-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathstep-ca-0.28.1-r3.yaml
76 lines (66 loc) · 1.96 KB
/
step-ca-0.28.1-r3.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
package:
name: step-ca-0.28.1-r3
version: 0.28.1
epoch: 3
description: A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
copyright:
- license: Apache-2.0
environment:
contents:
packages:
- busybox
- ca-certificates-bundle
- go
pipeline:
- uses: git-checkout
with:
repository: https://github.com/smallstep/certificates
tag: v${{package.version}}
expected-commit: d327203c1c2a1900bd019a0d9b38bd280fbd5c24
- uses: go/bump
with:
deps: golang.org/x/crypto@v0.31.0 golang.org/x/net@v0.33.0
- runs: |
CGO_ENABLED=0 go build -v \
-ldflags='-w -X "main.Version=${{package.version}}"' \
-o "${{targets.destdir}}/usr/bin/step-ca" ./cmd/step-ca
- uses: strip
update:
enabled: true
github:
identifier: smallstep/certificates
strip-prefix: v
test:
environment:
contents:
packages:
- step
pipeline:
- name: Verify step-ca installation
runs: |
step-ca --version
step-ca --help
- name: Start step-ca server
runs: |
echo $RANDOM > password.txt
step ca init --name "Example Inc." \
--dns localhost \
--address 127.0.0.1:8443 \
--provisioner=bob@example.com \
--password-file=password.txt 2>&1 | grep -vi root
step-ca $(step path)/config/ca.json --password-file password.txt &
sleep 2
- name: Test step-ca server
runs: |
step ca health
# Create a certificate
step ca certificate svc.example.com svc.crt svc.key --password-file password.txt
[ -f svc.crt ]
[ -f svc.key ]
# Verify the provisioner
step certificate inspect svc.crt --short | grep "bob@example.com"
step ca revoke --cert svc.crt --key svc.key
- name: Cleanup
runs: |
rm -f password.txt svc.crt svc.key
pkill step-ca