Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add script for signing, verifying, and deploying registry #18

Merged
merged 11 commits into from
Mar 24, 2023
Merged

Add script for signing, verifying, and deploying registry #18

merged 11 commits into from
Mar 24, 2023

Conversation

Mrtenz
Copy link
Member

@Mrtenz Mrtenz commented Mar 21, 2023
edited by ritave
Loading

This adds two new scripts:

  • yarn sign: Signs the registry with the given PRIVATE_KEY environment variable, and writes the signature to src/signature.json.
  • yarn verify: Verifies the signature with the given PUBLIC_KEY environment variable.

It also adds a workflow which will run on commits to main (not on PRs), which checks if the registry.json was updated, and will deploy it to gh-pages if so.

fixes: https://github.com/MetaMask/MetaMask-planning/issues/377

@Mrtenz Mrtenz force-pushed the mrtenz/sign-registry branch from 2ceea77 to 5673658 Compare March 21, 2023 10:46
@Mrtenz Mrtenz changed the title Add script for signing and verifying registry Add script for signing, verifying, and deploying registry Mar 21, 2023
@Mrtenz Mrtenz marked this pull request as ready for review March 21, 2023 12:00
@Mrtenz Mrtenz requested a review from a team as a code owner March 21, 2023 12:00
@Mrtenz Mrtenz mentioned this pull request Mar 21, 2023
Merged
FrederikBolding
FrederikBolding reviewed Mar 21, 2023
View reviewed changes
Copy link
Member

@FrederikBolding FrederikBolding left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code here looks good to me. A few questions about whether this is the direction we should go or not. Will leave them to @ritave

.github/workflows/main.yml Show resolved Hide resolved
scripts/verify-registry.ts Outdated
* The `PUBLIC_KEY` environment variable must be set to the public key of the
* private key that was used to sign the registry.
*/
async function main() {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should probably go into snaps-utils so we can use it in the SnapController to verify.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unless we manually sign, then this is a good check for CI to do.

ritave
ritave reviewed Mar 21, 2023
View reviewed changes
Copy link
Contributor

@ritave ritave left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like it

.github/workflows/main.yml Show resolved Hide resolved
ritave
ritave previously approved these changes Mar 24, 2023
View reviewed changes
ritave
ritave previously approved these changes Mar 24, 2023
View reviewed changes
@Mrtenz Mrtenz merged commit a6ff2a5 into main Mar 24, 2023
@Mrtenz Mrtenz deleted the mrtenz/sign-registry branch March 24, 2023 14:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@FrederikBolding FrederikBolding FrederikBolding left review comments

@ritave ritave ritave approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Mrtenz @FrederikBolding @ritave