From 5ef6c848ad8f9fd88495de41c1617b25f1fe5f29 Mon Sep 17 00:00:00 2001 From: RouxAntoine Date: Sun, 25 Aug 2024 19:39:25 +0200 Subject: [PATCH] feature: trust a root certificate in an existing java truststore --- README.md | 44 +++++++++++++++++++++++++++++++++++-- action.yml | 64 +++++++++++++++++++++++++++++++++++------------------- 2 files changed, 84 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index b724785..67c3e68 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,42 @@ -# action-template -github action template +# Add root certificate to java truststore + +Github action to add a root certificate in x509 format to an existing java truststore. + +usage example + +```yaml +name: Main + +on: + push: + branches: + - main + +jobs: + build: + runs-on: runner + steps: + - name: Retrieve root ca certificate + id: get-ca-cert + uses: RouxAntoine/get-ca-cert@master + + - run: | + echo "${{ steps.get-ca-cert.outputs.ca-cert }}" + + - uses: actions/setup-java@v4 + id: java + with: + distribution: 'temurin' + java-version: '21' + + - name: Add root certificate to java truststore + uses: RouxAntoine/add-ca-truststore@master + id: add-ca-to-truststore + with: + ca-cert: "${{ steps.get-ca-cert.outputs.ca-cert }}" + store-path: "${{ steps.java.outputs.path }}/lib/security/cacerts" + + - run: | + echo "Auto generated alias name: ${{ steps.add-ca-to-truststore.outputs.certificate-alias }}" + keytool -list -cacerts +``` diff --git a/action.yml b/action.yml index c3f75f2..ff0f630 100644 --- a/action.yml +++ b/action.yml @@ -1,33 +1,53 @@ -name: 'Action-template' -description: 'Github action template' +name: "add-ca-truststore" +description: 'Github action to add a root certificate to a java truststore' branding: - icon: file - color: orange + icon: upload + color: blue inputs: - sample-input: - description: 'input example' - default: 'default-value' + ca-cert: + description: 'root certificate to add to the truststore' + required: true + alias-name: + description: "alias name of the new added certificate" required: false + default: "" + store-path: + description: "java store path usually end with /cacert" + required: true + store-password: + description: "java store password" + required: false + default: "changeit" +outputs: + certificate-alias: + value: ${{ steps.generate-alias-name.outputs.alias-name }} + description: "alias name of added certificate, generated if not provided as input" + runs: using: "composite" steps: - - name: Set GitHub Path example - run: echo "$GITHUB_ACTION_PATH" >> $GITHUB_PATH - shell: bash - env: - GITHUB_ACTION_PATH: ${{ github.action_path }} - - - name: Set Github secret output result example - id: sets-a-secret + - name: Generate random pet name + if: ${{ inputs.alias-name == '' }} + id: generate-pet-name shell: bash run: | - the_secret=$((RANDOM)) - echo "::add-mask::$the_secret" - echo "secret-number=$the_secret" >> "$GITHUB_OUTPUT" + apt update + apt-get install -y golang-petname + pet_name=$(golang-petname) + + echo "pet-name=$pet_name" >> "$GITHUB_OUTPUT" - - name: Set Github output result example - id: sets-output + - name: Defined alias name + id: generate-alias-name shell: bash run: | - output_number=$((RANDOM)) - echo "output-number=$output_number" >> "$GITHUB_OUTPUT" \ No newline at end of file + if [ "T${{ inputs.alias-name }}T" == "TT" ]; then + echo "alias-name=${{ steps.generate-pet-name.outputs.pet-name }}" >> "$GITHUB_OUTPUT" + else + echo "alias-name=${{ inputs.alias-name }}" >> "$GITHUB_OUTPUT" + fi + + - name: Add certificate ${{ steps.generate-alias-name.outputs.alias-name }} to truststore + shell: bash + run: | + echo "${{ inputs.ca-cert }}" | keytool -import -noprompt -trustcacerts -alias ${{ steps.generate-alias-name.outputs.alias-name }} -keystore ${{ inputs.store-path }} -storepass ${{ inputs.store-password }} \ No newline at end of file