feature: trust a root certificate in an existing java truststore
This commit is contained in:
parent
9c90a34579
commit
5ef6c848ad
44
README.md
44
README.md
@ -1,2 +1,42 @@
|
|||||||
# action-template
|
# Add root certificate to java truststore
|
||||||
github action template
|
|
||||||
|
Github action to add a root certificate in x509 format to an existing java truststore.
|
||||||
|
|
||||||
|
usage example
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
name: Main
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- main
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
build:
|
||||||
|
runs-on: runner
|
||||||
|
steps:
|
||||||
|
- name: Retrieve root ca certificate
|
||||||
|
id: get-ca-cert
|
||||||
|
uses: RouxAntoine/get-ca-cert@master
|
||||||
|
|
||||||
|
- run: |
|
||||||
|
echo "${{ steps.get-ca-cert.outputs.ca-cert }}"
|
||||||
|
|
||||||
|
- uses: actions/setup-java@v4
|
||||||
|
id: java
|
||||||
|
with:
|
||||||
|
distribution: 'temurin'
|
||||||
|
java-version: '21'
|
||||||
|
|
||||||
|
- name: Add root certificate to java truststore
|
||||||
|
uses: RouxAntoine/add-ca-truststore@master
|
||||||
|
id: add-ca-to-truststore
|
||||||
|
with:
|
||||||
|
ca-cert: "${{ steps.get-ca-cert.outputs.ca-cert }}"
|
||||||
|
store-path: "${{ steps.java.outputs.path }}/lib/security/cacerts"
|
||||||
|
|
||||||
|
- run: |
|
||||||
|
echo "Auto generated alias name: ${{ steps.add-ca-to-truststore.outputs.certificate-alias }}"
|
||||||
|
keytool -list -cacerts
|
||||||
|
```
|
||||||
|
64
action.yml
64
action.yml
@ -1,33 +1,53 @@
|
|||||||
name: 'Action-template'
|
name: "add-ca-truststore"
|
||||||
description: 'Github action template'
|
description: 'Github action to add a root certificate to a java truststore'
|
||||||
branding:
|
branding:
|
||||||
icon: file
|
icon: upload
|
||||||
color: orange
|
color: blue
|
||||||
inputs:
|
inputs:
|
||||||
sample-input:
|
ca-cert:
|
||||||
description: 'input example'
|
description: 'root certificate to add to the truststore'
|
||||||
default: 'default-value'
|
required: true
|
||||||
|
alias-name:
|
||||||
|
description: "alias name of the new added certificate"
|
||||||
required: false
|
required: false
|
||||||
|
default: ""
|
||||||
|
store-path:
|
||||||
|
description: "java store path usually end with /cacert"
|
||||||
|
required: true
|
||||||
|
store-password:
|
||||||
|
description: "java store password"
|
||||||
|
required: false
|
||||||
|
default: "changeit"
|
||||||
|
outputs:
|
||||||
|
certificate-alias:
|
||||||
|
value: ${{ steps.generate-alias-name.outputs.alias-name }}
|
||||||
|
description: "alias name of added certificate, generated if not provided as input"
|
||||||
|
|
||||||
runs:
|
runs:
|
||||||
using: "composite"
|
using: "composite"
|
||||||
steps:
|
steps:
|
||||||
- name: Set GitHub Path example
|
- name: Generate random pet name
|
||||||
run: echo "$GITHUB_ACTION_PATH" >> $GITHUB_PATH
|
if: ${{ inputs.alias-name == '' }}
|
||||||
shell: bash
|
id: generate-pet-name
|
||||||
env:
|
|
||||||
GITHUB_ACTION_PATH: ${{ github.action_path }}
|
|
||||||
|
|
||||||
- name: Set Github secret output result example
|
|
||||||
id: sets-a-secret
|
|
||||||
shell: bash
|
shell: bash
|
||||||
run: |
|
run: |
|
||||||
the_secret=$((RANDOM))
|
apt update
|
||||||
echo "::add-mask::$the_secret"
|
apt-get install -y golang-petname
|
||||||
echo "secret-number=$the_secret" >> "$GITHUB_OUTPUT"
|
pet_name=$(golang-petname)
|
||||||
|
|
||||||
- name: Set Github output result example
|
echo "pet-name=$pet_name" >> "$GITHUB_OUTPUT"
|
||||||
id: sets-output
|
|
||||||
|
- name: Defined alias name
|
||||||
|
id: generate-alias-name
|
||||||
shell: bash
|
shell: bash
|
||||||
run: |
|
run: |
|
||||||
output_number=$((RANDOM))
|
if [ "T${{ inputs.alias-name }}T" == "TT" ]; then
|
||||||
echo "output-number=$output_number" >> "$GITHUB_OUTPUT"
|
echo "alias-name=${{ steps.generate-pet-name.outputs.pet-name }}" >> "$GITHUB_OUTPUT"
|
||||||
|
else
|
||||||
|
echo "alias-name=${{ inputs.alias-name }}" >> "$GITHUB_OUTPUT"
|
||||||
|
fi
|
||||||
|
|
||||||
|
- name: Add certificate ${{ steps.generate-alias-name.outputs.alias-name }} to truststore
|
||||||
|
shell: bash
|
||||||
|
run: |
|
||||||
|
echo "${{ inputs.ca-cert }}" | keytool -import -noprompt -trustcacerts -alias ${{ steps.generate-alias-name.outputs.alias-name }} -keystore ${{ inputs.store-path }} -storepass ${{ inputs.store-password }}
|
Loading…
Reference in New Issue
Block a user