add-ca-truststore/action.yml

name: "add-ca-truststore"
description: 'Github action to add a root certificate to a java truststore'
branding:
  icon: upload
  color: blue
inputs:
  ca-cert:
    description: 'root certificate to add to the truststore'
    required: true
  alias-name:
    description: "alias name of the new added certificate, if not provided a random name is generate, beware with random name generated certificate is always inserted even if it already exist"
    required: false
    default: ""
  store-path:
    description: "java store path usually end with /cacert"
    required: true
  store-password:
    description: "java store password"
    required: false
    default: "changeit"
  debug:
    description: "show debug information about certificate truststore content"
    required: false
    default: "false"
outputs:
  certificate-alias:
    value: ${{ steps.generate-alias-name.outputs.alias-name }}
    description: "alias name of added certificate, generated if not provided as input"

runs:
  using: "composite"
  steps:
    - name: Generate random pet name
      if: ${{ inputs.alias-name == '' }}
      id: generate-pet-name
      shell: bash
      run: |
        apt update
        apt-get install -y golang-petname
        pet_name=$(golang-petname)
        
        echo "pet-name=$pet_name" >> "$GITHUB_OUTPUT"

    - name: Defined alias name
      id: generate-alias-name
      shell: bash
      run: |
        if [ "T${{ inputs.alias-name }}T" == "TT" ]; then
          echo "alias-name=${{ steps.generate-pet-name.outputs.pet-name }}" >> "$GITHUB_OUTPUT"
        else
          echo "alias-name=${{ inputs.alias-name }}" >> "$GITHUB_OUTPUT"
        fi

    - name: Add certificate ${{ steps.generate-alias-name.outputs.alias-name }} to truststore
      shell: bash
      env:
        does_not_exist_message: "does not exist"
      run: |
        already_exists=$(keytool -list -alias ${{ steps.generate-alias-name.outputs.alias-name }} -keystore ${{ inputs.store-path }} -storepass ${{ inputs.store-password }} 2>/dev/null | grep "${{ env.does_not_exist_message }}" || true)
        
        if [ ! -z "$already_exists" ];
        then
          echo "${{ inputs.ca-cert }}" | keytool -import -noprompt -trustcacerts -alias ${{ steps.generate-alias-name.outputs.alias-name }} -keystore ${{ inputs.store-path }} -storepass ${{ inputs.store-password }};
        else
          echo "Certificate ${{ steps.generate-alias-name.outputs.alias-name }} already contained in the truststore";
        fi

    - name: Show added ${{ steps.generate-alias-name.outputs.alias-name }} for debugging
      if: ${{ inputs.debug == 'true' }}
      shell: bash
      run: | 
        keytool -list -cacerts | grep antoine

    - name: List cert for debugging
      if: ${{ inputs.debug == 'true' }}
      shell: bash
      run: |
        keytool -list -cacerts
feature: trust a root certificate in an existing java truststore 2024-08-25 17:39:25 +00:00			`name: "add-ca-truststore"`
			`description: 'Github action to add a root certificate to a java truststore'`
Initial commit 2024-08-25 16:58:28 +00:00			`branding:`
feature: trust a root certificate in an existing java truststore 2024-08-25 17:39:25 +00:00			`icon: upload`
			`color: blue`
Initial commit 2024-08-25 16:58:28 +00:00			`inputs:`
feature: trust a root certificate in an existing java truststore 2024-08-25 17:39:25 +00:00			`ca-cert:`
			`description: 'root certificate to add to the truststore'`
			`required: true`
			`alias-name:`
feature: protect ca addition from duplicate 2024-08-25 18:37:19 +00:00			`description: "alias name of the new added certificate, if not provided a random name is generate, beware with random name generated certificate is always inserted even if it already exist"`
Initial commit 2024-08-25 16:58:28 +00:00			`required: false`
feature: trust a root certificate in an existing java truststore 2024-08-25 17:39:25 +00:00			`default: ""`
			`store-path:`
			`description: "java store path usually end with /cacert"`
			`required: true`
			`store-password:`
			`description: "java store password"`
			`required: false`
			`default: "changeit"`
feature: add debug option 2024-09-05 20:32:59 +00:00			`debug:`
			`description: "show debug information about certificate truststore content"`
			`required: false`
			`default: "false"`
feature: trust a root certificate in an existing java truststore 2024-08-25 17:39:25 +00:00			`outputs:`
			`certificate-alias:`
			`value: ${{ steps.generate-alias-name.outputs.alias-name }}`
			`description: "alias name of added certificate, generated if not provided as input"`

Initial commit 2024-08-25 16:58:28 +00:00			`runs:`
			`using: "composite"`
			`steps:`
feature: trust a root certificate in an existing java truststore 2024-08-25 17:39:25 +00:00			`- name: Generate random pet name`
			`if: ${{ inputs.alias-name == '' }}`
			`id: generate-pet-name`
Initial commit 2024-08-25 16:58:28 +00:00			`shell: bash`
feature: trust a root certificate in an existing java truststore 2024-08-25 17:39:25 +00:00			`run: \|`
			`apt update`
			`apt-get install -y golang-petname`
			`pet_name=$(golang-petname)`

			`echo "pet-name=$pet_name" >> "$GITHUB_OUTPUT"`
Initial commit 2024-08-25 16:58:28 +00:00
feature: trust a root certificate in an existing java truststore 2024-08-25 17:39:25 +00:00			`- name: Defined alias name`
			`id: generate-alias-name`
Initial commit 2024-08-25 16:58:28 +00:00			`shell: bash`
			`run: \|`
feature: trust a root certificate in an existing java truststore 2024-08-25 17:39:25 +00:00			`if [ "T${{ inputs.alias-name }}T" == "TT" ]; then`
			`echo "alias-name=${{ steps.generate-pet-name.outputs.pet-name }}" >> "$GITHUB_OUTPUT"`
			`else`
			`echo "alias-name=${{ inputs.alias-name }}" >> "$GITHUB_OUTPUT"`
			`fi`
Initial commit 2024-08-25 16:58:28 +00:00
feature: trust a root certificate in an existing java truststore 2024-08-25 17:39:25 +00:00			`- name: Add certificate ${{ steps.generate-alias-name.outputs.alias-name }} to truststore`
Initial commit 2024-08-25 16:58:28 +00:00			`shell: bash`
feature: protect ca addition from duplicate 2024-08-25 18:37:19 +00:00			`env:`
			`does_not_exist_message: "does not exist"`
Initial commit 2024-08-25 16:58:28 +00:00			`run: \|`
feature: protect ca addition from duplicate 2024-08-25 18:37:19 +00:00			`already_exists=$(keytool -list -alias ${{ steps.generate-alias-name.outputs.alias-name }} -keystore ${{ inputs.store-path }} -storepass ${{ inputs.store-password }} 2>/dev/null \| grep "${{ env.does_not_exist_message }}" \|\| true)`

			`if [ ! -z "$already_exists" ];`
			`then`
			`echo "${{ inputs.ca-cert }}" \| keytool -import -noprompt -trustcacerts -alias ${{ steps.generate-alias-name.outputs.alias-name }} -keystore ${{ inputs.store-path }} -storepass ${{ inputs.store-password }};`
			`else`
			`echo "Certificate ${{ steps.generate-alias-name.outputs.alias-name }} already contained in the truststore";`
feature: add debug option 2024-09-05 20:32:59 +00:00			`fi`

			`- name: Show added ${{ steps.generate-alias-name.outputs.alias-name }} for debugging`
			`if: ${{ inputs.debug == 'true' }}`
			`shell: bash`
			`run: \|`
			`keytool -list -cacerts \| grep antoine`

			`- name: List cert for debugging`
			`if: ${{ inputs.debug == 'true' }}`
			`shell: bash`
			`run: \|`
			`keytool -list -cacerts`