feat: Support for signing commits with gpg and ssh (#710)

Signed-off-by: Dustin Lactin <dustin.lactin@gmail.com>
author: Dustin Lactin <dustin.lactin@gmail.com> 2024-06-18 13:00:40 -0600
committer: GitHub <noreply@github.com> 2024-06-18 15:00:40 -0400
commit: ae73f740d3917e73ce90029f95c79f4b10438654 (patch)
tree: d92dc4390493ad5b64dc563688f2bd9fedb64b91 /cmd
parent: 43f579e6df7f3936cb0a48f1eb16bf29022094f7 (diff)
2 files changed, 38 insertions, 29 deletions
diff --git a/cmd/main.go b/cmd/main.go
index de6f0c6..81eed76 100644
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -28,25 +28,28 @@ const applicationsAPIKindArgoCD = "argocd"
 
 // ImageUpdaterConfig contains global configuration and required runtime data
 type ImageUpdaterConfig struct {
-	ApplicationsAPIKind string
-	ClientOpts          argocd.ClientOptions
-	ArgocdNamespace     string
-	DryRun              bool
-	CheckInterval       time.Duration
-	ArgoClient          argocd.ArgoCD
-	LogLevel            string
-	KubeClient          *kube.KubernetesClient
-	MaxConcurrency      int
-	HealthPort          int
-	MetricsPort         int
-	RegistriesConf      string
-	AppNamePatterns     []string
-	AppLabel            string
-	GitCommitUser       string
-	GitCommitMail       string
-	GitCommitMessage    *template.Template
-	DisableKubeEvents   bool
-	GitCreds            git.CredsStore
+	ApplicationsAPIKind    string
+	ClientOpts             argocd.ClientOptions
+	ArgocdNamespace        string
+	DryRun                 bool
+	CheckInterval          time.Duration
+	ArgoClient             argocd.ArgoCD
+	LogLevel               string
+	KubeClient             *kube.KubernetesClient
+	MaxConcurrency         int
+	HealthPort             int
+	MetricsPort            int
+	RegistriesConf         string
+	AppNamePatterns        []string
+	AppLabel               string
+	GitCommitUser          string
+	GitCommitMail          string
+	GitCommitMessage       *template.Template
+	GitCommitSigningKey    string
+	GitCommitSigningMethod string
+	GitCommitSignOff       bool
+	DisableKubeEvents      bool
+	GitCreds               git.CredsStore
 }
 
 // newRootCommand implements the root command of argocd-image-updater
diff --git a/cmd/run.go b/cmd/run.go
index bcc0e1f..751c29c 100644
--- a/cmd/run.go
+++ b/cmd/run.go
@@ -240,6 +240,9 @@ func newRunCommand() *cobra.Command {
 	runCmd.Flags().BoolVar(&warmUpCache, "warmup-cache", true, "whether to perform a cache warm-up on startup")
 	runCmd.Flags().StringVar(&cfg.GitCommitUser, "git-commit-user", env.GetStringVal("GIT_COMMIT_USER", "argocd-image-updater"), "Username to use for Git commits")
 	runCmd.Flags().StringVar(&cfg.GitCommitMail, "git-commit-email", env.GetStringVal("GIT_COMMIT_EMAIL", "noreply@argoproj.io"), "E-Mail address to use for Git commits")
+	runCmd.Flags().StringVar(&cfg.GitCommitSigningKey, "git-commit-signing-key", env.GetStringVal("GIT_COMMIT_SIGNING_KEY", ""), "GnuPG key ID or path to Private SSH Key used to sign the commits")
+	runCmd.Flags().StringVar(&cfg.GitCommitSigningMethod, "git-commit-signing-method", env.GetStringVal("GIT_COMMIT_SIGNING_METHOD", "openpgp"), "Method used to sign Git commits ('openpgp' or 'ssh')")
+	runCmd.Flags().BoolVar(&cfg.GitCommitSignOff, "git-commit-sign-off", env.GetBoolVal("GIT_COMMIT_SIGN_OFF", false), "Whether to sign-off git commits")
 	runCmd.Flags().StringVar(&commitMessagePath, "git-commit-message-path", defaultCommitTemplatePath, "Path to a template to use for Git commit messages")
 	runCmd.Flags().BoolVar(&cfg.DisableKubeEvents, "disable-kube-events", env.GetBoolVal("IMAGE_UPDATER_KUBE_EVENTS", false), "Disable kubernetes events")
 
@@ -319,16 +322,19 @@ func runImageUpdater(cfg *ImageUpdaterConfig, warmUp bool) (argocd.ImageUpdaterR
 			defer sem.Release(1)
 			log.Debugf("Processing application %s", app)
 			upconf := &argocd.UpdateConfiguration{
-				NewRegFN:          registry.NewClient,
-				ArgoClient:        cfg.ArgoClient,
-				KubeClient:        cfg.KubeClient,
-				UpdateApp:         &curApplication,
-				DryRun:            dryRun,
-				GitCommitUser:     cfg.GitCommitUser,
-				GitCommitEmail:    cfg.GitCommitMail,
-				GitCommitMessage:  cfg.GitCommitMessage,
-				DisableKubeEvents: cfg.DisableKubeEvents,
-				GitCreds:          cfg.GitCreds,
+				NewRegFN:               registry.NewClient,
+				ArgoClient:             cfg.ArgoClient,
+				KubeClient:             cfg.KubeClient,
+				UpdateApp:              &curApplication,
+				DryRun:                 dryRun,
+				GitCommitUser:          cfg.GitCommitUser,
+				GitCommitEmail:         cfg.GitCommitMail,
+				GitCommitMessage:       cfg.GitCommitMessage,
+				GitCommitSigningKey:    cfg.GitCommitSigningKey,
+				GitCommitSigningMethod: cfg.GitCommitSigningMethod,
+				GitCommitSignOff:       cfg.GitCommitSignOff,
+				DisableKubeEvents:      cfg.DisableKubeEvents,
+				GitCreds:               cfg.GitCreds,
 			}
 			res := argocd.UpdateApplication(upconf, syncState)
 			result.NumApplicationsProcessed += 1
author	Dustin Lactin <dustin.lactin@gmail.com>	2024-06-18 13:00:40 -0600
committer	GitHub <noreply@github.com>	2024-06-18 15:00:40 -0400
commit	ae73f740d3917e73ce90029f95c79f4b10438654 (patch)
tree	d92dc4390493ad5b64dc563688f2bd9fedb64b91 /cmd
parent	43f579e6df7f3936cb0a48f1eb16bf29022094f7 (diff)