Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add test action to reproduce issue in normal PR. #5943

Merged
merged 1 commit into from
Feb 2, 2023
Merged

Add test action to reproduce issue in normal PR. #5943

merged 1 commit into from
Feb 2, 2023

Conversation

absoludity
Copy link
Contributor

@absoludity absoludity commented Feb 1, 2023
edited
Loading

Signed-off-by: Michael Nelson minelson@vmware.com

Description of the change

I used this PR to debug why the installation of the GPG key was failing. The process I used was:

  1. list the files written to disk in the installGPGKeys command (ls -al /tmp/*.key) which showed that they had the incorrect size,
  2. print out the head -n1 of each (which is just the -----BEGIN PGP PRIVATE KEY BLOCK-----) (had to also base64 it to avoid it being correctly redacted as it should).

This showed clearly that, since I updated the secrets, the GPG data was in fact not being written to disk. After some experimenting, and reading the GH documentation for secrets in actions I realised that the issue could be because these secrets are being passed unquoted to the installGPGKeys bash function.

Rather than correctly quoting them, I instead removed these cmd-line args from the function so that the env vars can be used more safely (as mentioned in the linked GH doc above, including secrets as cmdline args should be avoided anyway).

This fixed the problem in my tests. Now to see if it's the only issue in CI :)

Benefits

Possible drawbacks

Applicable issues

  • fixes #

Additional information

@netlify
Copy link

netlify bot commented Feb 1, 2023
edited
Loading

Deploy Preview for kubeapps-dev canceled.

Name Link
🔨 Latest commit 2aec8dd
🔍 Latest deploy log https://app.netlify.com/sites/kubeapps-dev/deploys/63db0e6e705d8e0008a6172a

@absoludity
Don't pass secrets as cmd-line args, prefer env.
2aec8dd 
Signed-off-by: Michael Nelson <minelson@vmware.com>
@absoludity absoludity force-pushed the test-ci-main-gpg-issue branch from 689d773 to 2aec8dd Compare February 2, 2023 01:14
@absoludity absoludity marked this pull request as ready for review February 2, 2023 01:21
@absoludity
Copy link
Contributor Author

Landing to test if it makes main green (could still be an issue with the actual cred).

@absoludity absoludity merged commit 669fbc4 into main Feb 2, 2023
@absoludity absoludity deleted the test-ci-main-gpg-issue branch February 2, 2023 01:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
cla-not-required
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@absoludity @vmwclabot