From 1b2ea31de4f517840705711d3484763a2410d1e9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaspar=20L=C3=B6chte?= <jaspar.loechte@greenbone.net>
Date: Mon, 28 Jun 2021 16:49:21 +0200
Subject: [PATCH 1/4] Add the possiblity to use pontos-release sign headless
with the passphrase
---
pontos/release/release.py | 27 ++++++++++++++++++++++-----
1 file changed, 22 insertions(+), 5 deletions(-)
diff --git a/pontos/release/release.py b/pontos/release/release.py
index 3bfa95741..065b3b0bb 100644
--- a/pontos/release/release.py
+++ b/pontos/release/release.py
@@ -162,6 +162,15 @@ def initialize_default_parser() -> argparse.ArgumentParser:
default='greenbone',
help='user/team name in github',
)
+
+ sign_parser.add_argument(
+ '--passphrase',
+ default='greenbone',
+ help=(
+ 'Use gpg in a headless mode e.g. for '
+ 'the CI and use this passphrase for signing.'
+ ),
+ )
return parser
@@ -448,10 +457,17 @@ def sign(
for file_path in file_paths:
info(f"Signing {file_path}")
- shell_cmd_runner(
- f"gpg --default-key {signing_key} --yes --detach-sign --armor "
- f"{file_path}"
- )
+ if args.passphrase:
+ shell_cmd_runner(
+ f"gpg --pinentry-mode loopback --default-key {signing_key}"
+ f" --yes --detach-sign --passphrase {args.passphrase}"
+ f" --armor {file_path}"
+ )
+ else:
+ shell_cmd_runner(
+ f"gpg --default-key {signing_key} --yes --detach-sign --armor "
+ f"{file_path}"
+ )
return upload_assets(
username,
@@ -499,7 +515,8 @@ def main(
):
return sys.exit(1) if leave else False
except subprocess.CalledProcessError as e:
- error(f'Could not run command "{e.cmd}". Error was:\n\n{e.stderr}')
+ error(f'Could not run command "{e.cmd}".')
+ out(f'Error was: {e.stderr}')
sys.exit(1)
return sys.exit(0) if leave else True
From 97c6e18dac14577894d7a3fee6c693bc9fed5237 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaspar=20L=C3=B6chte?= <jaspar.loechte@greenbone.net>
Date: Mon, 28 Jun 2021 16:50:22 +0200
Subject: [PATCH 2/4] Adjust naming and behavior of this flushing terminal
print
---
pontos/release/helper.py | 9 ++++-----
pontos/terminal/__init__.py | 4 ++--
pontos/terminal/terminal.py | 17 +++++++++++------
3 files changed, 17 insertions(+), 13 deletions(-)
diff --git a/pontos/release/helper.py b/pontos/release/helper.py
index 8446d4f44..0ae51940e 100644
--- a/pontos/release/helper.py
+++ b/pontos/release/helper.py
@@ -30,7 +30,7 @@
import requests
from pontos import version
-from pontos.terminal import error, warning, info, ok, out, out_flush
+from pontos.terminal import error, warning, info, ok, out, overwrite
from pontos.terminal.terminal import Signs
from pontos.version.helper import VersionError
from pontos.version import (
@@ -191,7 +191,7 @@ def download(
dl += len(content)
download_file.write(content)
done = int(50 * dl / total_length)
- out_flush(f"[{'=' * done}{' ' * (50-done)}]")
+ overwrite(f"[{'=' * done}{' ' * (50-done)}]")
else:
with file_path.open(mode='wb') as download_file:
spinner = ['-', '\\', '|', '/']
@@ -201,9 +201,8 @@ def download(
if i == 4:
i = 0
download_file.write(content)
- out_flush(f"[{spinner[i]}]")
- out_flush(f"[{Signs.OK}]{' ' * 50}")
- out('')
+ overwrite(f"[{spinner[i]}]")
+ overwrite(f"[{Signs.OK}]{' ' * 50}", new_line=True)
return file_path
diff --git a/pontos/terminal/__init__.py b/pontos/terminal/__init__.py
index 0933b399b..f90559c93 100644
--- a/pontos/terminal/__init__.py
+++ b/pontos/terminal/__init__.py
@@ -58,8 +58,8 @@ def out(message: str):
__term.print(message)
-def out_flush(message: str):
- __term.print_without_newline(message)
+def overwrite(message: str, new_line: bool = False):
+ __term.print_overwrite(message, new_line=new_line)
def _set_terminal(term: Terminal):
diff --git a/pontos/terminal/terminal.py b/pontos/terminal/terminal.py
index 1e2756647..0acef666f 100644
--- a/pontos/terminal/terminal.py
+++ b/pontos/terminal/terminal.py
@@ -61,10 +61,10 @@ def _print_status(
style: Callable,
*,
new_line: bool = True,
- flush: bool = False,
+ overwrite: bool = False,
) -> None:
first_line = ''
- if not new_line:
+ if overwrite:
first_line = '\r'
output = ''
width = self.get_width()
@@ -84,7 +84,7 @@ def _print_status(
if new_line:
print(style(output))
else:
- print(style(output), end='', flush=flush)
+ print(style(output), end='', flush=True)
@contextmanager
def indent(self, indentation: int = 4) -> Generator:
@@ -105,12 +105,17 @@ def print(self, *messages: str, style: Callable = cf.reset) -> None:
message = ''.join(messages)
self._print_status(message, Signs.NONE, cf.white, style)
- def print_without_newline(
- self, *messages: str, style: Callable = cf.reset
+ def print_overwrite(
+ self, *messages: str, style: Callable = cf.reset, new_line: bool = False
) -> None:
message = ''.join(messages)
self._print_status(
- message, Signs.NONE, cf.white, style, new_line=False, flush=True
+ message,
+ Signs.NONE,
+ cf.white,
+ style,
+ new_line=new_line,
+ overwrite=True,
)
def ok(self, message: str, style: Callable = cf.reset) -> None:
From fb961809fcaf85729a6c0eb255fa514753a07c88 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaspar=20L=C3=B6chte?= <jaspar.loechte@greenbone.net>
Date: Mon, 28 Jun 2021 16:53:26 +0200
Subject: [PATCH 3/4] Add Changelog entry
---
CHANGELOG.md | 2 ++
1 file changed, 2 insertions(+)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 86a5c48d5..1c0100c65 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,8 @@ and this project adheres to [Calendar Versioning](https://calver.org).
## [Unreleased]
### Added
+* `pontos-release`: You can use `sign` now headless (without passphrase prompt) by passing it per arugment. [#148](https://github.com/greenbone/pontos/pull/148)
+
### Changed
### Deprecated
### Removed
From 07bbdf5139b5bf81a0c770b76f0c711c48fabf32 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaspar=20L=C3=B6chte?= <jaspar.loechte@greenbone.net>
Date: Mon, 28 Jun 2021 21:02:14 +0200
Subject: [PATCH 4/4] Update the release workflow (add signing :) )
---
.github/workflows/release-pontos.yml | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/.github/workflows/release-pontos.yml b/.github/workflows/release-pontos.yml
index 8812e18fd..3a37c4e85 100644
--- a/.github/workflows/release-pontos.yml
+++ b/.github/workflows/release-pontos.yml
@@ -10,6 +10,9 @@ jobs:
GITHUB_USER: ${{ secrets.GREENBONE_BOT }}
GITHUB_MAIL: ${{ secrets.GREENBONE_BOT_MAIL }}
GITHUB_TOKEN: ${{ secrets.GREENBONE_BOT_TOKEN }}
+ GPG_KEY: ${{ secrets.GPG_KEY }}
+ GPG_FINGERPRINT: ${{ secrets.FINGERPRINT }}
+ GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
name: Build and release with pontos
# If the label 'make release' is set. If PR is closed because of an merge
if: contains( github.event.pull_request.labels.*.name, 'make release') && github.event.pull_request.merged == true
@@ -32,6 +35,16 @@ jobs:
- name: Prepare release with pontos
run: |
poetry run pontos-release prepare --calendar
+ echo "VERSION=$(poetry run pontos-version show)" >> $GITHUB_ENV
- name: Release with pontos
run: |
poetry run pontos-release release
+ - name: Sign assets with pontos
+ run: |
+ echo "Signing assets for ${{env.VERSION}}"
+ echo -e "${{ env.GPG_PASSPHRASE }}" >> tmp.file
+ gpg --import tmp.file && rm tmp.file
+ poetry run pontos-release sign \
+ --signing-key ${{ env.GPG_FINGERPRINT }} \
+ --passphrase ${{ env.GPG_PASSPHRASE }} \
+ --release-version ${{ env.VERSION }}