48 lines
1.5 KiB
YAML
48 lines
1.5 KiB
YAML
name: 'get-ca-cert'
|
|
description: 'Github action to retrieve root ca certificate from cfssl PKI API'
|
|
branding:
|
|
icon: anchor
|
|
color: green
|
|
inputs:
|
|
pki-address:
|
|
description: 'cfssl pki API address'
|
|
default: 'pki.localdomain'
|
|
required: false
|
|
pki-port:
|
|
description: 'cfssl pki API port'
|
|
default: '444'
|
|
required: false
|
|
debug:
|
|
description: "show debug information about certificate truststore content"
|
|
required: false
|
|
default: "false"
|
|
outputs:
|
|
ca-cert:
|
|
value: "${{ steps.retrieve-ca-cert.outputs.ca-cert }}"
|
|
description: Root ca certificate in x509 format
|
|
ca-cert-base64:
|
|
value: "${{ steps.retrieve-ca-cert.outputs.ca-cert-base64 }}"
|
|
description: x509 formated root ca certificate encoded in base64
|
|
runs:
|
|
using: "composite"
|
|
steps:
|
|
- name: Get root ca certificate from cfssl PKI API
|
|
id: retrieve-ca-cert
|
|
shell: bash
|
|
run: |
|
|
ca_cert=$(curl -sSL -d '{"label": "primary"}' ${{ inputs.pki-address }}:${{ inputs.pki-port }}/api/v1/cfssl/info |jq -r '.result.certificate')
|
|
ca_cert_base64=$(echo "$ca_cert" | base64 -w 0)
|
|
|
|
echo "ca-cert<<EOF" >> "$GITHUB_OUTPUT"
|
|
echo "$ca_cert" >> "$GITHUB_OUTPUT"
|
|
echo "EOF" >> "$GITHUB_OUTPUT"
|
|
|
|
echo "ca-cert-base64=$ca_cert_base64" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Show retrieve root CA cert
|
|
if: ${{ inputs.debug == 'true' }}
|
|
shell: bash
|
|
run: |
|
|
echo "${{ steps.retrieve-ca-cert.outputs.ca-cert }}"
|
|
echo "${{ steps.retrieve-ca-cert.outputs.ca-cert-base64 }}"
|