2024-08-25 17:39:25 +00:00
name : "add-ca-truststore"
description : 'Github action to add a root certificate to a java truststore'
2024-08-25 16:58:28 +00:00
branding :
2024-08-25 17:39:25 +00:00
icon : upload
color : blue
2024-08-25 16:58:28 +00:00
inputs :
2024-08-25 17:39:25 +00:00
ca-cert :
description : 'root certificate to add to the truststore'
required : true
alias-name :
2024-08-25 18:37:19 +00:00
description : "alias name of the new added certificate, if not provided a random name is generate, beware with random name generated certificate is always inserted even if it already exist"
2024-08-25 16:58:28 +00:00
required : false
2024-08-25 17:39:25 +00:00
default : ""
store-path :
description : "java store path usually end with /cacert"
required : true
store-password :
description : "java store password"
required : false
default : "changeit"
outputs :
certificate-alias :
value : ${{ steps.generate-alias-name.outputs.alias-name }}
description : "alias name of added certificate, generated if not provided as input"
2024-08-25 16:58:28 +00:00
runs :
using : "composite"
steps :
2024-08-25 17:39:25 +00:00
- name : Generate random pet name
if : ${{ inputs.alias-name == '' }}
id : generate-pet-name
2024-08-25 16:58:28 +00:00
shell : bash
2024-08-25 17:39:25 +00:00
run : |
apt update
apt-get install -y golang-petname
pet_name=$(golang-petname)
echo "pet-name=$pet_name" >> "$GITHUB_OUTPUT"
2024-08-25 16:58:28 +00:00
2024-08-25 17:39:25 +00:00
- name : Defined alias name
id : generate-alias-name
2024-08-25 16:58:28 +00:00
shell : bash
run : |
2024-08-25 17:39:25 +00:00
if [ "T${{ inputs.alias-name }}T" == "TT" ]; then
echo "alias-name=${{ steps.generate-pet-name.outputs.pet-name }}" >> "$GITHUB_OUTPUT"
else
echo "alias-name=${{ inputs.alias-name }}" >> "$GITHUB_OUTPUT"
fi
2024-08-25 16:58:28 +00:00
2024-08-25 17:39:25 +00:00
- name : Add certificate ${{ steps.generate-alias-name.outputs.alias-name }} to truststore
2024-08-25 16:58:28 +00:00
shell : bash
2024-08-25 18:37:19 +00:00
env :
does_not_exist_message : "does not exist"
2024-08-25 16:58:28 +00:00
run : |
2024-08-25 18:37:19 +00:00
already_exists=$(keytool -list -alias ${{ steps.generate-alias-name.outputs.alias-name }} -keystore ${{ inputs.store-path }} -storepass ${{ inputs.store-password }} 2>/dev/null | grep "${{ env.does_not_exist_message }}" || true)
if [ ! -z "$already_exists" ];
then
echo "${{ inputs.ca-cert }}" | keytool -import -noprompt -trustcacerts -alias ${{ steps.generate-alias-name.outputs.alias-name }} -keystore ${{ inputs.store-path }} -storepass ${{ inputs.store-password }};
else
echo "Certificate ${{ steps.generate-alias-name.outputs.alias-name }} already contained in the truststore";
fi