJN2i1IGPYnZ +W7UEp42TJOzdMR0FU7QYQYp628hjClhQnK792pgI5eDqbnYGebSpxLaXSGPEp5zx +wagouzyrGfC0bGM1O0RpoIAeWPS/WBgGL+eLBPyxQqzz3etMzKvryw2544pHxOfN +a4Kz2JqpRaonPjiWki4a7pzUA5AqH5B/bqhH1LupnpPNJQm5Ag0EWd+p/QEQAK8b +3P0G7/wzR0duZA96wZdoj9faG1BJq2D9ZzpzyFpXF59r1H0dQ0p3ALDsW4lhGl5O +0kgQ9yWfA8nhw4Zwl04d8Kj7paXGx+P3xiI0jkHBM+YsaiFC7zDPr2Azw1cmDsDB +4TZlIsMWRPJLkmGWkZZe53FovNuAm+YJJ3afx3hQwXArNA10cYLVw4rC48HLxb0w +dmTSkU56P6T9cmHMae7qvlPZKTZxmb1eIAjUAvI7Rxl60skSNUmvry6NsNE8Cokd +12SSO8Y8xz3nwQXY9pEujiCUosOt9zbTAN4AB+lDkyvDMt26z+h5D8B//df1xi1O +AYFsaLHepDF3T4d4UFsECYb7LUGpQxgUii9pEToebdIWVdmtcn1yWV/MXogB8EeS +tgAldwfhjU4BM8RuH+pMPyx7tRIwNtNXgQ5uQ23QLg/shGAbRHPSzVb0eTS86xdh +PD6WgkzVwwMBCs5enMVjGYnuCaFA2G+df8yBk+ZT6QrxjTduG5Qzmy1ngxXLUj7z +49Gokzf5IwlKs6h1urxN5kVIO3kPHp7FUo1MM4GVt5JxHDDgQA0dLFTBV9ihN/V8 +b9HenRFgD5Yc1K0grtA+gyM1avztOjxx+MzIbHfW7RQKYAWFOeXzH76h8c1hK2TV +1EpCRDmcNWXoAnbleEgz9tDGA7k8rx4gft+UupABABEBAAGJAh8EGAEKAAkFAlnf +qf0CGyAACgkQufto+Y+IukcXmA/7BnLjNcFTWqskvbbKR3P3FCL0usa2vmKGWDcb +F8HDYynly7u+ysIotFtxdu1Kz3ziQw7MbH2B5uCd5PPkEhVaXKxeheIlBhcu43xb +HYtCBzUuEnBsO0112YbUgmrOyfW+4E3LRi2fis2DQ7inCxDj0APbdpAF6Nm97Kix ++V4iOs6WCWl7LG37+hnyB4Zd8yFS8Zspatdf8oZ5ML7ZYpN1i6LPhRgbjHhtBo7A +qIoTyCIjNw9q0zU1D00nhOvqzZ/6sVcfZL+SOm5Hjg6Fz1j5AB3tx0eoPEPWWjxz +a+lYIvUivbtr4OBUe0Hu1NRqjxvtpQn2JNRyjD65dFPDQsVcsmH6dXhUI2jgoOO5 +uxB1Cra0rc1cBBPEvcZ7i9uxEj4nz89Qd500yBOZA7UyP0rU07fvpKLboLJ3VHBm +JJg3eqmfC+Z6cbSp8VA+KccIbeVaO6ra+HY4cRUVFvhzBrmkqDqQ08fJYdwVOLFP +sIa8Wm8jW8BCG2RfjVAEegX9ul+CBdRbgEHeFRpYOSx4Yz5DdOU3II9fAmhS/mhX +/9NwWbwyrZ8C+PgdQ51+TPEpjKBSq4xS0Rg4I7xrKe9KwKACi4F1Xdu6ji85yZzO +8aOJWDeMCJZ1lGrw2ppz7LU5yQ3DDQV8sY5qwM+6OGXtmhaiQxbBmgXH8MFiBk7J +U6W8AL2JAjwEGAEKACYCGyAWIQSDhGDQy9JnUKsm34+5+2j5j4i6RwUCXwtowAUJ +BmgmrgAKCRC5+2j5j4i6R2F6D/46AbJxE9Dh1bEcmmZ4RMannWATK8Mbw/DTDOXN +xX4gj2aWkFtD2cRPILvzoq30R9sYhx0iJxoK/0Ewx3Rk5o/6ckdT2BZ3RJYpFl0d +piz6G8B4J1JhWXt/4t204/iLOC7dk3DHMEQXmaKjaxNHu5mAc9A8lBlxPRf0DtgP +HHw9jDHotpR/x2wYBBhGwkiNhFGVayRL1Ouyk46U56Ca8y3TZ5sTeUnVhiuyDTDk +biwHgPe6jVzj2f0nYnkEDX9Mnva9tB7xCmWhkbVe/BvT2RLODsT+nShIjwVBP3Bl +vqsTjwEh/ZFIYLeizjBfcBNlh4FthILou3u7WaLRL+dObctq6qzsm8EuSBvkjHDA +JnTIEhOKQRTJ4KvLeuCJh/X7zlWM9q+7zrc1zB8rhIpfDkRYxde7MJbqSU2Ldbs6 +XkdLs+qYGPNu+tRk/9CJt/NoiuPT30BKDSHzi2KahCnN9DYAlgz4SkTh3MnDlLov +FGroFDCOGy5pUUlok6F2LJ5pkg4QfRqEO/408WdlGKz02aE98Ft6i7pkVUpMa8bH +SEugQcE3WcXDNxzbpZSxrxtW6B73b63E45rJltz2A2qRZgL07f4wC9IIHx8maN2E +nz002JC8K182bWHVc8yvxnCYC6+Ko3rD2joQwBEGpDScz73WhLDzvRKdz4hwyDN/ +dFqBkw== +=4DZp +-----END PGP PUBLIC KEY BLOCK----- diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 6be3164..e91168d 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -6,12 +6,7 @@ on: push: pull_request: -env: - GPG_KEY_FINGERPRINT: "838460D0CBD26750AB26DF8FB9FB68F98F88BA47" - jobs: - # Run tests. - # See also https://docs.docker.com/docker-hub/builds/automated-testing/ test: runs-on: ubuntu-latest @@ -21,28 +16,19 @@ jobs: fetch-depth: 0 submodules: true - # Only allow commits signed by owner - - name: Verify commit signature - run: | - verify_head() { - ( git verify-commit --raw HEAD || git verify-tag --raw $(git tag --points-at HEAD) ) 2>&1 \ - | grep -e VALIDSIG | grep -q "$1" - } + - name: Verify signature + uses: ./.github/actions/git-verify-ref - if verify_head "$GPG_KEY_FINGERPRINT"; then - echo "Verified signature from $GPG_KEY_FINGERPRINT" - else - echo "Missing signature by $GPG_KEY_FINGERPRINT" - exit 1 - fi + - name: Run ShellCheck + uses: ludeeus/action-shellcheck@master + with: + ignore: tests/shunit2 - name: Run tests run: tests/run - # Push image to GitHub Packages. - # See also https://docs.docker.com/docker-hub/builds/ push: - # Ensure test job passes before pushing image. + if: ${{ github.event_name == "push" && github.ref == "master" }} needs: test runs-on: ubuntu-latest