8ce83ba7ff
This also includes a new `login` command. The signing and CI logic is now using the Driver trait system along with a new experimental sigstore signing driver. New static macros have also been created to make implementation management easier for `Command` usage and `Driver` trait implementation calls. --------- Co-authored-by: xyny <60004820+xynydev@users.noreply.github.com>
52 lines
1.8 KiB
Rust
52 lines
1.8 KiB
Rust
use std::{env, path::Path};
|
|
|
|
use blue_build_utils::{
|
|
constants::{BB_PRIVATE_KEY, COSIGN_PRIVATE_KEY, COSIGN_PRIV_PATH, COSIGN_PUB_PATH},
|
|
string,
|
|
};
|
|
use miette::{bail, Result};
|
|
|
|
use super::opts::PrivateKey;
|
|
|
|
pub(super) fn get_private_key<P>(path: P) -> Result<PrivateKey>
|
|
where
|
|
P: AsRef<Path>,
|
|
{
|
|
let path = path.as_ref();
|
|
|
|
Ok(
|
|
match (
|
|
path.join(COSIGN_PUB_PATH).exists(),
|
|
env::var(BB_PRIVATE_KEY).ok(),
|
|
env::var(COSIGN_PRIVATE_KEY).ok(),
|
|
path.join(COSIGN_PRIV_PATH),
|
|
) {
|
|
(true, Some(private_key), _, _) if !private_key.is_empty() => {
|
|
PrivateKey::Env(string!(BB_PRIVATE_KEY))
|
|
}
|
|
(true, _, Some(cosign_priv_key), _) if !cosign_priv_key.is_empty() => {
|
|
PrivateKey::Env(string!(COSIGN_PRIVATE_KEY))
|
|
}
|
|
(true, _, _, cosign_priv_key_path) if cosign_priv_key_path.exists() => {
|
|
PrivateKey::Path(cosign_priv_key_path)
|
|
}
|
|
_ => {
|
|
bail!(
|
|
help = format!(
|
|
"{}{}{}{}{}{}",
|
|
format_args!("Make sure you have a `{COSIGN_PUB_PATH}`\n"),
|
|
format_args!(
|
|
"in the root of your repo and have either {COSIGN_PRIVATE_KEY}\n"
|
|
),
|
|
format_args!("set in your env variables or a `{COSIGN_PRIV_PATH}`\n"),
|
|
"file in the root of your repo.\n\n",
|
|
"See https://blue-build.org/how-to/cosign/ for more information.\n\n",
|
|
"If you don't want to sign your image, use the `--no-sign` flag.",
|
|
),
|
|
"{}",
|
|
"Unable to find private/public key pair",
|
|
)
|
|
}
|
|
},
|
|
)
|
|
}
|