chore: use hmac

add hmac
cncf-infra · May 23, 2024 · 77c81d7 · 77c81d7
1 parent e1fdef6
commit 77c81d7
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/.github/workflows/verify-conformance.yml b/.github/workflows/verify-conformance.yml
@@ -16,10 +16,12 @@ jobs:
         env:
           GH_APP_PRIVATE_KEY: ${{ secrets.GH_APP_PRIVATE_KEY }}
           GH_APP_ID: ${{ secrets.GH_APP_ID }}
+          GH_APP_HMAC: ${{ secrets.GH_APP_HMAC }}
         run: |
           mkdir -p ./tmp/
           curl -sSLv https://raw.githubusercontent.com/cncf-infra/verify-conformance/main/hack/local-dev/verify-conformance-config.yaml -o ./verify-conformance-config.yaml
           echo '${{ env.GH_APP_PRIVATE_KEY }}' | base64 -d > ./tmp/github-app-private-key
+          echo '${{ env.GH_APP_HMAC }}' > ./tmp/hmac
       - name: verify-conformance
         env:
           GH_APP_ID: ${{ secrets.GH_APP_ID }}
@@ -33,7 +35,8 @@ jobs:
               --dry-run=false \
               --plugin-config="$PWD/verify-conformance-config.yaml" \
               --github-app-id="${{ env.GH_APP_ID }}" \
-              --github-app-private-key-path="$PWD/tmp/github-app-private-key"
+              --github-app-private-key-path="$PWD/tmp/github-app-private-key" \
+              --hmac-secret-file=$PWD/tmp/hmac
       - name: cleanup
         if: ${{ always() }}
         run: |