@@ -20,7 +20,7 @@ gitactionSettingsFile=$gitactionDir/settings.xml
2020gitactionNotifyScript=$gitactionDir /notify.sh
2121credentialsDir=$HOME /.scijava/credentials
2222varsFile=$credentialsDir /vars
23- signingKeySourceFile=$credentialsDir /scijava-ci-signing.asc
23+ signingKeySourceFile=$credentialsDir /scijava-ci-signing.asc.enc
2424signingKeyDestFile=$gitactionDir /signingkey.asc
2525pomMinVersion=' 17.1.1'
2626tmpFile=gitaction.tmp
@@ -141,10 +141,10 @@ EOL
141141 cat > " $tmpFile " << EOL
142142#!/bin/sh
143143curl -fsLO https://raw.githubusercontent.com/scijava/scijava-scripts/master/github-action-build.sh
144- sh github-action-build.sh
144+ sh github-action-build.sh \$ signingKeySecret \$ signingIvSecret
145145EOL
146146 chmod +x " $tmpFile "
147- update " $githactionBuildScript " " GitHub Action: add executable script $gitactionBuildScript " " true"
147+ update " $gitactionBuildScript " " GitHub Action: add executable script $gitactionBuildScript " " true"
148148
149149 # Remove obsolete GitHub-Actions-related files.
150150 if [ -f " $gitactionSettingsFile "
@@ -202,60 +202,17 @@ EOL
202202 update README.md ' GitHub Action: add badge to README.md'
203203 fi
204204
205- # # encrypt key/value pairs in variables file
206- # if [ -f "$varsFile" ]
207- # then
208- # while read p; do
209- # # Skip comments. (Cannot use ${p:0:1} because it's bash-specific.)
210- # case "$p" in
211- # '#'*) continue;;
212- # esac
213- # info "Encrypting ${p%%=*}"
214- # ######################### TODO #########################
215- # yes | $EXEC travis encrypt --$mode "$p" --add env.global --repo "$repoSlug"
216- # test $? -eq 0 || die "Failed to encrypt variable '$p'"
217- # done <"$varsFile"
218- # $EXEC git commit "$gitactionConfig" -m "GitHub Action: add encrypted environment variables"
219- # else
220- # warn "No $varsFile found. GitHub Action will not have any environment variables set!"
221- # fi
222-
223- # # add key/value pairs as env vars to yml file
224- # if [ -f "$varsFile" ]
225- # then
226- # while read p; do
227- # # Skip comments. (Cannot use ${p:0:1} because it's bash-specific.)
228- # case "$p" in
229- # '#'*) continue;;
230- # esac
231- # key=${p%%=*}
232- # val=${p%%*=}
233- # info "Encrypting ${key}"
234-
235- # done <"$varsFile"
236- # $EXEC git commit "$gitactionConfig" -m "GitHub Action: add encrypted environment variables"
237- # else
238- # warn "No $varsFile found. GitHub Action will not have any environment variables set!"
239- # fi
240-
241- # encrypt GPG keypair
205+ # copy the encrypted signing key
206+ # This assumes you have the encrypted signing key locally and will set the encryption key and iv as encrypted
207+ # environment variables in your repository or organization
242208 if [ -f " $signingKeySourceFile "
243209 then
244- info " Encrypting $signingKeyDestFile "
210+ info " Copying $signingKeyDestFile "
245211 if [ -z " $EXEC "
246212 then
247213 rm -f " $signingKeyDestFile .enc"
248- # ######################## TODO #########################
249- # https://docs.github.com/en/github/authenticating-to-github/generating-a-new-gpg-key
250- encryptOutput=$( travis encrypt-file --$mode " $signingKeySourceFile " " $signingKeyDestFile .enc" " $repoSlug " )
251- test $? -eq 0 || die " Failed to encrypt signing key."
252- encryptResult=$( echo " $encryptOutput " | grep openssl)
253- test " $encryptResult " || die " No openssl variables emitted."
254- key=$( echo " $encryptResult " | cut -d' ' )
255- iv=$( echo " $encryptResult " | cut -d' ' )
256- sed -i.bak " s/\(sh github-action-build.sh\)/\1 $key $iv /" " $gitactionBuildScript "
257- rm -f " $gitactionBuildScript .bak"
258- git add " $gitactionBuildScript " " $signingKeyDestFile .enc"
214+ cp " $signingKeySourceFile " " $signingKeyDestFile .enc"
215+ git add " $signingKeyDestFile .enc"
259216 git commit -m " GitHub Action: add encrypted GPG signing keypair"
260217 fi
261218 else
0 commit comments