diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 7d12f58..afbb4f2 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -134,7 +134,6 @@ package-docker-image: - test-ci-cd only: - branches - when: manual artifacts: expire_in: 1 week name: wf-image-dood-$BUILD_VARIANT-$CI_COMMIT_BRANCH-$CI_COMMIT_SHORT_SHA @@ -148,39 +147,26 @@ encrypt: - job: package-docker-image artifacts: true before_script: - # Install GnuPG - apk add --no-cache gnupg script: - # Import GPG keys (assuming they're configured as CI/CD variables) - # You may need to set GPG_PRIVATE_KEY as a CI/CD variable containing your private key - | if [ -n "$GPG_PRIVATE_KEY" ]; then gpg --batch --import "$GPG_PRIVATE_KEY" else echo "Warning: GPG_PRIVATE_KEY not set. Using existing keyring." fi - - # Encrypt and sign using the passphrase from pipeline input or CI/CD variable - # The passphrase can come from either the pipeline input or a CI/CD variable - #- | - # PASSPHRASE="${INPUT_GPG_PASSPHRASE:-$GPG_PASSPHRASE}" - # - # if [ -z "$PASSPHRASE" ]; then - # echo "Error: No passphrase provided. Set gpg_passphrase input or GPG_PASSPHRASE variable." - # exit 1 - # fi - + - echo "$GPG_PUBLIC_KEY" | gpg --import + # WIP + - echo 'DD0007338E2C43BD553D569377D9D93F96483723:6:' | gpg --import-ownertrust - echo "Encrypting hello-world.tar.gz..." - | - echo "$[[ inputs.gpg_passphrase ]]" | gpg --batch --yes \ + gpg --batch --yes \ --pinentry-mode loopback \ - --passphrase-fd 0 \ - --encrypt \ - --sign \ - -r matthew.binning@whitefoxdefense.com \ + --passphrase-fd 3 \ + --sign --default-key B35BF119FC3AE04C \ + --encrypt -r 6C4C078A1C72925E \ -o hello-world.tar.gz.gpg \ - hello-world.tar.gz - # Verify the encrypted file was created + hello-world.tar.gz 3<<<"$[[ inputs.gpg_passphrase ]]" - | if [ -f "hello-world.tar.gz.gpg" ]; then echo "Encryption successful!"