-
Notifications
You must be signed in to change notification settings - Fork 16
Sync Wollok CLI & site
-
wollok-cli-bot&wollok-site-botare github machine users, linked to[email protected]&[email protected]accounts - define public & private keys for each of the users
> ssh-keygen -t rsa -b 4096 -C [email protected]
Generating public/private rsa key pair.
Enter file in which to save the key (/home/dodain/.ssh/id_rsa): wolloksite_rsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in wolloksite_rsa
Your public key has been saved in wolloksite_rsa.pub
The key fingerprint is:
SHA256:..... [email protected]
The key's randomart image is:
+---[RSA 4096]----+
...
+----[SHA256]-----+
# same for wollokcli
ssh-keygen -t rsa -b 4096 -C [email protected]-
.gitignoreignoreswolloksite_rsa,wolloksite_rsa.pub,wollokcli_rsaandwollokcli_rsa.pubfiles -
upload public keys as Deploy Key on each repository
-
Settings > Deploy Keys for Wollok CLI, Add Deploy Key, Title: Github Action Public Key for wollok-site bot, copy the public key, don't forget to click on
Allow write access, Save - Settings > Deploy Keys for Wollok site, same procedure
-
Settings > Deploy Keys for Wollok CLI, Add Deploy Key, Title: Github Action Public Key for wollok-site bot, copy the public key, don't forget to click on
-
private key should be encrypted and pushed to Wollok github repository
openssl enc -aes-128-ctr -K $KEY -iv $IV -d -in wollokcli_rsa -out wollokcli_key.enc
openssl enc -aes-128-ctr -K $KEY -iv $IV -d -in wolloksite_rsa -out wolloksite_key.encChoose your $KEY with an 32-hexadecimal long number (0123456789abcdef0123456789abcdef)
Same for $IV, it should have 32 positions.
-
Add both
$KEYand$IVas repository secrets. Go to this page, and click onNew repository secreton the right corner (up). On name, we useWOLLOK_CLI_KEY,WOLLOK_CLI_IV,WOLLOK_SITE_KEYandWOLLOK_SITE_IV, copy the corresponding values defined previously) -
We decrypt
encfiles using credentials stored as repository secrets onbuild.yml
We encrypt settings.xml using
openssl enc -aes-256-cbc -pbkdf2 -in settings.xml -out settings.xml.enc -pass pass:$PASSWORDThen it is decrypted on build.yml according to the SETTINGS_GPG_TOKEN as repository secret (you must store $PASSWORD chosen in that secret before).
ssh_config adds a wollok_site and a wollok_cli config, in order to clone / push as different users:
git clone git@wollok_site:uqbar-project/wollok-site.git