From 51209310923db8d9c544ee432a2ff8652f3176ac Mon Sep 17 00:00:00 2001 From: Kjeld Schouten Date: Sun, 7 May 2023 13:14:59 +0200 Subject: [PATCH] Update fetch_helm_deps.sh Signed-off-by: Kjeld Schouten --- .github/scripts/fetch_helm_deps.sh | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/.github/scripts/fetch_helm_deps.sh b/.github/scripts/fetch_helm_deps.sh index 1c12eb4c62b..32b49463c26 100755 --- a/.github/scripts/fetch_helm_deps.sh +++ b/.github/scripts/fetch_helm_deps.sh @@ -21,6 +21,17 @@ trains=( "dependency" ) +load_gpg_key() { +echo "" +echo "⏬ Downloading and Loading TrueCharts pgp Public Key" +gpg_dir=.cr-gpg +mkdir "$gpg_dir" +curl https://keybase.io/hashicorp/pgp_keys.asc | gpg --dearmor > $gpg_dir/pubring.gpg || echo "❌ Couldn't load Public Key." && exit 1 +echo "✅ Public Key loaded successfully..." +echo "" +} +export -f load_gpg_key + download_deps() { local train_chart="$1" @@ -86,19 +97,20 @@ for idx in $(eval echo "{0..$length}"); do mkdir -p "$cache_path/$repo_dir" wget --quiet "$dep_url" -P "$cache_path/$repo_dir" wget --quiet "$dep_url.prov" -P "$cache_path/$repo_dir" + if [ ! $? ]; then echo "❌ wget encountered an error..." - helm dependency build "$charts_path/$train_chart/Chart.yaml" --verify --keyring $gpg_dir/secring.gpg || helm dependency update "$charts_path/$train_chart/Chart.yaml" --verify --keyring $gpg_dir/secring.gpg || exit 1 + helm dependency build "$charts_path/$train_chart/Chart.yaml" --verify --keyring $gpg_dir/pubring.gpg || helm dependency update "$charts_path/$train_chart/Chart.yaml" --verify --keyring $gpg_dir/pubring.gpg || exit 1 fi if [ -f "$cache_path/$repo_dir/$name-$version.tgz" ]; then echo "✅ Dependency Downloaded!" echo "Validating dependency signature..." - helm verify $cache_path/$repo_dir/$name-$version.tgz --keyring $gpg_dir/secring.gpg || helm verify $cache_path/$repo_dir/$name-$version.tgz --keyring $gpg_dir/secring.gpg || echo "❌ Failed to verify dependency chart signature" && exit 1 + helm verify $cache_path/$repo_dir/$name-$version.tgz --keyring $gpg_dir/pubring.gpg || helm verify $cache_path/$repo_dir/$name-$version.tgz --keyring $gpg_dir/pubring.gpg || echo "❌ Failed to verify dependency chart signature" && exit 1 else echo "❌ Failed to download dependency" # Try helm dependency build/update or otherwise fail fast if a dep fails to download... - helm dependency build "$charts_path/$train_chart/Chart.yaml" --verify --keyring $gpg_dir/secring.gpg || helm dependency update "$charts_path/$train_chart/Chart.yaml" --verify --keyring $gpg_dir/secring.gpg || exit 1 + helm dependency build "$charts_path/$train_chart/Chart.yaml" --verify --keyring $gpg_dir/pubring.gpg || helm dependency update "$charts_path/$train_chart/Chart.yaml" --verify --keyring $gpg_dir/pubring.gpg || exit 1 fi fi echo "" @@ -118,7 +130,9 @@ for idx in $(eval echo "{0..$length}"); do fi done } -export -f download_deps +export -f + +load_gpg_key if [ -z "$1" ]; then for train in "${trains[@]}"; do