Skip to content

Commit 2deb1ed

Browse files
MyroTkMyroTk
authored
release cicd: suppress gpg outputs
1 parent c25e57f commit 2deb1ed

1 file changed

Lines changed: 15 additions & 7 deletions

File tree

.github/workflows/sign_and_release.yml

Lines changed: 15 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -482,20 +482,28 @@ jobs:
482482
- name: Process GPG key
483483
run: |
484484
echo "Processing GPG key..."
485-
if ! aws secretsmanager get-secret-value --secret-id arn:aws:secretsmanager:us-east-1:446527654354:secret:altinity_staging_gpg-Rqbe8S --query SecretString --output text | sed -e "s/^'//" -e "s/'$//" | jq -r '.altinity_staging_gpg | @base64d' | gpg --batch --import; then
485+
if ! aws secretsmanager get-secret-value --secret-id arn:aws:secretsmanager:us-east-1:446527654354:secret:altinity_staging_gpg-Rqbe8S --query SecretString --output text | sed -e "s/^'//" -e "s/'$//" | jq -r '.altinity_staging_gpg | @base64d' | gpg --quiet --batch --import >/dev/null 2>&1; then
486486
echo "Failed to import GPG key"
487487
exit 1
488488
fi
489-
gpg --list-secret-keys --with-keygrip
490-
gpgconf --kill gpg-agent
491-
gpg-agent --daemon --allow-preset-passphrase
489+
gpg --quiet --list-secret-keys --with-keygrip >/dev/null 2>&1
490+
gpgconf --kill gpg-agent >/dev/null 2>&1
491+
gpg-agent --daemon --allow-preset-passphrase >/dev/null 2>&1
492492
if ! aws ssm get-parameter --name /gitlab-runner/key-encrypting-key --with-decryption --query Parameter.Value --output text | sudo tee /root/.key-encrypting-key >/dev/null; then
493493
echo "Failed to get key encrypting key"
494494
exit 1
495495
fi
496-
GPG_KEY_NAME=$(gpg --list-secret-keys | grep uid | head --lines 1 | tr -s " " | cut -d " " -f 4-)
497-
GPG_KEY_ID=$(gpg --list-secret-keys --with-keygrip "${GPG_KEY_NAME}" | grep Keygrip | head --lines 1 | tr -s " " | cut -d " " -f 4)
498-
echo "$GPG_PASSPHRASE" | base64 -d | sudo openssl enc -d -aes-256-cbc -pbkdf2 -pass file:/root/.key-encrypting-key -in - -out - | /usr/lib/gnupg/gpg-preset-passphrase --preset $GPG_KEY_ID
496+
GPG_KEY_NAME=$(gpg --quiet --list-secret-keys | grep uid | head --lines 1 | tr -s " " | cut -d " " -f 4-)
497+
GPG_KEY_ID=$(gpg --quiet --list-secret-keys --with-keygrip "${GPG_KEY_NAME}" | grep Keygrip | head --lines 1 | tr -s " " | cut -d " " -f 4)
498+
echo "$GPG_PASSPHRASE" | base64 -d | sudo openssl enc -d -aes-256-cbc -pbkdf2 -pass file:/root/.key-encrypting-key -in - -out - | /usr/lib/gnupg/gpg-preset-passphrase --preset $GPG_KEY_ID >/dev/null 2>&1
499+
500+
- name: Install Ansible
501+
run: |
502+
echo "Installing Ansible..."
503+
sudo apt-get update
504+
sudo apt-get install -y software-properties-common
505+
sudo apt-add-repository --yes --update ppa:ansible/ansible
506+
sudo apt-get install -y ansible
499507
500508
- name: Run Ansible playbook
501509
run: |

0 commit comments

Comments
 (0)