ci/contributing: verify donation address/qr's are signed #2394
Conversation
✅ Deploy Preview for barolo-time-757cf9 ready!Built without sensitive environment variables
To edit notification comments on pull requests, go to your Netlify site configuration. |
plowsof
force-pushed
the
contrib_data
branch
16 times, most recently
from
4565b88 to
0b5731e
Compare
|
LGTM. I have no preference over who signs the file, as long as its signed and correct. if using your key, perhaps we should use your pgp key from the gitian.sigs repo(?). |
|
My plan is to either:
i have sanity checked that the workflow fails correctly:
after first approval(s) i can proceed with 2 then 1 or 1* |
| run: | | ||
| yaml="_data/contributing.yml" | ||
| get_yaml_value() { | ||
| awk -v key="$1:" '$1 == key {print $2}' "$yaml" |
There was a problem hiding this comment.
I'm not familiar with awk but looks like easy to break things when the content of the site changed a bit. Is it?
There was a problem hiding this comment.
awk is a text processor and $1 processes the first argument $2 the second etc.
an example is
echo uhh nah | awk '{print $2 $1}'
There was a problem hiding this comment.
also, we're only looking at "contributing.yml" . this is a hack to access yaml variables. astro has no problem importing yml files / using their variables so the same signed file will be usable by both.
|
Thank you for the reviews. i will ask bF to sign the file for us |
with this PR i have moved the general fund donation addresses/qr checksums into a _data file that can be signed. this is confirmed in the workflow
thoughts? if this is useful we can ask bF to verify/sign the file.
to sign: (whilst in _data)
gpg --output contributing.yml.asc --armor --detach-sig contributing.ymloverwrite existing file ✔️