fix: specify secrets correctly (#550)

snyk · Jun 19, 2024 · f0adf31 · f0adf31
1 parent 243e216
commit f0adf31
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 6 deletions.
diff --git a/.github/create-cli-pr.sh b/.github/create-cli-pr.sh
@@ -18,19 +18,25 @@
 set -ex
 
 CLI_DIR=$(mktemp -d)
-git clone --depth 1 https://github.com/snyk/cli $CLI_DIR
+gh repo clone git@github.com:snyk/cli.git $CLI_DIR -- --depth=1
 pushd $CLI_DIR
   UPGRADE=$(go run scripts/upgrade-snyk-go-dependencies.go --name=snyk-ls)
   LS_VERSION=$(echo $UPGRADE | sed 's/.*Sha: \(.*\) URL.*/\1/')
   BRANCH=feat/automatic-upgrade-of-ls-to-$LS_VERSION
+  BASE=$(git log --pretty=tformat:"%h" -n1 .)
   git checkout -b $BRANCH
 
-  git config --global user.email "team-ide-user@snyk.io"
-  git config --global user.name "Snyk Team IDE User"
+  git config --global user.email "team-ide@snyk.io"
+  git config --global user.name "Snyk Team IDE"
+  git config --global gpg.format ssh
+  git config --global commit.gpgsign true
+
+  echo $PUB_SIGNING_KEY > signingkey.pub
+  git config --global user.signingkey ./signingkey.pub
 
   git commit -am "feat: automatic integration of language server $LS_VERSION"
   git push --set-upstream origin $BRANCH
 
   COMMIT_HASH=$(git log --pretty=tformat:"%h" -n1 .)
-  gh pr create --repo github.com/snyk/cli --base main --fill-verbose --head $COMMIT_HASH --title "feat(language-server): integrate LS (automatic PR) ($LS_VERSION)" --body "$(echo $UPGRADE | sed 's/.*Message: \(.*\) URL.*$/\1/')"
+  gh pr create --repo github.com/snyk/cli --base main --head $BRANCH --title "feat(language-server): integrate LS ($LS_VERSION)" --body "$(echo $UPGRADE | sed 's/.*Message: \(.*\) URL.*$/\1/')"
 popd
diff --git a/.github/workflows/create-cli-pr.yaml b/.github/workflows/create-cli-pr.yaml
@@ -21,8 +21,14 @@ jobs:
         with:
           go-version: ${{ env.GO_VERSION }}
 
+      - uses: webfactory/ssh-agent@v0.9.0
+        with:
+          ssh-private-key: ${{ secrets.TEAM_IDE_USER_SSH }}
+
       - name: Create PR in CLI to integrate LS
         env:
-          GH_TOKEN: ${{ HAMMERHEAD_GITHUB_PAT_SNYKLS }}
+          GH_TOKEN: ${{ secrets.HAMMERHEAD_GITHUB_PAT_SNYKLS }}
+          GITHUB_TOKEN: ${{ secrets.HAMMERHEAD_GITHUB_PAT_SNYKLS }}
+          PUB_SIGNING_KEY: ${{ secrets.TEAM_IDE_USER_SSH_PUB }}
         run: |
           .github/create-cli-pr.sh
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -153,8 +153,14 @@ jobs:
         run: |
           .github/upload-to-s3.sh
 
+      - uses: webfactory/ssh-agent@v0.9.0
+        with:
+          ssh-private-key: ${{ secrets.TEAM_IDE_USER_SSH }}
+
       - name: Create PR in CLI to integrate LS
         env:
-          GH_TOKEN: ${{ HAMMERHEAD_GITHUB_PAT_SNYKLS }}
+          GH_TOKEN: ${{ secrets.HAMMERHEAD_GITHUB_PAT_SNYKLS }}
+          GITHUB_TOKEN: ${{ secrets.HAMMERHEAD_GITHUB_PAT_SNYKLS }}
+          PUB_SIGNING_KEY: ${{ secrets.TEAM_IDE_USER_SSH_PUB }}
         run: |
           .github/create-cli-pr.sh