Update-workflows-git-signing (#3725)

* crowdin workflow update * version bump workflow update * pinned gha for importing gpg key * added steps for kv + updated import gpg key action * Updated crowdin workflow to utilize kv
2025-01-03 18:28:13 +01:00 · 2022-10-13 15:47:13 -06:00 · 2022-10-13 15:47:13 -06:00 · dff15b6e8e
commit dff15b6e8e
parent ff380e7646
2 changed files with 30 additions and 7 deletions
--- a/.github/workflows/crowdin-pull.yml
+++ b/.github/workflows/crowdin-pull.yml
@ -32,10 +32,10 @@ jobs:

      - name: Retrieve secrets
        id: retrieve-secrets
-        uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af
+        uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af 
        with:
-          keyvault: "bitwarden-prod-kv"
-          secrets: "crowdin-api-token"
+          keyvault: "bitwarden-prod-kv"               
+          secrets: "crowdin-api-token, github-gpg-private-key, github-gpg-private-key-passphrase"

      - name: Download translations
        uses: bitwarden/gh-actions/crowdin@05052c5c575ceb09ceea397fe241879e199ed44b
@ -49,11 +49,14 @@ jobs:
          upload_sources: false
          upload_translations: false
          download_translations: true
-          github_user_name: "github-actions"
-          github_user_email: "<>"
+          github_user_name: "bitwarden-devops-bot"
+          github_user_email: "106330231+bitwarden-devops-bot@users.noreply.github.com"
          commit_message: "Autosync the updated translations"
          localization_branch_name: crowdin-auto-sync-${{ matrix.app_name }}
          create_pull_request: true
          pull_request_title: "Autosync Crowdin Translations for ${{ matrix.app_name }}"
          pull_request_body: "Autosync the updated translations"
          working_directory: apps/${{ matrix.app_name }}
+          gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }}
+          gpg_passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}
+
--- a/.github/workflows/version-bump.yml
+++ b/.github/workflows/version-bump.yml
@ -29,6 +29,26 @@ jobs:
      - name: Checkout Branch
        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579

+      - name: Login to Azure - Prod Subscription
+        uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
+        with:
+         creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+
+      - name: Retrieve secrets
+        id: retrieve-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af
+        with:
+          keyvault: "bitwarden-prod-kv"
+          secrets: "github-gpg-private-key, github-gpg-private-key-passphrase"
+
+      - name: Import GPG key
+        uses: crazy-max/ghaction-import-gpg@c8bb57c57e8df1be8c73ff3d59deab1dbc00e0d1
+        with:
+          gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }}
+          passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+
      - name: Create Version Branch
        id: branch
        env:
@ -104,8 +124,8 @@ jobs:

      - name: Setup git
        run: |
-          git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
-          git config --local user.name "github-actions[bot]"
+          git config --local user.email "106330231+bitwarden-devops-bot@users.noreply.github.com"
+          git config --local user.name "bitwarden-devops-bot"

      - name: Check if version changed
        id: version-changed