Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automate CA certificate bundle update #34107

Merged
merged 3 commits into from
Sep 18, 2022
Merged

Automate CA certificate bundle update #34107

merged 3 commits into from
Sep 18, 2022

Conversation

nickvergessen
Copy link
Member

Signed-off-by: Joas Schilling [email protected]

@nickvergessen nickvergessen added 3. to review Waiting for reviews security labels Sep 16, 2022
@nickvergessen nickvergessen added this to the Nextcloud 25 milestone Sep 16, 2022
@nickvergessen nickvergessen mentioned this pull request Sep 16, 2022
Merged
@kesselb
Copy link
Contributor

kesselb commented Sep 16, 2022

Thank you 👍

If the update is automated the old check can probably go:

https://github.com/nextcloud/server/blob/master/build/ca-bundle-checker.sh
https://github.com/nextcloud/server/blob/master/autotest-checkers.sh

@nickvergessen
Copy link
Member Author

Interesting that we have this check and it never failed....

@nickvergessen
Copy link
Member Author

server/build/ca-bundle-checker.sh

Lines 3 to 6 in 3a75e14

if [[ -n ${DRONE_SOURCE_BRANCH} && ! ${DRONE_SOURCE_BRANCH} =~ version(\/noid)?\/([0-9.]+) ]]; then
echo "Skip CA bundle check"
exit 0
fi

uuuuuuuuuuuuuuff

@nickvergessen
Remove legacy ca-cert checker
8612a9b 
Signed-off-by: Joas Schilling <[email protected]>
@nickvergessen nickvergessen added 4. to release Ready to be released and/or waiting for tests to finish and removed 3. to review Waiting for reviews labels Sep 16, 2022
@kesselb
Copy link
Contributor

kesselb commented Sep 16, 2022

Interesting that we have this check and it never failed....

It failed sometimes ;) However the check for a certain branch name was always unstable. The schedule based workflow is much better.

@nickvergessen
Update update-cacert-bundle.yml
f51da25 
Signed-off-by: Joas Schilling <[email protected]>
CarlSchwan
CarlSchwan reviewed Sep 16, 2022
View reviewed changes
.github/workflows/update-cacert-bundle.yml
@@ -0,0 +1,42 @@
name: Update CA certificate bundle
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe add your copyright here. I'll be fine if we could adopt spdx notation to make it shorter

# SPDX-FileCopyrightText: 2022 Your name <email>
# SPDX-License-Identifier: AGPL-3.0-or-later

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think it's "high" enough to have copyright

@nickvergessen nickvergessen merged commit 061d621 into master Sep 18, 2022
@nickvergessen nickvergessen deleted the automate-cacert-update branch September 18, 2022 08:24
@blizzz blizzz mentioned this pull request Sep 19, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@CarlSchwan CarlSchwan CarlSchwan approved these changes

@skjnldsv skjnldsv skjnldsv approved these changes

@ChristophWurst ChristophWurst ChristophWurst approved these changes

@miaulalala miaulalala Awaiting requested review from miaulalala

@julien-nc julien-nc Awaiting requested review from julien-nc

Assignees
No one assigned
Labels
4. to release Ready to be released and/or waiting for tests to finish security
Projects
None yet
Milestone
Nextcloud 25
Development

Successfully merging this pull request may close these issues.
5 participants
@nickvergessen @kesselb @ChristophWurst @skjnldsv @CarlSchwan