-
Notifications
You must be signed in to change notification settings - Fork 272
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support GPG-signed commits, fixes #427 #428
base: master
Are you sure you want to change the base?
Support GPG-signed commits, fixes #427 #428
Conversation
Codecov Report
@@ Coverage Diff @@
## master #428 +/- ##
==========================================
- Coverage 65.60% 65.50% -0.10%
==========================================
Files 21 21
Lines 2035 2038 +3
==========================================
Hits 1335 1335
- Misses 571 574 +3
Partials 129 129
📣 Codecov can now indicate which changes are the most critical in Pull Requests. Learn more |
Sorry for being so late on this PR! Reading through the code, I have the feeling that some part of the code may be missing? I see configuration around setting the signing key and sign-off functions, but I don't see any code changes to the Git client to actually perform the signing or sign-off. |
Hey @jannfis . Thank you for looking into this.
|
Oops. Thanks, then it was probably dead code all the time. Would you mind writing documentation for this? In order to sign commits with PGP, I assume some private key ring needs to be mounted to the pod. Could you include step-by-step instructions for people on how to do this? Thanks! |
Have gpg+gnupg installed, and then something like:
and also
Would be nice to get this in since it's almost 2y old now?! |
We ended up changing our setup to use |
TBH I ended up just having a CI pipeline update the kustomization in my repo because of all the issues with Argo with overrides with branches and/or submodules - it just doesn't work (the override makes 'changes' in the repo, then when Argo subsequently tries to pull new submodules or switch branches, git says you have uncommitted changes and now you're screwed) Kind of annoying in the end that I spent hours of frustration dealing with the aforementioned bug, not having GPG-ability and everything that I got the same result with like 3 lines of pipeline code :/ Not to diss on the project but, I feel like there's a lot of cases where the image updater would be used and perhaps should be part of Argo itself not an add-on. Smaller teams aren't always making helm charts for each internal service/app letalone specifically versioning them letalone wanting to bump a version everytime they commit something and want to review it deployed, all of those cases (and many more I'm sure) don't end up updating the manifests (especially when the image is targeting 'latest' or 'staging' tag or something) and thus Argo doesn't sync, obviously this is known since image updater exists but again I think this should be a 1st class thing, not an alpha add-on that seems to be collecting a bit of dust already :/ |
Fixes #427