feature: trust a root certificate in an existing java truststore

This commit is contained in:
RouxAntoine 2024-08-25 19:39:25 +02:00
parent 9c90a34579
commit 5ef6c848ad
Signed by: antoine
GPG Key ID: 098FB66FC0475E70
2 changed files with 84 additions and 24 deletions

View File

@ -1,2 +1,42 @@
# action-template # Add root certificate to java truststore
github action template
Github action to add a root certificate in x509 format to an existing java truststore.
usage example
```yaml
name: Main
on:
push:
branches:
- main
jobs:
build:
runs-on: runner
steps:
- name: Retrieve root ca certificate
id: get-ca-cert
uses: RouxAntoine/get-ca-cert@master
- run: |
echo "${{ steps.get-ca-cert.outputs.ca-cert }}"
- uses: actions/setup-java@v4
id: java
with:
distribution: 'temurin'
java-version: '21'
- name: Add root certificate to java truststore
uses: RouxAntoine/add-ca-truststore@master
id: add-ca-to-truststore
with:
ca-cert: "${{ steps.get-ca-cert.outputs.ca-cert }}"
store-path: "${{ steps.java.outputs.path }}/lib/security/cacerts"
- run: |
echo "Auto generated alias name: ${{ steps.add-ca-to-truststore.outputs.certificate-alias }}"
keytool -list -cacerts
```

View File

@ -1,33 +1,53 @@
name: 'Action-template' name: "add-ca-truststore"
description: 'Github action template' description: 'Github action to add a root certificate to a java truststore'
branding: branding:
icon: file icon: upload
color: orange color: blue
inputs: inputs:
sample-input: ca-cert:
description: 'input example' description: 'root certificate to add to the truststore'
default: 'default-value' required: true
alias-name:
description: "alias name of the new added certificate"
required: false required: false
default: ""
store-path:
description: "java store path usually end with /cacert"
required: true
store-password:
description: "java store password"
required: false
default: "changeit"
outputs:
certificate-alias:
value: ${{ steps.generate-alias-name.outputs.alias-name }}
description: "alias name of added certificate, generated if not provided as input"
runs: runs:
using: "composite" using: "composite"
steps: steps:
- name: Set GitHub Path example - name: Generate random pet name
run: echo "$GITHUB_ACTION_PATH" >> $GITHUB_PATH if: ${{ inputs.alias-name == '' }}
shell: bash id: generate-pet-name
env:
GITHUB_ACTION_PATH: ${{ github.action_path }}
- name: Set Github secret output result example
id: sets-a-secret
shell: bash shell: bash
run: | run: |
the_secret=$((RANDOM)) apt update
echo "::add-mask::$the_secret" apt-get install -y golang-petname
echo "secret-number=$the_secret" >> "$GITHUB_OUTPUT" pet_name=$(golang-petname)
- name: Set Github output result example echo "pet-name=$pet_name" >> "$GITHUB_OUTPUT"
id: sets-output
- name: Defined alias name
id: generate-alias-name
shell: bash shell: bash
run: | run: |
output_number=$((RANDOM)) if [ "T${{ inputs.alias-name }}T" == "TT" ]; then
echo "output-number=$output_number" >> "$GITHUB_OUTPUT" echo "alias-name=${{ steps.generate-pet-name.outputs.pet-name }}" >> "$GITHUB_OUTPUT"
else
echo "alias-name=${{ inputs.alias-name }}" >> "$GITHUB_OUTPUT"
fi
- name: Add certificate ${{ steps.generate-alias-name.outputs.alias-name }} to truststore
shell: bash
run: |
echo "${{ inputs.ca-cert }}" | keytool -import -noprompt -trustcacerts -alias ${{ steps.generate-alias-name.outputs.alias-name }} -keystore ${{ inputs.store-path }} -storepass ${{ inputs.store-password }}