From e1ba3b73c080ece3233397b59466dfb1e1f9148e Mon Sep 17 00:00:00 2001 From: Vitalii Grygoruk Date: Fri, 29 Apr 2022 16:04:56 +0200 Subject: [PATCH] Support GPG-signed commits, fixes #427 --- cmd/main.go | 2 + cmd/run.go | 2 + .../argocd-image-updater-deployment.yaml | 12 +++++ manifests/install.yaml | 12 +++++ pkg/argocd/update.go | 46 +++++++++++-------- 5 files changed, 55 insertions(+), 19 deletions(-) diff --git a/cmd/main.go b/cmd/main.go index 3a4019dd..ed003f79 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -44,6 +44,8 @@ type ImageUpdaterConfig struct { GitCommitUser string GitCommitMail string GitCommitMessage *template.Template + GitCommitSigningKey string + GitCommitSignOff bool DisableKubeEvents bool } diff --git a/cmd/run.go b/cmd/run.go index 581bc4be..4a6629e8 100644 --- a/cmd/run.go +++ b/cmd/run.go @@ -222,6 +222,8 @@ func newRunCommand() *cobra.Command { runCmd.Flags().BoolVar(&warmUpCache, "warmup-cache", true, "whether to perform a cache warm-up on startup") runCmd.Flags().StringVar(&cfg.GitCommitUser, "git-commit-user", env.GetStringVal("GIT_COMMIT_USER", "argocd-image-updater"), "Username to use for Git commits") runCmd.Flags().StringVar(&cfg.GitCommitMail, "git-commit-email", env.GetStringVal("GIT_COMMIT_EMAIL", "noreply@argoproj.io"), "E-Mail address to use for Git commits") + runCmd.Flags().StringVar(&cfg.GitCommitSigningKey, "git-commit-signing-key", env.GetStringVal("GIT_COMMIT_SIGNING_KEY", ""), "GnuPG key ID used to sign the commits") + runCmd.Flags().BoolVar(&cfg.GitCommitSignOff, "git-commit-sign-off", env.GetBoolVal("GIT_COMMIT_SIGN_OFF", false), "Whether to sign-off git commits") runCmd.Flags().StringVar(&commitMessagePath, "git-commit-message-path", defaultCommitTemplatePath, "Path to a template to use for Git commit messages") runCmd.Flags().BoolVar(&cfg.DisableKubeEvents, "disable-kube-events", env.GetBoolVal("IMAGE_UPDATER_KUBE_EVENTS", false), "Disable kubernetes events") diff --git a/manifests/base/deployment/argocd-image-updater-deployment.yaml b/manifests/base/deployment/argocd-image-updater-deployment.yaml index b5b82607..bbc65ead 100644 --- a/manifests/base/deployment/argocd-image-updater-deployment.yaml +++ b/manifests/base/deployment/argocd-image-updater-deployment.yaml @@ -78,6 +78,18 @@ spec: name: argocd-image-updater-config key: git.email optional: true + - name: GIT_COMMIT_SIGNING_KEY + valueFrom: + configMapKeyRef: + key: git.commit-signing-key + name: argocd-image-updater-config + optional: true + - name: GIT_COMMIT_SIGN_OFF + valueFrom: + configMapKeyRef: + key: git.commit-sign-off + name: argocd-image-updater-config + optional: true - name: IMAGE_UPDATER_KUBE_EVENTS valueFrom: configMapKeyRef: diff --git a/manifests/install.yaml b/manifests/install.yaml index 775ae246..acf5bd36 100644 --- a/manifests/install.yaml +++ b/manifests/install.yaml @@ -159,6 +159,18 @@ spec: key: git.email name: argocd-image-updater-config optional: true + - name: GIT_COMMIT_SIGNING_KEY + valueFrom: + configMapKeyRef: + key: git.commit-signing-key + name: argocd-image-updater-config + optional: true + - name: GIT_COMMIT_SIGN_OFF + valueFrom: + configMapKeyRef: + key: git.commit-sign-off + name: argocd-image-updater-config + optional: true - name: IMAGE_UPDATER_KUBE_EVENTS valueFrom: configMapKeyRef: diff --git a/pkg/argocd/update.go b/pkg/argocd/update.go index c92730dc..31b136c4 100644 --- a/pkg/argocd/update.go +++ b/pkg/argocd/update.go @@ -33,16 +33,18 @@ type ImageUpdaterResult struct { } type UpdateConfiguration struct { - NewRegFN registry.NewRegistryClient - ArgoClient ArgoCD - KubeClient *kube.KubernetesClient - UpdateApp *ApplicationImages - DryRun bool - GitCommitUser string - GitCommitEmail string - GitCommitMessage *template.Template - DisableKubeEvents bool - IgnorePlatforms bool + NewRegFN registry.NewRegistryClient + ArgoClient ArgoCD + KubeClient *kube.KubernetesClient + UpdateApp *ApplicationImages + DryRun bool + GitCommitUser string + GitCommitEmail string + GitCommitMessage *template.Template + GitCommitSigningKey string + GitCommitSignOff bool + DisableKubeEvents bool + IgnorePlatforms bool } type GitCredsSource func(app *v1alpha1.Application) (git.Creds, error) @@ -59,15 +61,17 @@ type WriteBackConfig struct { Method WriteBackMethod ArgoClient ArgoCD // If GitClient is not nil, the client will be used for updates. Otherwise, a new client will be created. - GitClient git.Client - GetCreds GitCredsSource - GitBranch string - GitWriteBranch string - GitCommitUser string - GitCommitEmail string - GitCommitMessage string - KustomizeBase string - Target string + GitClient git.Client + GetCreds GitCredsSource + GitBranch string + GitWriteBranch string + GitCommitUser string + GitCommitEmail string + GitCommitMessage string + GitCommitSigningKey string + GitCommitSignOff bool + KustomizeBase string + Target string } // The following are helper structs to only marshal the fields we require @@ -319,6 +323,10 @@ func UpdateApplication(updateConf *UpdateConfiguration, state *SyncIterationStat if len(changeList) > 0 && updateConf.GitCommitMessage != nil { wbc.GitCommitMessage = TemplateCommitMessage(updateConf.GitCommitMessage, updateConf.UpdateApp.Application.Name, changeList) } + if updateConf.GitCommitSigningKey != "" { + wbc.GitCommitSigningKey = updateConf.GitCommitSigningKey + } + wbc.GitCommitSignOff = updateConf.GitCommitSignOff } if needUpdate {