sliteteam / github-action-git-crypt-unlock Goto Github PK
View Code? Open in Web Editor NEWGithub Action to unlock git-crypt secrets
License: MIT License
Github Action to unlock git-crypt secrets
License: MIT License
The current bash script in entrypoint.sh
doesn't cope with Base64 strings including new line characters. Unfortunately, these are often included by default when you pipe to base64.
Supplying a string with new lines causes this action to fail with base64: invalid input
. I can replicate the problem locally with the following two lines:
$ export GIT_CRYPT_KEY=$(cat ./original.key | base64)
$ echo $GIT_CRYPT_KEY | base64 --decode > ./copy.key
base64: invalid input
It looks like a simple fix - if we quote the environment variable properly then decoding works correctly. I'll raise a PR.
https://github.com/marketplace/actions/github-action-to-unlock-git-crypt-secrets
( has version number 1.0.2 )
I was using that thinking that it was the latest stable release only to find out later that issues I was having trouble with (like slowness and base64 couldn't handle newlines) were fixed in later releases π
If you could update that marketplace page that would be great !
We found that the task is always stuck in fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/main/x86_64/APKINDEX.tar.gz
step,
no idea if it is related to the gliderlabs/docker-alpine#386.
Hi there,
our github workflow has ben failing since yesterday due what seems to be an expired gpg key. I reckon your repository has not been updated in a couple of years so we suspect the error is originating from here.
Can you please take a look into it? Our implementation is identical to the one in your readme, and we have not encountered this issue in the 2+ years we've been using github-action-git-crypt-unlock
Step 10/15 : RUN apt-get update && apt-get install -y bash curl git g++ make openssl libssl-dev
---> Running in d3bd053a489a
Ign http://deb.debian.org/ jessie InRelease
Get:1 http://deb.debian.org jessie-updates InRelease [16.3 kB]
Get:2 http://security.debian.org jessie/updates InRelease [44.9 kB]
Get:3 http://deb.debian.org jessie Release.gpg [1652 B]
Get:4 http://deb.debian.org jessie Release [77.3 kB]
Ign http://deb.debian.org jessie-updates InRelease
Get:5 http://deb.debian.org jessie-updates/main amd[64](https://github.com/Springworks/starlight/actions/runs/3522657002/jobs/5905886249#step:2:64) Packages [20 B]
Ign http://deb.debian.org/ jessie Release
Get:6 http://deb.debian.org jessie/main amd64 Packages [9098 kB]
Get:7 http://security.debian.org/ jessie/updates/main amd64 Packages [992 kB]
Fetched 10.2 MB in 7s (1367 kB/s)
Reading package lists...
W: GPG error: http://deb.debian.org jessie-updates InRelease: The following signatures were invalid: KEYEXPIRED 1[66](https://github.com/Springworks/starlight/actions/runs/3522657002/jobs/5905886249#step:2:66)8891673
W: GPG error: http://deb.debian.org/ jessie Release: The following signatures were invalid: KEYEXPIRED 1668891[67](https://github.com/Springworks/starlight/actions/runs/3522657002/jobs/5905886249#step:2:67)3
It currently takes 1m 30s on my build to install this action. Is there a way to speed this up, maybe by caching the docker build?
Steps to reproduce:
git-crypt export-key git-crypt-key
This works:
steps:
- ...
- name: git-crypt unlock
run: |
git clone https://github.com/AGWA/git-crypt.git
cd git-crypt
make
sudo make install
cd ..
rm -rf git-crypt
git-crypt unlock git-crypt-key
This does not work
steps:
- name: Set git-crypt key
id: ref
run: echo "::set-output name=git_crypt_key::$(base64 git-crypt-key)" # or cat git-crypt-key | base64
- name: decrypt
uses: sliteteam/[email protected]
env:
GIT_CRYPT_KEY: ${{ steps.ref.outputs.git_crypt_key }}
Once the repo is unlocked, any attempt to commit from the GH Action will result in an error:
"git-crypt" clean: 1: git-crypt: not found
error: external filter '"git-crypt" clean' failed 127
error: external filter '"git-crypt" clean' failed
A declarative, efficient, and flexible JavaScript library for building user interfaces.
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. πππ
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google β€οΈ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.