Skip to content

Commit

Permalink
ci: switch to SSH signing everywhere
Browse files Browse the repository at this point in the history 
Signed-off-by: William Woodruff <[email protected]>
  • Loading branch information
@woodruffw
woodruffw committed Feb 5, 2025
1 parent c9331b9 commit 9dbcadd
Show file tree
Hide file tree
Showing 6 changed files with 12 additions and 19 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/autobump.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,15 +47,15 @@ jobs:
- name: Set up commit signing
uses: Homebrew/actions/setup-commit-signing@master
with:
signing_key: ${{ secrets.BREWTESTBOT_GPG_SIGNING_SUBKEY }}
ssh: true
signing_key: ${{ secrets.BREWTESTBOT_SSH_SIGNING_KEY }}

- name: Bump formulae
env:
HOMEBREW_TEST_BOT_AUTOBUMP: 1
HOMEBREW_GITHUB_API_TOKEN: ${{ secrets.HOMEBREW_CORE_REPO_WORKFLOW_TOKEN }}
HOMEBREW_GIT_COMMITTER_NAME: BrewTestBot
HOMEBREW_GIT_COMMITTER_EMAIL: [email protected]
HOMEBREW_GPG_PASSPHRASE: ${{ secrets.BREWTESTBOT_GPG_SIGNING_SUBKEY_PASSPHRASE }}
FORMULAE: ${{ inputs.formulae }}
run: |
BREW_BUMP=(brew bump --no-fork --open-pr --formulae)
Expand Down
6 changes: 2 additions & 4 deletions .github/workflows/create-replacement-pr.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -152,14 +152,14 @@ jobs:
- name: Set up commit signing
uses: Homebrew/actions/setup-commit-signing@master
with:
signing_key: ${{ secrets.BREWTESTBOT_GPG_SIGNING_SUBKEY }}
ssh: true
signing_key: ${{ secrets.BREWTESTBOT_SSH_SIGNING_KEY }}

- name: Pull PR
id: pr-pull
working-directory: ${{ steps.set-up-homebrew.outputs.repository-path }}
env:
BREWTESTBOT_NAME_EMAIL: "BrewTestBot <[email protected]>"
HOMEBREW_GPG_PASSPHRASE: ${{ inputs.autosquash && secrets.BREWTESTBOT_GPG_SIGNING_SUBKEY_PASSPHRASE }}
HOMEBREW_GITHUB_API_TOKEN: ${{ secrets.HOMEBREW_CORE_PUBLIC_REPO_EMAIL_TOKEN }}
MESSAGE: ${{ inputs.message }}
AUTOSQUASH_FLAG: ${{ inputs.autosquash && '--autosquash' || '' }}
Expand Down Expand Up @@ -193,7 +193,6 @@ jobs:
working-directory: ${{steps.pr-pull.outputs.bottle_path}}
env:
BREWTESTBOT_NAME_EMAIL: "BrewTestBot <[email protected]>"
HOMEBREW_GPG_PASSPHRASE: ${{ secrets.BREWTESTBOT_GPG_SIGNING_SUBKEY_PASSPHRASE }}
HOMEBREW_GITHUB_PACKAGES_USER: brewtestbot
HOMEBREW_GITHUB_PACKAGES_TOKEN: ${{secrets.HOMEBREW_CORE_GITHUB_PACKAGES_TOKEN}}
WARN_ON_UPLOAD_FAILURE_FLAG: ${{inputs.warn_on_upload_failure && '--warn-on-upload-failure' || ''}}
Expand All @@ -216,7 +215,6 @@ jobs:
env:
GIT_COMMITTER_NAME: ${{ steps.git-user-config.outputs.name }}
GIT_COMMITTER_EMAIL: ${{ steps.git-user-config.outputs.email }}
HOMEBREW_GPG_PASSPHRASE: ${{ secrets.BREWTESTBOT_GPG_SIGNING_SUBKEY_PASSPHRASE }}

- name: Open replacement pull request
id: create-pr
Expand Down
5 changes: 2 additions & 3 deletions .github/workflows/dispatch-build-bottle.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -233,7 +233,8 @@ jobs:
- name: Set up commit signing
uses: Homebrew/actions/setup-commit-signing@master
with:
signing_key: ${{ secrets.BREWTESTBOT_GPG_SIGNING_SUBKEY }}
ssh: true
signing_key: ${{ secrets.BREWTESTBOT_SSH_SIGNING_KEY }}

- name: Generate build provenance
uses: actions/attest-build-provenance@520d128f165991a6c774bcb264f323e3d70747f4 # v2.2.0
Expand All @@ -249,7 +250,6 @@ jobs:
env:
HOMEBREW_GITHUB_PACKAGES_USER: brewtestbot
HOMEBREW_GITHUB_PACKAGES_TOKEN: ${{secrets.HOMEBREW_CORE_GITHUB_PACKAGES_TOKEN}}
HOMEBREW_GPG_PASSPHRASE: ${{ secrets.BREWTESTBOT_GPG_SIGNING_SUBKEY_PASSPHRASE }}
BREWTESTBOT_NAME_EMAIL: "BrewTestBot <[email protected]>"
HOMEBREW_CORE_PATH: ${{steps.set-up-homebrew.outputs.repository-path}}
working-directory: ${{ env.BOTTLES_DIR }}
Expand All @@ -267,7 +267,6 @@ jobs:
env:
GIT_COMMITTER_NAME: BrewTestBot
GIT_COMMITTER_EMAIL: [email protected]
HOMEBREW_GPG_PASSPHRASE: ${{ secrets.BREWTESTBOT_GPG_SIGNING_SUBKEY_PASSPHRASE }}

- name: Open PR with bottle commit
id: create-pr
Expand Down
5 changes: 2 additions & 3 deletions .github/workflows/dispatch-rebottle.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -170,7 +170,8 @@ jobs:
- name: Set up commit signing
uses: Homebrew/actions/setup-commit-signing@master
with:
signing_key: ${{ secrets.BREWTESTBOT_GPG_SIGNING_SUBKEY }}
ssh: true
signing_key: ${{ secrets.BREWTESTBOT_SSH_SIGNING_KEY }}

- name: Generate build provenance
uses: actions/attest-build-provenance@520d128f165991a6c774bcb264f323e3d70747f4 # v2.2.0
Expand All @@ -186,7 +187,6 @@ jobs:
env:
HOMEBREW_GITHUB_PACKAGES_USER: brewtestbot
HOMEBREW_GITHUB_PACKAGES_TOKEN: ${{secrets.HOMEBREW_CORE_GITHUB_PACKAGES_TOKEN}}
HOMEBREW_GPG_PASSPHRASE: ${{ secrets.BREWTESTBOT_GPG_SIGNING_SUBKEY_PASSPHRASE }}
BREWTESTBOT_NAME_EMAIL: "BrewTestBot <[email protected]>"
HOMEBREW_CORE_PATH: ${{steps.set-up-homebrew.outputs.repository-path}}
working-directory: ${{ env.BOTTLES_DIR }}
Expand All @@ -204,7 +204,6 @@ jobs:
env:
GIT_COMMITTER_NAME: BrewTestBot
GIT_COMMITTER_EMAIL: [email protected]
HOMEBREW_GPG_PASSPHRASE: ${{ secrets.BREWTESTBOT_GPG_SIGNING_SUBKEY_PASSPHRASE }}

- name: Open PR with bottle commit
id: create-pr
Expand Down
6 changes: 2 additions & 4 deletions .github/workflows/publish-commit-bottles.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -299,7 +299,8 @@ jobs:
- name: Set up commit signing
uses: Homebrew/actions/setup-commit-signing@master
with:
signing_key: ${{ secrets.BREWTESTBOT_GPG_SIGNING_SUBKEY }}
ssh: true
signing_key: ${{ secrets.BREWTESTBOT_SSH_SIGNING_KEY }}

- name: Checkout PR branch
working-directory: ${{steps.set-up-homebrew.outputs.repository-path}}
Expand All @@ -312,7 +313,6 @@ jobs:
working-directory: ${{steps.set-up-homebrew.outputs.repository-path}}
env:
BREWTESTBOT_NAME_EMAIL: "BrewTestBot <[email protected]>"
HOMEBREW_GPG_PASSPHRASE: ${{ inputs.autosquash && secrets.BREWTESTBOT_GPG_SIGNING_SUBKEY_PASSPHRASE }}
HOMEBREW_GITHUB_API_TOKEN: ${{secrets.HOMEBREW_CORE_PUBLIC_REPO_EMAIL_TOKEN}}
EXPECTED_SHA: ${{needs.check.outputs.head_sha}}
LARGE_RUNNER: ${{inputs.large_runner}}
Expand Down Expand Up @@ -363,7 +363,6 @@ jobs:
working-directory: ${{steps.pr-pull.outputs.bottle_path}}
env:
BREWTESTBOT_NAME_EMAIL: "BrewTestBot <[email protected]>"
HOMEBREW_GPG_PASSPHRASE: ${{ secrets.BREWTESTBOT_GPG_SIGNING_SUBKEY_PASSPHRASE }}
HOMEBREW_GITHUB_PACKAGES_USER: brewtestbot
HOMEBREW_GITHUB_PACKAGES_TOKEN: ${{secrets.HOMEBREW_CORE_GITHUB_PACKAGES_TOKEN}}
REPO_PATH: ${{steps.set-up-homebrew.outputs.repository-path}}
Expand Down Expand Up @@ -391,7 +390,6 @@ jobs:
env:
GIT_COMMITTER_NAME: BrewTestBot
GIT_COMMITTER_EMAIL: [email protected]
HOMEBREW_GPG_PASSPHRASE: ${{ secrets.BREWTESTBOT_GPG_SIGNING_SUBKEY_PASSPHRASE }}

- name: Add CI-published-bottle-commits label
run: gh pr edit --add-label CI-published-bottle-commits "$PR" --repo "$GITHUB_REPOSITORY"
Expand Down
5 changes: 2 additions & 3 deletions .github/workflows/remove-disabled-packages.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,8 @@ jobs:
- name: Set up commit signing
uses: Homebrew/actions/setup-commit-signing@master
with:
signing_key: ${{ secrets.BREWTESTBOT_GPG_SIGNING_SUBKEY }}
ssh: true
signing_key: ${{ secrets.BREWTESTBOT_SSH_SIGNING_KEY }}

- name: Checkout removal branch
run: git checkout -b "$REMOVAL_BRANCH" origin/master
Expand All @@ -62,7 +63,6 @@ jobs:
id: remove_disabled
uses: Homebrew/actions/remove-disabled-packages@master
env:
HOMEBREW_GPG_PASSPHRASE: ${{ secrets.BREWTESTBOT_GPG_SIGNING_SUBKEY_PASSPHRASE }}
HOMEBREW_EVAL_ALL: 1

- name: Push commits
Expand All @@ -75,7 +75,6 @@ jobs:
env:
GIT_COMMITTER_NAME: ${{ steps.git-user-config.outputs.name }}
GIT_COMMITTER_EMAIL: ${{ steps.git-user-config.outputs.email }}
HOMEBREW_GPG_PASSPHRASE: ${{ secrets.BREWTESTBOT_GPG_SIGNING_SUBKEY_PASSPHRASE }}

- name: Create pull request
if: fromJson(steps.remove_disabled.outputs.packages-removed)
Expand Down

0 comments on commit 9dbcadd

Please sign in to comment.