diff --git a/.github/actions/commit_and_push/README.md b/.github/actions/commit_and_push/README.md index c2e21b6ae5..4cf82af8b0 100644 --- a/.github/actions/commit_and_push/README.md +++ b/.github/actions/commit_and_push/README.md @@ -6,7 +6,7 @@ steps: - uses: ./.github/actions/commit_and_push with: - gpg_signing_key: ${{ secrets.GPG_SIGNING_KEY }} + gpg-signing-key: ${{ secrets.GPG_SIGNING_KEY }} branch-name: 'branch-name' commit-message: 'commit message' create-branch: 'true' diff --git a/.github/actions/commit_and_push/action.yml b/.github/actions/commit_and_push/action.yml index 7bf7b13331..3e356023c1 100644 --- a/.github/actions/commit_and_push/action.yml +++ b/.github/actions/commit_and_push/action.yml @@ -11,15 +11,19 @@ inputs: commit-message: description: 'Commit message' required: true - gpg_signing_key: + gpg-signing-key: description: 'The GPG signing key to use for signing commits' required: true + signing-key-id: + description: 'The GPG signing key ID to configure for git' + required: true runs: using: composite steps: - uses: ./.github/actions/configure_git with: - gpg_signing_key: ${{ inputs.gpg_signing_key }} + gpg-signing-key: ${{ inputs.gpg-signing-key }} + signing-key-id: ${{ inputs.signing-key-id }} - name: Commit and push changes shell: bash diff --git a/.github/actions/configure_git/README.md b/.github/actions/configure_git/README.md index 856aa89d7a..89869f130c 100644 --- a/.github/actions/configure_git/README.md +++ b/.github/actions/configure_git/README.md @@ -6,5 +6,5 @@ steps: - uses: ./.github/actions/configure_git with: - gpg_signing_key: ${{ secrets.GPG_SIGNING_KEY }} + gpg-signing-key: ${{ secrets.GPG_SIGNING_KEY }} ``` diff --git a/.github/actions/configure_git/action.yml b/.github/actions/configure_git/action.yml index 6f18cb7a71..adc3078f01 100644 --- a/.github/actions/configure_git/action.yml +++ b/.github/actions/configure_git/action.yml @@ -1,9 +1,12 @@ name: Configure Git description: 'Configures git with user info and GPG signing' inputs: - gpg_signing_key: + gpg-signing-key: description: 'The GPG signing key to use for signing commits' required: true + signing-key-id: + description: 'The GPG signing key ID to configure for git' + required: true runs: using: composite steps: @@ -13,6 +16,6 @@ runs: git config --global user.name 'Jordan Last' git config --global user.email 'jordan.michael.last@gmail.com' git config --global commit.gpgsign true - echo -n "${{ inputs.gpg_signing_key }}" | base64 --decode | gpg --import - git config --global user.signingkey C8B77BCBE16CD2B94B43F9C8757397B82D4ED7B0 + echo -n "${{ inputs.gpg-signing-key }}" | base64 --decode | gpg --import + git config --global user.signingkey ${{ inputs.signing-key-id }} shell: bash diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml index 22119bab0a..d4fc1b1508 100644 --- a/.github/workflows/benchmark.yml +++ b/.github/workflows/benchmark.yml @@ -1,4 +1,5 @@ name: Benchmark + on: workflow_dispatch: inputs: @@ -17,6 +18,10 @@ on: required: true type: boolean default: false + signing-key-id: + required: true + type: string + default: C8B77BCBE16CD2B94B43F9C8757397B82D4ED7B0 jobs: get-exclude-dirs: @@ -39,6 +44,7 @@ jobs: with: prefix: 'benchmark' version: $(jq -r '.version' package.json) + signing-key-id: ${{ inputs.signing-key-id }} secrets: GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }} @@ -93,6 +99,7 @@ jobs: branch-prefix: ${{ needs.create-branch-prefix.outputs.branch-prefix }} directories: ${{ matrix.benchmark_group.directories }} exclude-dirs: ${{ needs.get-exclude-dirs.outputs.exclude-dirs }} + signing-key-id: ${{ inputs.signing-key-id }} squash-branches: needs: [run-benchmarks, create-branch-prefix] @@ -101,6 +108,7 @@ jobs: base-branch: ${{ needs.create-branch-prefix.outputs.base-branch }} branch-prefix: ${{ needs.create-branch-prefix.outputs.branch-prefix }} commit-message: 'run benchmarks' + signing-key-id: ${{ inputs.signing-key-id }} secrets: GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -129,10 +137,11 @@ jobs: - uses: ./.github/actions/commit_and_push with: - gpg_signing_key: ${{ secrets.GPG_SIGNING_KEY }} + gpg-signing-key: ${{ secrets.GPG_SIGNING_KEY }} branch-name: ${{ needs.create-branch-prefix.outputs.base-branch }} commit-message: 'analyze benchmark results' create-branch: 'false' + signing-key-id: ${{ inputs.signing-key-id }} create-pr: needs: diff --git a/.github/workflows/benchmark_parallel.yml b/.github/workflows/benchmark_parallel.yml index d3060d222b..1c609e6415 100644 --- a/.github/workflows/benchmark_parallel.yml +++ b/.github/workflows/benchmark_parallel.yml @@ -15,6 +15,10 @@ on: required: false type: string default: '' + signing-key-id: + required: true + type: string + description: 'Signing key ID to use for signing commits' secrets: GPG_SIGNING_KEY: @@ -119,5 +123,6 @@ jobs: with: branch-name: ${{ steps.create-branch-name.outputs.branch-name }} commit-message: 'Run benchmarks for ${{ matrix.test.displayPath }}' - gpg_signing_key: ${{ secrets.GPG_SIGNING_KEY }} + gpg-signing-key: ${{ secrets.GPG_SIGNING_KEY }} create-branch: 'true' + signing-key-id: ${{ inputs.signing-key-id }} diff --git a/.github/workflows/build_templates.yml b/.github/workflows/build_templates.yml index e37b05abe5..72e9e2cbab 100644 --- a/.github/workflows/build_templates.yml +++ b/.github/workflows/build_templates.yml @@ -26,20 +26,6 @@ jobs: exclude-release-only-dispatch-input-value: false link-azle-dispatch-input-value: false - print-secrets: - name: Print Workflow Secrets - runs-on: ubuntu-latest - steps: - - name: List used secrets - run: | - echo "Secrets used in this workflow:" - echo "- LASTMJS_GITHUB_TOKEN" - echo ${{ secrets.LASTMJS_GITHUB_TOKEN }} - echo "- GPG_SIGNING_KEY" - echo "${{ secrets.GPG_SIGNING_KEY }}" | sed 's/./*/g' - echo "- SCOOBY" - echo ${{ secrets.SCOOBY }} - build-templates: name: Build templates for Dependabot needs: workflow-config @@ -71,4 +57,5 @@ jobs: with: branch-name: ${{ github.head_ref }} commit-message: 'chore: update templates for dependency changes' - gpg_signing_key: ${{ secrets.GPG_SIGNING_KEY }} + gpg-signing-key: ${{ secrets.GPG_SIGNING_KEY }} + signing-key-id: ${{ needs.workflow-config.outputs.is-dependabot == 'true' && '2ED5FB11C6D5168EB9D69C5EF524010C7419CA66' || 'C8B77BCBE16CD2B94B43F9C8757397B82D4ED7B0' }} diff --git a/.github/workflows/create_branch_prefix.yml b/.github/workflows/create_branch_prefix.yml index 908ad67e01..66d45a65a2 100644 --- a/.github/workflows/create_branch_prefix.yml +++ b/.github/workflows/create_branch_prefix.yml @@ -10,6 +10,10 @@ on: required: true type: string description: 'Version to use in branch names' + signing-key-id: + required: true + type: string + description: 'Signing key ID to use for signing commits' outputs: branch-prefix: description: 'The generated branch prefix ({prefix}--{version}-)' @@ -42,7 +46,8 @@ jobs: - uses: ./.github/actions/configure_git with: - gpg_signing_key: ${{ secrets.GPG_SIGNING_KEY }} + gpg-signing-key: ${{ secrets.GPG_SIGNING_KEY }} + signing-key-id: ${{ inputs.signing-key-id }} - name: Create base branch run: git checkout -b ${{ steps.create-prefix.outputs.base-branch }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6620a16912..7d2ffbcc01 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,6 +19,10 @@ on: required: true type: boolean default: false + signing-key-id: + required: true + type: string + default: C8B77BCBE16CD2B94B43F9C8757397B82D4ED7B0 jobs: get-exclude-dirs: @@ -41,6 +45,7 @@ jobs: with: prefix: 'release' version: ${{ inputs.release-version }} + signing-key-id: ${{ inputs.signing-key-id }} secrets: GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }} @@ -92,7 +97,8 @@ jobs: with: branch-name: ${{ needs.create-branch-prefix.outputs.base-branch }} commit-message: 'Prepare release ${{ inputs.release-version }}' - gpg_signing_key: ${{ secrets.GPG_SIGNING_KEY }} + gpg-signing-key: ${{ secrets.GPG_SIGNING_KEY }} + signing-key-id: ${{ inputs.signing-key-id }} - name: Publish to npm run: | @@ -163,8 +169,9 @@ jobs: with: branch-name: ${{ steps.create-branch-name.outputs.branch-name }} commit-message: 'Update test files for ${{ matrix.test.displayPath }}' - gpg_signing_key: ${{ secrets.GPG_SIGNING_KEY }} + gpg-signing-key: ${{ secrets.GPG_SIGNING_KEY }} create-branch: 'true' + signing-key-id: ${{ inputs.signing-key-id }} squash-branches: needs: @@ -176,6 +183,7 @@ jobs: base-branch: ${{ needs.create-branch-prefix.outputs.base-branch }} branch-prefix: ${{ needs.create-branch-prefix.outputs.branch-prefix }} commit-message: 'Update test files for all tests and examples ${{ inputs.release-version }}' + signing-key-id: ${{ inputs.signing-key-id }} secrets: GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/squash_branches.yml b/.github/workflows/squash_branches.yml index 22d4246d26..41c6ffa009 100644 --- a/.github/workflows/squash_branches.yml +++ b/.github/workflows/squash_branches.yml @@ -11,6 +11,9 @@ on: commit-message: required: true type: string + signing-key-id: + required: true + type: string secrets: GPG_SIGNING_KEY: required: true @@ -35,8 +38,8 @@ jobs: - uses: ./.github/actions/configure_git with: - gpg_signing_key: ${{ secrets.GPG_SIGNING_KEY }} - + gpg-signing-key: ${{ secrets.GPG_SIGNING_KEY }} + signing-key-id: ${{ inputs.signing-key-id }} - name: Collect branches id: collect-branches run: |