Add privacy-check action

[ianlewis]

Updates #823

Adds a privacy-check action to the repo. The action checks if the repository is private and fails if it is. Users can override this by explicitly setting the override input.

Workflows will use this action to check if repos are private in a subsequent PR because the action needs to be referenced by sha.

Signed-off-by: Ian Lewis [email protected]

[laurentsimon]

LGTM. I'd like to have #823 (comment) resolved before merging.

I think we need explicit opt- in from users who have private repos, otherwise we're leaking their repo name silently.

[ianlewis]

LGTM. I'd like to have #823 (comment) resolved before merging.

I think we need explicit opt- in from users who have private repos, otherwise we're leaking their repo name silently.

This is because the repo name appears in on the rekor transparency log? (probably another good reason why repo metadata on the cert isn't a great solution).

[ianlewis]

From #823 (comment) by @laurentsimon

One thing to know: the certificate with your repository name is uploaded to a transparency log for audit purposes. So by using this builder, you are revealing the name of your private repository.

Is that OK with you?

Let's add a disclaimer in the README to make this more explicit.

That's a good catch. Private PKI and transparency log can be supported more properly via #34

#823 (comment) by @laurentsimon

OK. So I propose

1. We amend the documentation
2. We add a private-repository: true option (or a better name). At runtime we will check if the repo is private. If it is, we we only proceed if the option is set. Otherwise we will fail.

Wdut?

I'll update this PR to support private-repository on all the workflows.

[ianlewis]

@laurentsimon I updated this PR to just add a new privacy-check action that I will use in a later PR. Please see the updated PR description.

Permissions on workflows are not changed.

[laurentsimon]

LGTM. Thanks!
Please add a pre-submit to verify the "compilation" step gives the right dist output.