Skip to content

Commit a768f2a

Browse files
paymandpaymand
authored
Add codecov's PGP public key (#28)
1 parent e066cff commit a768f2a

File tree

4 files changed

+97
-4
lines changed

4 files changed

+97
-4
lines changed

hooks/post-command

Lines changed: 16 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -72,14 +72,26 @@ get_codecov_uploader() {
7272
fi
7373

7474
# One-time step
75-
curl \
76-
-fSs \
77-
--retry 5 \
78-
https://keybase.io/codecovsecurity/pgp_keys.asc \
75+
if [[ "${BUILDKITE_PLUGIN_CODECOV_PGP_PUBLIC_KEY_URL-"false"}" = "" ]]; then
76+
debug "Importing bundled Codecov's PGP public key : $(pwd)/pgp_keys.asc"
77+
cat "$(pwd)/pgp_keys.asc" \
7978
| gpg \
8079
--no-default-keyring \
8180
--keyring trustedkeys.gpg \
8281
--import
82+
else
83+
local codecov_pgp_public_key_url="${BUILDKITE_PLUGIN_CODECOV_PGP_PUBLIC_KEY_URL-"https://keybase.io/codecovsecurity/pgp_keys.asc"}"
84+
debug "Downloading and importing Codecov's PGP public key from : ${codecov_pgp_public_key_url}"
85+
curl \
86+
-fSs \
87+
--retry 5 \
88+
"${codecov_pgp_public_key_url}" \
89+
| gpg \
90+
--no-default-keyring \
91+
--keyring trustedkeys.gpg \
92+
--import
93+
fi
94+
8395
local file
8496
for file in codecov codecov.SHA256SUM codecov.SHA256SUM.sig
8597
do

pgp_keys.asc

Lines changed: 54 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,54 @@
1+
-----BEGIN PGP PUBLIC KEY BLOCK-----
2+
Comment: Codecov Uploader (Codecov Uploader Verification Key)
3+
Comment: https://keybase.io/codecovsecurity/pgp_keys.asc
4+
5+
mQINBGCsMn0BEACiCKZOhkbhUjb+obvhH49p3ShjJzU5b/GqAXSDhRhdXUq7ZoGq
6+
KEKCd7sQHrCf16Pi5UVacGIyE9hS93HwY15kMlLwM+lNeAeCglEscOjpCly1qUIr
7+
sN1wjkd2cwDXS6zHBJTqJ7wSOiXbZfTAeKhd6DuLEpmA+Rz4Yc+4qZP+fVxVG3Pv
8+
2v06m+E5CP/JQVQPO8HYi+S36hJImTh+zaDspu+VujSai5KzJ6YKmgwslVNIp5X5
9+
GnEr2uAh5w6UTnt9UQUjFFliAvQ3lPLWzm7DWs6AP9hslYxSWzwbzVF5qbOIjUJL
10+
KfoUpvCYDs2ObgRn8WUQO0ndkRCBIxhlF3HGGYWKQaCEsiom7lyi8VbAszmUCDjw
11+
HdbQHFmm5yHLpTXJbg+iaxQzKnhWVXzye5/x92IJmJswW81Ky346VxYdC1XFL/+Y
12+
zBaj9oMmV7WfRpdch09Gf4TgosMzWf3NjJbtKE5xkaghJckIgxwzcrRmF/RmCJue
13+
IMqZ8A5qUUlK7NBzj51xmAQ4BtkUa2bcCBRV/vP+rk9wcBWz2LiaW+7Mwlfr/C/Q
14+
Swvv/JW2LsQ4iWc1BY7m7ksn9dcdypEq/1JbIzVLCRDG7pbMj9yLgYmhe5TtjOM3
15+
ygk25584EhXSgUA3MZw+DIqhbHQBYgrKndTr2N/wuBQY62zZg1YGQByD4QARAQAB
16+
tEpDb2RlY292IFVwbG9hZGVyIChDb2RlY292IFVwbG9hZGVyIFZlcmlmaWNhdGlv
17+
biBLZXkpIDxzZWN1cml0eUBjb2RlY292LmlvPokCTgQTAQoAOBYhBCcDTn/bhQ4L
18+
vCxi/4Brsortd5hpBQJgrDJ9AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJ
19+
EIBrsortd5hpxLMP/3Fbgx5EG7zUUOqPZ+Ya9z8JlZFIkh3FxYMfMFE8jH9Es26F
20+
V2ZTJLO259MxM+5N0XzObi3h4XqIzBn42pDRfwtojY5wl2STJ9Bzu+ykPog7OB1u
21+
yfWXDRKcqPTUIxI1/WdU+c0/WNE6wjyzK+lRc1YUlp4pdNU7l+j2vKN+jGi2b6nV
22+
PTPRsMcwy3B90fKf5h2wNMNqO+KX/rjgpG9Uhej+xyFWkGM1tZDQQYFj+ugQUj61
23+
BMsQrUmxOnaVVnix21cHnACDCaxqgQZH3iZyEOKPNMsRFRP+0fLEnUMP+DVnQE6J
24+
Brk1Z+XhtjGI9PISQVx5KKDKscreS/D5ae2Cw/FUlQMf57kir6mkbZVhz2khtccz
25+
atD0r59WomNywIDyk1QfAKV0+O0WeJg8A69/Jk6yegsrUb5qEfkih/I38vvI0OVL
26+
BYve/mQIHuQo5ziBptNytCrN5TXHXzguX9GOW1V1+3DR+w/vXcnz67sjlYDysf1f
27+
JUZv9edZ2RGKW7agbrgOw2hB+zuWZ10tjoEcsaSGOLtKRGFDfmu/dBxzl8yopUpa
28+
Tn79QKOieleRm5+uCcKCPTeKV0GbhDntCZJ+Yiw6ZPmrpcjDowAoMQ9kiMVa10+Q
29+
WwwoaRWuqhf+dL6Q2OLFOxlyCDKVSyW0YF4Vrf3fKGyxKJmszAL+NS1mVcdxuQIN
30+
BGCsMn0BEADLrIesbpfdAfWRvUFDN+PoRfa0ROwa/JOMhEgVsowQuk9No8yRva/X
31+
VyiA6oCq6na7IvZXMxT7di4FWDjDtw5xHjbtFg336IJTGBcnzm7WIsjvyyw8kKfB
32+
8cvG7D2OkzAUF8SVXLarJ1zdBP/Dr1Nz6F/gJsx5+BM8wGHEz4DsdMRV7ZMTVh6b
33+
PaGuPZysPjSEw62R8MFJ1fSyDGCKJYwMQ/sKFzseNaY/kZVR5lq0dmhiYjNVQeG9
34+
HJ6ZCGSGT5PKNOwx/UEkT6jhvzWgfr2eFVGJTcdwSLEgIrJIDzP7myHGxuOiuCmJ
35+
ENgL1f7mzGkJ/hYXq1RWqsn1Fh2I9KZMHggqu4a+s3RiscmNcbIlIhJLXoE1bxZ/
36+
TfYZ9Aod6Bd5TsSMTZNwV2am9zelhDiFF60FWww/5nEbhm/X4suC9W86qWBxs3Kh
37+
vk1dxhElRjtgwUEHA5OFOO48ERHfR7COH719D/YmqLU3EybBgJbGoC/yjlGJxv0R
38+
kOMAiG2FneNKEZZihReh8A5Jt6jYrSoHFRwL6oJIZfLezB7Rdajx1uH7uYcUyIaE
39+
SiDWlkDw/IFM315NYFA8c1TCSIfnabUYaAxSLNFRmXnt+GQpm44qAK1x8EGhY633
40+
e5B4FWorIXx0tTmsVM4rkQ6IgAodeywKG+c2Ikd+5dQLFmb7dW/6CwARAQABiQI2
41+
BBgBCgAgFiEEJwNOf9uFDgu8LGL/gGuyiu13mGkFAmCsMn0CGwwACgkQgGuyiu13
42+
mGkYWxAAkzF64SVpYvY9nY/QSYikL8UHlyyqirs6eFZ3Mj9lMRpHM2Spn9a3c701
43+
0Ge4wDbRP2oftCyPP+p9pdUA77ifMTlRcoMYX8oXAuyE5RT2emBDiWvSR6hQQ8bZ
44+
WFNXal+bUPpaRiruCCUPD2b8Od1ftzLqbYOosxr/m5Du0uahgOuGw6zlGBJCVOo7
45+
UB2Y++oZ8P7oDGF722opepWQ+bl2a6TRMLNWWlj4UANknyjlhyZZ7PKhWLjoC6MU
46+
dAKcwQUdp+XYLc/3b00bvgju0e99QgHZMX2fN3d3ktdN5Q2fqiAi5R6BmCCO4ISF
47+
o5j10gGU/sdqGHvNhv5C21ibun7HEzMtxBhnhGmytfBJzrsj7GOReePsfTLoCoUq
48+
dFMOAVUDciVfRtL2m8cv42ZJOXtPfDjsFOf8AKJk40/tc8mMMqZP7RVBr9RWOoq5
49+
y9D37NfI6UB8rPZ6qs0a1Vfm8lIh2/k1AFECduXgftMDTsmmXOgXXS37HukGW7AL
50+
QKWiWJQF/XopkXwkyAYpyuyRMZ77oF7nuqLFnl5VVEiRo0Fwu45erebc6ccSwYZU
51+
8pmeSx7s0aJtxCZPSZEKZ3mn0BXOR32Cgs48CjzFWf6PKucTwOy/YO0/4Gt/upNJ
52+
3DyeINcYcKyD08DEIF9f5tLyoiD4xz+N23ltTBoMPyv4f3X/wCQ=
53+
=ch7z
54+
-----END PGP PUBLIC KEY BLOCK-----

plugin.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,8 @@ configuration:
1414
type: boolean
1515
uploader_version:
1616
type: string
17+
pgp_public_key_url:
18+
type: string
1719
tmp_dir:
1820
type: string
1921
docker_image:

tests/command.bats

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@ trap cleanup EXIT
1313

1414
setup() {
1515
export BUILDKITE_BUILD_CHECKOUT_PATH=$tmp_dir
16+
cp ./pgp_keys.asc $tmp_dir
1617
export BUILDKITE_JOB_ID=0
1718
export BUILDKITE_COMMAND=my-command
1819
export codecov_command="/tmp/codecov-buildkite-plugin/alpine/latest/codecov"
@@ -53,6 +54,30 @@ setup() {
5354
assert_output --partial "Ran Codecov in docker"
5455
}
5556

57+
@test "Post-command succeeds with custom PGP public key URL" {
58+
export BUILDKITE_PLUGIN_CODECOV_PGP_PUBLIC_KEY_URL="https://keybase.io/codecovsecurity/pgp_keys.asc"
59+
60+
stub docker \
61+
"run -e CODECOV_ENV -e CODECOV_TOKEN -e CODECOV_URL -e CODECOV_SLUG -e VCS_COMMIT_ID -e VCS_BRANCH_NAME -e VCS_PULL_REQUEST -e VCS_SLUG -e VCS_TAG -e CI_BUILD_URL -e CI_BUILD_ID -e CI_JOB_ID --label com.buildkite.job-id=${BUILDKITE_JOB_ID} --workdir=/workdir --volume=${BUILDKITE_BUILD_CHECKOUT_PATH}:/workdir --volume=/tmp:/tmp -it --rm buildpack-deps:jessie-scm bash -c '${codecov_command} ' : echo Ran Codecov in docker"
62+
63+
run "$post_command_hook"
64+
65+
assert_success
66+
assert_output --partial "Ran Codecov in docker"
67+
}
68+
69+
@test "Post-command succeeds with empty PGP public key URL" {
70+
export BUILDKITE_PLUGIN_CODECOV_PGP_PUBLIC_KEY_URL=""
71+
72+
stub docker \
73+
"run -e CODECOV_ENV -e CODECOV_TOKEN -e CODECOV_URL -e CODECOV_SLUG -e VCS_COMMIT_ID -e VCS_BRANCH_NAME -e VCS_PULL_REQUEST -e VCS_SLUG -e VCS_TAG -e CI_BUILD_URL -e CI_BUILD_ID -e CI_JOB_ID --label com.buildkite.job-id=${BUILDKITE_JOB_ID} --workdir=/workdir --volume=${BUILDKITE_BUILD_CHECKOUT_PATH}:/workdir --volume=/tmp:/tmp -it --rm buildpack-deps:jessie-scm bash -c '${codecov_command} ' : echo Ran Codecov in docker"
74+
75+
run "$post_command_hook"
76+
77+
assert_success
78+
assert_output --partial "Ran Codecov in docker"
79+
}
80+
5681
@test "Post-command succeeds with -Z" {
5782
export BUILDKITE_PLUGIN_CODECOV_ARGS_0="-Z"
5883

0 commit comments

Comments
 (0)