feat: add git-commit-signing module
Phorcys
2 years ago
parent
08162f5894
commit
8f32c34eb5
@ -0,0 +1,23 @@
|
|||||||
|
---
|
||||||
|
display_name: Git commit signing
|
||||||
|
description: Configures Git to sign commits using your Coder SSH key
|
||||||
|
icon: ../.icons/git.svg
|
||||||
|
maintainer_github: phorcys420
|
||||||
|
verified: false
|
||||||
|
tags: [helper, git]
|
||||||
|
---
|
||||||
|
|
||||||
|
# git-commit-signing
|
||||||
|
|
||||||
|
This module downloads your SSH key from Coder and uses it to sign commits with Git.
|
||||||
|
It requires `jq` to be installed inside your workspace.
|
||||||
|
|
||||||
|
This is not recommended if your workspace can be accessed by other/unwanted people, in the case an administrator account on your Coder account gets breached, the attacker could gain access to your workspace and sign commits on your behalf (since the key is stored in the worksace).
|
||||||
|
If your Coder account gets breached, the SSH key could also be used on your behalf.
|
||||||
|
|
||||||
|
```hcl
|
||||||
|
module "git-commit-signing" {
|
||||||
|
source = "https://registry.coder.com/modules/git-commit-signing"
|
||||||
|
agent_id = coder_agent.example.id
|
||||||
|
}
|
||||||
|
```
|
||||||
@ -0,0 +1,29 @@
|
|||||||
|
terraform {
|
||||||
|
required_version = ">= 1.0"
|
||||||
|
|
||||||
|
required_providers {
|
||||||
|
coder = {
|
||||||
|
source = "coder/coder"
|
||||||
|
version = ">= 0.12"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
locals {
|
||||||
|
icon_url = "https://raw.githubusercontent.com/coder/modules/main/.icons/git.svg"
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "agent_id" {
|
||||||
|
type = string
|
||||||
|
description = "The ID of a Coder agent."
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "coder_script" "git-commit-signing" {
|
||||||
|
display_name = "Git commit signing"
|
||||||
|
icon = local.icon_url
|
||||||
|
|
||||||
|
script = file("${path.module}/run.sh")
|
||||||
|
run_on_start = true
|
||||||
|
|
||||||
|
agent_id = var.agent_id
|
||||||
|
}
|
||||||
@ -0,0 +1,26 @@
|
|||||||
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
|
mkdir -p ~/.ssh
|
||||||
|
|
||||||
|
echo "Downloading SSH key"
|
||||||
|
|
||||||
|
ssh_key=$(curl --request GET \
|
||||||
|
--url "${CODER_AGENT_URL}api/v2/workspaceagents/me/gitsshkey" \
|
||||||
|
--header "Coder-Session-Token: ${CODER_AGENT_TOKEN}")
|
||||||
|
|
||||||
|
jq --raw-output ".public_key" > ~/.ssh/coder.pub <<EOF
|
||||||
|
$ssh_key
|
||||||
|
EOF
|
||||||
|
|
||||||
|
jq --raw-output ".private_key" > ~/.ssh/coder <<EOF
|
||||||
|
$ssh_key
|
||||||
|
EOF
|
||||||
|
|
||||||
|
chmod -R 400 ~/.ssh/coder
|
||||||
|
chmod -R 400 ~/.ssh/coder.pub
|
||||||
|
|
||||||
|
echo "Configuring git to use the SSH key"
|
||||||
|
|
||||||
|
git config --global gpg.format ssh
|
||||||
|
git config --global commit.gpgsign true
|
||||||
|
git config --global user.signingkey ~/.ssh/coder
|
||||||
Loading…
Reference in New Issue