Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gitPrivateKey not used to sign commits #228

Closed
Alexsaphir opened this issue Sep 14, 2022 · 4 comments
Closed

gitPrivateKey not used to sign commits #228

Alexsaphir opened this issue Sep 14, 2022 · 4 comments

Comments

@Alexsaphir
Copy link

Setting up renovate-on-prem to sign commit by deploying the helm chart with the following values.yaml file:

renovate:
  acceptWhiteSourceTos: 'y'
  
  renovatePlatform: 'gitlab'
  renovateEndpoint: 'https://${SECRET_GITLAB_DOMAIN}/api/v4/'
  existingSecret: whitesource-renovate

  config: |
    module.exports = {
      // Enter self-hosted configuration options here.
      // https://docs.renovatebot.com/self-hosted-configuration/
      onboardingConfig: {
        extends: ['config:base',":gitSignOff", ":rebaseStalePrs",":enablePreCommit"],
      },
      gitPrivateKey: '${SECRET_RENOVATE_GIT_PRIVATE_KEY}',
      gitAuthor: '${SECRET_RENOVATE_GIT_AUTHOR}'
    }

On gitlab side I enforce the commit signing. All push fails due to the missing signature.
I've made sure that the new line are not interpreted by the yaml using the single quote, when attaching to the pod, gitPrivateKey value is a single line still with \n characters.

I don't see what more can be done to solve this issue.
@rarkins
Copy link
Member

rarkins commented Oct 14, 2022

I have addressed this in https://github.com/whitesource/renovate-on-prem/releases/tag/2.6.0

I'm not certain it will be fixed, assuming there's a bug, but at the very least you should find some additional log messages with the gitPrivateKey string to provide more details about what's going on.

@Alexsaphir
Copy link
Author

The error seem to persist. At no point gpg import seem to be done like the doc indicates.

DEBUG: Preparing files for committing to branch renovate/k3s-io-k3s-1.x (repository=Alexsaphir/K3s-Flux, branch=renovate/k3s-io-k3s-1.x)
DEBUG: Setting git author name (repository=Alexsaphir/K3s-Flux, branch=renovate/k3s-io-k3s-1.x)
       "gitAuthorName": "Renovate Bot"
DEBUG: Setting git author email (repository=Alexsaphir/K3s-Flux, branch=renovate/k3s-io-k3s-1.x)
       "gitAuthorEmail": "********************"
DEBUG: git commit (repository=Alexsaphir/K3s-Flux, branch=renovate/k3s-io-k3s-1.x)
       "deletedFiles": [],
       "ignoredFiles": [],
       "result": {
         "author": null,
         "branch": "renovate/k3s-io-k3s-1.x",
         "commit": "0b3d28211013ed8cc0469761abeb4a7e9e853736",
         "root": false,
         "summary": {"changes": 3, "insertions": 3, "deletions": 3}
       }
DEBUG: Pushing branch renovate/k3s-io-k3s-1.x (repository=Alexsaphir/K3s-Flux, branch=renovate/k3s-io-k3s-1.x)
DEBUG: Git function thrown (repository=Alexsaphir/K3s-Flux, branch=renovate/k3s-io-k3s-1.x)

@rarkins
Copy link
Member

rarkins commented Oct 15, 2022

Importing is done once, so a log like that isn't indicative of the failure. Please check your debug logs for all instances of the string gitPrivateKey

@Alexsaphir
Copy link
Author

Alexsaphir commented Oct 15, 2022
edited
Loading

Thanks a lot. It works now, my cluster did not upgrade the container. Lot of Dependency Lookup Warnings but the issue seem to be already raised.

@TobiX TobiX mentioned this issue Oct 17, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rarkins @Alexsaphir