Support GPG-signed commits, fixes argoproj-labs#427

vgrigoruk · Apr 29, 2022 · e1ba3b7 · e1ba3b7
1 parent f12a5ab
commit e1ba3b7
Show file tree

Hide file tree

Showing 5 changed files with 55 additions and 19 deletions.
diff --git a/cmd/main.go b/cmd/main.go
@@ -44,6 +44,8 @@ type ImageUpdaterConfig struct {
 	GitCommitUser       string
 	GitCommitMail       string
 	GitCommitMessage    *template.Template
+	GitCommitSigningKey string
+	GitCommitSignOff    bool
 	DisableKubeEvents   bool
 }
 

diff --git a/cmd/run.go b/cmd/run.go
@@ -222,6 +222,8 @@ func newRunCommand() *cobra.Command {
 	runCmd.Flags().BoolVar(&warmUpCache, "warmup-cache", true, "whether to perform a cache warm-up on startup")
 	runCmd.Flags().StringVar(&cfg.GitCommitUser, "git-commit-user", env.GetStringVal("GIT_COMMIT_USER", "argocd-image-updater"), "Username to use for Git commits")
 	runCmd.Flags().StringVar(&cfg.GitCommitMail, "git-commit-email", env.GetStringVal("GIT_COMMIT_EMAIL", "[email protected]"), "E-Mail address to use for Git commits")
+	runCmd.Flags().StringVar(&cfg.GitCommitSigningKey, "git-commit-signing-key", env.GetStringVal("GIT_COMMIT_SIGNING_KEY", ""), "GnuPG key ID used to sign the commits")
+	runCmd.Flags().BoolVar(&cfg.GitCommitSignOff, "git-commit-sign-off", env.GetBoolVal("GIT_COMMIT_SIGN_OFF", false), "Whether to sign-off git commits")
 	runCmd.Flags().StringVar(&commitMessagePath, "git-commit-message-path", defaultCommitTemplatePath, "Path to a template to use for Git commit messages")
 	runCmd.Flags().BoolVar(&cfg.DisableKubeEvents, "disable-kube-events", env.GetBoolVal("IMAGE_UPDATER_KUBE_EVENTS", false), "Disable kubernetes events")
 

diff --git a/manifests/base/deployment/argocd-image-updater-deployment.yaml b/manifests/base/deployment/argocd-image-updater-deployment.yaml
@@ -78,6 +78,18 @@ spec:
               name: argocd-image-updater-config
               key: git.email
               optional: true
+        - name: GIT_COMMIT_SIGNING_KEY
+          valueFrom:
+            configMapKeyRef:
+              key: git.commit-signing-key
+              name: argocd-image-updater-config
+              optional: true
+        - name: GIT_COMMIT_SIGN_OFF
+          valueFrom:
+            configMapKeyRef:
+              key: git.commit-sign-off
+              name: argocd-image-updater-config
+              optional: true
         - name: IMAGE_UPDATER_KUBE_EVENTS
           valueFrom:
             configMapKeyRef:

diff --git a/manifests/install.yaml b/manifests/install.yaml
@@ -159,6 +159,18 @@ spec:
               key: git.email
               name: argocd-image-updater-config
               optional: true
+        - name: GIT_COMMIT_SIGNING_KEY
+          valueFrom:
+            configMapKeyRef:
+              key: git.commit-signing-key
+              name: argocd-image-updater-config
+              optional: true
+        - name: GIT_COMMIT_SIGN_OFF
+          valueFrom:
+            configMapKeyRef:
+              key: git.commit-sign-off
+              name: argocd-image-updater-config
+              optional: true
         - name: IMAGE_UPDATER_KUBE_EVENTS
           valueFrom:
             configMapKeyRef:

diff --git a/pkg/argocd/update.go b/pkg/argocd/update.go
@@ -33,16 +33,18 @@ type ImageUpdaterResult struct {
 }
 
 type UpdateConfiguration struct {
-	NewRegFN          registry.NewRegistryClient
-	ArgoClient        ArgoCD
-	KubeClient        *kube.KubernetesClient
-	UpdateApp         *ApplicationImages
-	DryRun            bool
-	GitCommitUser     string
-	GitCommitEmail    string
-	GitCommitMessage  *template.Template
-	DisableKubeEvents bool
-	IgnorePlatforms   bool
+	NewRegFN            registry.NewRegistryClient
+	ArgoClient          ArgoCD
+	KubeClient          *kube.KubernetesClient
+	UpdateApp           *ApplicationImages
+	DryRun              bool
+	GitCommitUser       string
+	GitCommitEmail      string
+	GitCommitMessage    *template.Template
+	GitCommitSigningKey string
+	GitCommitSignOff    bool
+	DisableKubeEvents   bool
+	IgnorePlatforms     bool
 }
 
 type GitCredsSource func(app *v1alpha1.Application) (git.Creds, error)
@@ -59,15 +61,17 @@ type WriteBackConfig struct {
 	Method     WriteBackMethod
 	ArgoClient ArgoCD
 	// If GitClient is not nil, the client will be used for updates. Otherwise, a new client will be created.
-	GitClient        git.Client
-	GetCreds         GitCredsSource
-	GitBranch        string
-	GitWriteBranch   string
-	GitCommitUser    string
-	GitCommitEmail   string
-	GitCommitMessage string
-	KustomizeBase    string
-	Target           string
+	GitClient           git.Client
+	GetCreds            GitCredsSource
+	GitBranch           string
+	GitWriteBranch      string
+	GitCommitUser       string
+	GitCommitEmail      string
+	GitCommitMessage    string
+	GitCommitSigningKey string
+	GitCommitSignOff    bool
+	KustomizeBase       string
+	Target              string
 }
 
 // The following are helper structs to only marshal the fields we require
@@ -319,6 +323,10 @@ func UpdateApplication(updateConf *UpdateConfiguration, state *SyncIterationStat
 		if len(changeList) > 0 && updateConf.GitCommitMessage != nil {
 			wbc.GitCommitMessage = TemplateCommitMessage(updateConf.GitCommitMessage, updateConf.UpdateApp.Application.Name, changeList)
 		}
+		if updateConf.GitCommitSigningKey != "" {
+			wbc.GitCommitSigningKey = updateConf.GitCommitSigningKey
+		}
+		wbc.GitCommitSignOff = updateConf.GitCommitSignOff
 	}
 
 	if needUpdate {