123456789101112131415161718192021222324252627282930313233343536373839404142434445464748 |
- # SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
- # SPDX-License-Identifier: MIT
- name: Update code signing revocation list
- on:
- workflow_dispatch:
- schedule:
- - cron: "5 2 * * *"
- jobs:
- update-code-signing-crl:
- runs-on: ubuntu-latest
- strategy:
- fail-fast: false
- matrix:
- branches: ['master', 'stable29', 'stable28', 'stable27', 'stable26', 'stable25', 'stable24', 'stable23', 'stable22']
- name: update-code-signing-crl-${{ matrix.branches }}
- steps:
- - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
- with:
- ref: ${{ matrix.branches }}
- submodules: true
- - name: Download CRL file from Appstore repository
- run: curl --output resources/codesigning/root.crl https://raw.githubusercontent.com/nextcloud/appstore/master/nextcloudappstore/certificate/nextcloud.crl
- - name: Verify CRL is from CRT
- run: openssl crl -verify -in resources/codesigning/root.crl -CAfile resources/codesigning/root.crt -noout
- - name: Create Pull Request
- uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e
- with:
- token: ${{ secrets.COMMAND_BOT_PAT }}
- commit-message: 'fix(security): Update code signing revocation list'
- committer: GitHub <noreply@github.com>
- author: nextcloud-command <nextcloud-command@users.noreply.github.com>
- signoff: true
- branch: 'automated/noid/${{ matrix.branches }}-update-code-signing-crl'
- title: '[${{ matrix.branches }}] fix(security): Update code signing revocation list'
- body: |
- Auto-generated update of code signing revocation list from [Appstore](https://github.com/nextcloud/appstore/commits/master/nextcloudappstore/certificate/nextcloud.crl)
- labels: |
- dependencies
- 3. to review
- reviewers: mgallien, miaulalala, nickvergessen
|