Skip to content

Commit

Permalink
Merge pull request #148 from greenbone/y0urself/sign-headless
Browse files Browse the repository at this point in the history
[pontos-release] [sign] Headless signing.
  • Loading branch information
bjoernricks authored Jun 29, 2021
2 parents a50f106 + 07bbdf5 commit 25106c5
Show file tree
Hide file tree
Showing 6 changed files with 54 additions and 18 deletions.
13 changes: 13 additions & 0 deletions .github/workflows/release-pontos.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,9 @@ jobs:
GITHUB_USER: ${{ secrets.GREENBONE_BOT }}
GITHUB_MAIL: ${{ secrets.GREENBONE_BOT_MAIL }}
GITHUB_TOKEN: ${{ secrets.GREENBONE_BOT_TOKEN }}
GPG_KEY: ${{ secrets.GPG_KEY }}
GPG_FINGERPRINT: ${{ secrets.FINGERPRINT }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
name: Build and release with pontos
# If the label 'make release' is set. If PR is closed because of an merge
if: contains( github.event.pull_request.labels.*.name, 'make release') && github.event.pull_request.merged == true
Expand All @@ -32,6 +35,16 @@ jobs:
- name: Prepare release with pontos
run: |
poetry run pontos-release prepare --calendar
echo "VERSION=$(poetry run pontos-version show)" >> $GITHUB_ENV
- name: Release with pontos
run: |
poetry run pontos-release release
- name: Sign assets with pontos
run: |
echo "Signing assets for ${{env.VERSION}}"
echo -e "${{ env.GPG_PASSPHRASE }}" >> tmp.file
gpg --import tmp.file && rm tmp.file
poetry run pontos-release sign \
--signing-key ${{ env.GPG_FINGERPRINT }} \
--passphrase ${{ env.GPG_PASSPHRASE }} \
--release-version ${{ env.VERSION }}
2 changes: 2 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ and this project adheres to [Calendar Versioning](https://calver.org).

## [Unreleased]
### Added
* `pontos-release`: You can use `sign` now headless (without passphrase prompt) by passing it per arugment. [#148](https://github.com/greenbone/pontos/pull/148)

### Changed
### Deprecated
### Removed
Expand Down
9 changes: 4 additions & 5 deletions pontos/release/helper.py
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@
import requests

from pontos import version
from pontos.terminal import error, warning, info, ok, out, out_flush
from pontos.terminal import error, warning, info, ok, out, overwrite
from pontos.terminal.terminal import Signs
from pontos.version.helper import VersionError
from pontos.version import (
Expand Down Expand Up @@ -191,7 +191,7 @@ def download(
dl += len(content)
download_file.write(content)
done = int(50 * dl / total_length)
out_flush(f"[{'=' * done}{' ' * (50-done)}]")
overwrite(f"[{'=' * done}{' ' * (50-done)}]")
else:
with file_path.open(mode='wb') as download_file:
spinner = ['-', '\\', '|', '/']
Expand All @@ -201,9 +201,8 @@ def download(
if i == 4:
i = 0
download_file.write(content)
out_flush(f"[{spinner[i]}]")
out_flush(f"[{Signs.OK}]{' ' * 50}")
out('')
overwrite(f"[{spinner[i]}]")
overwrite(f"[{Signs.OK}]{' ' * 50}", new_line=True)

return file_path

Expand Down
27 changes: 22 additions & 5 deletions pontos/release/release.py
Original file line number Diff line number Diff line change
Expand Up @@ -162,6 +162,15 @@ def initialize_default_parser() -> argparse.ArgumentParser:
default='greenbone',
help='user/team name in github',
)

sign_parser.add_argument(
'--passphrase',
default='greenbone',
help=(
'Use gpg in a headless mode e.g. for '
'the CI and use this passphrase for signing.'
),
)
return parser


Expand Down Expand Up @@ -448,10 +457,17 @@ def sign(
for file_path in file_paths:
info(f"Signing {file_path}")

shell_cmd_runner(
f"gpg --default-key {signing_key} --yes --detach-sign --armor "
f"{file_path}"
)
if args.passphrase:
shell_cmd_runner(
f"gpg --pinentry-mode loopback --default-key {signing_key}"
f" --yes --detach-sign --passphrase {args.passphrase}"
f" --armor {file_path}"
)
else:
shell_cmd_runner(
f"gpg --default-key {signing_key} --yes --detach-sign --armor "
f"{file_path}"
)

return upload_assets(
username,
Expand Down Expand Up @@ -499,7 +515,8 @@ def main(
):
return sys.exit(1) if leave else False
except subprocess.CalledProcessError as e:
error(f'Could not run command "{e.cmd}". Error was:\n\n{e.stderr}')
error(f'Could not run command "{e.cmd}".')
out(f'Error was: {e.stderr}')
sys.exit(1)

return sys.exit(0) if leave else True
Expand Down
4 changes: 2 additions & 2 deletions pontos/terminal/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -58,8 +58,8 @@ def out(message: str):
__term.print(message)


def out_flush(message: str):
__term.print_without_newline(message)
def overwrite(message: str, new_line: bool = False):
__term.print_overwrite(message, new_line=new_line)


def _set_terminal(term: Terminal):
Expand Down
17 changes: 11 additions & 6 deletions pontos/terminal/terminal.py
Original file line number Diff line number Diff line change
Expand Up @@ -61,10 +61,10 @@ def _print_status(
style: Callable,
*,
new_line: bool = True,
flush: bool = False,
overwrite: bool = False,
) -> None:
first_line = ''
if not new_line:
if overwrite:
first_line = '\r'
output = ''
width = self.get_width()
Expand All @@ -84,7 +84,7 @@ def _print_status(
if new_line:
print(style(output))
else:
print(style(output), end='', flush=flush)
print(style(output), end='', flush=True)

@contextmanager
def indent(self, indentation: int = 4) -> Generator:
Expand All @@ -105,12 +105,17 @@ def print(self, *messages: str, style: Callable = cf.reset) -> None:
message = ''.join(messages)
self._print_status(message, Signs.NONE, cf.white, style)

def print_without_newline(
self, *messages: str, style: Callable = cf.reset
def print_overwrite(
self, *messages: str, style: Callable = cf.reset, new_line: bool = False
) -> None:
message = ''.join(messages)
self._print_status(
message, Signs.NONE, cf.white, style, new_line=False, flush=True
message,
Signs.NONE,
cf.white,
style,
new_line=new_line,
overwrite=True,
)

def ok(self, message: str, style: Callable = cf.reset) -> None:
Expand Down

0 comments on commit 25106c5

Please sign in to comment.