feature: trust a root certificate in an existing java truststore

This commit is contained in:
RouxAntoine 2024-08-25 19:39:25 +02:00
parent 9c90a34579
commit 5ef6c848ad
Signed by: antoine
GPG Key ID: 098FB66FC0475E70
2 changed files with 84 additions and 24 deletions

View File

@ -1,2 +1,42 @@
# action-template
github action template
# Add root certificate to java truststore
Github action to add a root certificate in x509 format to an existing java truststore.
usage example
```yaml
name: Main
on:
push:
branches:
- main
jobs:
build:
runs-on: runner
steps:
- name: Retrieve root ca certificate
id: get-ca-cert
uses: RouxAntoine/get-ca-cert@master
- run: |
echo "${{ steps.get-ca-cert.outputs.ca-cert }}"
- uses: actions/setup-java@v4
id: java
with:
distribution: 'temurin'
java-version: '21'
- name: Add root certificate to java truststore
uses: RouxAntoine/add-ca-truststore@master
id: add-ca-to-truststore
with:
ca-cert: "${{ steps.get-ca-cert.outputs.ca-cert }}"
store-path: "${{ steps.java.outputs.path }}/lib/security/cacerts"
- run: |
echo "Auto generated alias name: ${{ steps.add-ca-to-truststore.outputs.certificate-alias }}"
keytool -list -cacerts
```

View File

@ -1,33 +1,53 @@
name: 'Action-template'
description: 'Github action template'
name: "add-ca-truststore"
description: 'Github action to add a root certificate to a java truststore'
branding:
icon: file
color: orange
icon: upload
color: blue
inputs:
sample-input:
description: 'input example'
default: 'default-value'
ca-cert:
description: 'root certificate to add to the truststore'
required: true
alias-name:
description: "alias name of the new added certificate"
required: false
default: ""
store-path:
description: "java store path usually end with /cacert"
required: true
store-password:
description: "java store password"
required: false
default: "changeit"
outputs:
certificate-alias:
value: ${{ steps.generate-alias-name.outputs.alias-name }}
description: "alias name of added certificate, generated if not provided as input"
runs:
using: "composite"
steps:
- name: Set GitHub Path example
run: echo "$GITHUB_ACTION_PATH" >> $GITHUB_PATH
shell: bash
env:
GITHUB_ACTION_PATH: ${{ github.action_path }}
- name: Set Github secret output result example
id: sets-a-secret
- name: Generate random pet name
if: ${{ inputs.alias-name == '' }}
id: generate-pet-name
shell: bash
run: |
the_secret=$((RANDOM))
echo "::add-mask::$the_secret"
echo "secret-number=$the_secret" >> "$GITHUB_OUTPUT"
apt update
apt-get install -y golang-petname
pet_name=$(golang-petname)
- name: Set Github output result example
id: sets-output
echo "pet-name=$pet_name" >> "$GITHUB_OUTPUT"
- name: Defined alias name
id: generate-alias-name
shell: bash
run: |
output_number=$((RANDOM))
echo "output-number=$output_number" >> "$GITHUB_OUTPUT"
if [ "T${{ inputs.alias-name }}T" == "TT" ]; then
echo "alias-name=${{ steps.generate-pet-name.outputs.pet-name }}" >> "$GITHUB_OUTPUT"
else
echo "alias-name=${{ inputs.alias-name }}" >> "$GITHUB_OUTPUT"
fi
- name: Add certificate ${{ steps.generate-alias-name.outputs.alias-name }} to truststore
shell: bash
run: |
echo "${{ inputs.ca-cert }}" | keytool -import -noprompt -trustcacerts -alias ${{ steps.generate-alias-name.outputs.alias-name }} -keystore ${{ inputs.store-path }} -storepass ${{ inputs.store-password }}