This commit is contained in:
parent
03e9e6bc40
commit
97879670c1
GPG key ID:
E46B5FEA35B22FF9
1 changed files with 36 additions and 33 deletions
|
|
@ -62,22 +62,6 @@ jobs:
|
||||||
uses: {{.ServerURL}}/actions/goscan@main
|
uses: {{.ServerURL}}/actions/goscan@main
|
||||||
`
|
`
|
||||||
|
|
||||||
type OpenPGPEntity struct {
|
|
||||||
*openpgp.Entity
|
|
||||||
}
|
|
||||||
|
|
||||||
func (e *OpenPGPEntity) Sign(message io.Reader) ([]byte, error) {
|
|
||||||
|
|
||||||
signatureBuffer := bytes.NewBuffer(nil)
|
|
||||||
if err := openpgp.DetachSignText(signatureBuffer, e.Entity, message, nil); err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
return signatureBuffer.Bytes(), nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Sign(message io.Reader) ([]byte, error)
|
|
||||||
|
|
||||||
// daemonCmd represents the daemon command
|
// daemonCmd represents the daemon command
|
||||||
var daemonCmd = &cobra.Command{
|
var daemonCmd = &cobra.Command{
|
||||||
Use: "daemon",
|
Use: "daemon",
|
||||||
|
|
@ -100,7 +84,7 @@ var daemonCmd = &cobra.Command{
|
||||||
DefaultCipher: packet.CipherAES256,
|
DefaultCipher: packet.CipherAES256,
|
||||||
}
|
}
|
||||||
|
|
||||||
var pgpEntity OpenPGPEntity
|
var pgpEntity *openpgp.Entity
|
||||||
|
|
||||||
if _, err := os.Stat(os.Getenv("HOME") + "/keyring.pgp"); err != nil {
|
if _, err := os.Stat(os.Getenv("HOME") + "/keyring.pgp"); err != nil {
|
||||||
if errors.Is(err, fs.ErrNotExist) {
|
if errors.Is(err, fs.ErrNotExist) {
|
||||||
|
|
@ -114,14 +98,22 @@ var daemonCmd = &cobra.Command{
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal(err)
|
log.Fatal(err)
|
||||||
}
|
}
|
||||||
defer publicKeyEncoder.Close()
|
defer func(publicKeyEncoder io.WriteCloser) {
|
||||||
|
err := publicKeyEncoder.Close()
|
||||||
|
if err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
}(publicKeyEncoder)
|
||||||
|
|
||||||
err = entity.Serialize(publicKeyEncoder)
|
err = entity.Serialize(publicKeyEncoder)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal(err)
|
log.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
publicKeyEncoder.Close()
|
err = publicKeyEncoder.Close()
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
publicKeyArmor := publicKeyBuffer.String()
|
publicKeyArmor := publicKeyBuffer.String()
|
||||||
|
|
||||||
file, err := os.OpenFile("keyring.pgp", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
|
file, err := os.OpenFile("keyring.pgp", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
|
||||||
|
|
@ -129,7 +121,10 @@ var daemonCmd = &cobra.Command{
|
||||||
log.Fatal(err)
|
log.Fatal(err)
|
||||||
}
|
}
|
||||||
err = entity.SerializePrivate(file, conf)
|
err = entity.SerializePrivate(file, conf)
|
||||||
file.Close()
|
err = file.Close()
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
token, _, err := forgeClient.GetGPGToken()
|
token, _, err := forgeClient.GetGPGToken()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
@ -146,9 +141,21 @@ var daemonCmd = &cobra.Command{
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal(err)
|
log.Fatal(err)
|
||||||
}
|
}
|
||||||
defer signatureEncoder.Close()
|
defer func(signatureEncoder io.WriteCloser) {
|
||||||
signatureEncoder.Write(signatureBuffer.Bytes())
|
err := signatureEncoder.Close()
|
||||||
signatureEncoder.Close()
|
if err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
}(signatureEncoder)
|
||||||
|
|
||||||
|
if _, err := signatureEncoder.Write(signatureBuffer.Bytes()); err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
err = signatureEncoder.Close()
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
if _, _, err := forgeClient.CreateGPGKey(forgejo.CreateGPGKeyOption{
|
if _, _, err := forgeClient.CreateGPGKey(forgejo.CreateGPGKeyOption{
|
||||||
ArmoredKey: publicKeyArmor,
|
ArmoredKey: publicKeyArmor,
|
||||||
|
|
@ -156,9 +163,7 @@ var daemonCmd = &cobra.Command{
|
||||||
}); err != nil {
|
}); err != nil {
|
||||||
log.Fatal(err)
|
log.Fatal(err)
|
||||||
}
|
}
|
||||||
pgpEntity = OpenPGPEntity{
|
pgpEntity = entity
|
||||||
Entity: entity,
|
|
||||||
}
|
|
||||||
} else {
|
} else {
|
||||||
log.Fatal(err)
|
log.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|
@ -177,9 +182,7 @@ var daemonCmd = &cobra.Command{
|
||||||
log.Fatal("invalid keyring")
|
log.Fatal("invalid keyring")
|
||||||
}
|
}
|
||||||
|
|
||||||
pgpEntity = OpenPGPEntity{
|
pgpEntity = el[0]
|
||||||
Entity: el[0],
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
appConfig := fiber.Config{
|
appConfig := fiber.Config{
|
||||||
|
|
@ -297,7 +300,7 @@ func handlePush(c *fiber.Ctx, forgeClient *forgejo.Client, event *interfaces.For
|
||||||
return c.SendStatus(fiber.StatusOK)
|
return c.SendStatus(fiber.StatusOK)
|
||||||
}
|
}
|
||||||
|
|
||||||
func handleIssues(c *fiber.Ctx, forgeClient *forgejo.Client, event *interfaces.ForgejoIssueEvent, entity OpenPGPEntity, user *forgejo.User) error {
|
func handleIssues(c *fiber.Ctx, forgeClient *forgejo.Client, event *interfaces.ForgejoIssueEvent, entity *openpgp.Entity, user *forgejo.User) error {
|
||||||
if event.Action == "opened" && event.Issue.Title == "setup:goscan" {
|
if event.Action == "opened" && event.Issue.Title == "setup:goscan" {
|
||||||
if _, err := forgeClient.CreateRepoActionSecret(event.Issue.Repo.Owner, event.Issue.Repo.Name, forgejo.CreateSecretOption{
|
if _, err := forgeClient.CreateRepoActionSecret(event.Issue.Repo.Owner, event.Issue.Repo.Name, forgejo.CreateSecretOption{
|
||||||
Name: "goscan_token",
|
Name: "goscan_token",
|
||||||
|
|
@ -346,7 +349,7 @@ func handleIssues(c *fiber.Ctx, forgeClient *forgejo.Client, event *interfaces.F
|
||||||
return c.SendStatus(fiber.StatusInternalServerError)
|
return c.SendStatus(fiber.StatusInternalServerError)
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := os.MkdirAll(gitDir+"/.forgejo/workflows", 0775); err != nil {
|
if err := os.MkdirAll(gitDir+"/.forgejo/workflows", 0775); /* #nosec G301 */ err != nil {
|
||||||
log.Error(err)
|
log.Error(err)
|
||||||
return c.SendStatus(fiber.StatusInternalServerError)
|
return c.SendStatus(fiber.StatusInternalServerError)
|
||||||
}
|
}
|
||||||
|
|
@ -375,7 +378,7 @@ func handleIssues(c *fiber.Ctx, forgeClient *forgejo.Client, event *interfaces.F
|
||||||
return c.SendStatus(fiber.StatusInternalServerError)
|
return c.SendStatus(fiber.StatusInternalServerError)
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := os.WriteFile(gitDir+"/.forgejo/workflows/gosec.yml", []byte(tmplBuffer.String()), 0666); err != nil {
|
if err := os.WriteFile(gitDir+"/.forgejo/workflows/gosec.yml", []byte(tmplBuffer.String()), 0666); /* #nosec G306 */ err != nil {
|
||||||
log.Error(err)
|
log.Error(err)
|
||||||
return c.SendStatus(fiber.StatusInternalServerError)
|
return c.SendStatus(fiber.StatusInternalServerError)
|
||||||
}
|
}
|
||||||
|
|
@ -392,7 +395,7 @@ func handleIssues(c *fiber.Ctx, forgeClient *forgejo.Client, event *interfaces.F
|
||||||
}
|
}
|
||||||
|
|
||||||
if _, err := worktree.Commit("Add GoScan action", &git.CommitOptions{
|
if _, err := worktree.Commit("Add GoScan action", &git.CommitOptions{
|
||||||
SignKey: entity.Entity,
|
SignKey: entity,
|
||||||
Author: signature,
|
Author: signature,
|
||||||
Committer: signature,
|
Committer: signature,
|
||||||
}); err != nil {
|
}); err != nil {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue