Skip to content
Update AutoFirma CAs by Provider

Update AutoFirma CAs by Provider #40

Sign in to view logs

Update AutoFirma CAs by Provider

Update AutoFirma CAs by Provider #40

Workflow file for this run

.github/workflows/update-autofirma-CAs-by-provider.yml at 6490352
name: Update AutoFirma CAs by Provider
on:
schedule:
- cron: "0 4 * * 1,3,5" # Monday, Wednesday, Friday at 05:00 CET / 06:00 CEST
push:
branches:
- main
paths:
- 'nix/autofirma/truststore/prestadores/CAs_fetch_links.json'
- 'nix/autofirma/truststore/prestadores/providers.json'
workflow_dispatch:
repository_dispatch:
jobs:
parse-ca-fetch-links:
name: Parse CA Fetch Links JSON
runs-on: ubuntu-latest
outputs:
fetch_links: ${{ steps.extract-fetch-links.outputs.fetch_links }}
markdown_links: ${{ steps.extract-fetch-links.outputs.markdown_links }}
steps:
- name: Checkout Repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- id: extract-fetch-links
name: Extract Fetch Links and Generate Markdown
shell: bash
run: |
echo "fetch_links=$(jq -c '.' nix/autofirma/truststore/prestadores/CAs_fetch_links.json)" >> $GITHUB_OUTPUT
echo 'markdown_links<<EOF' >> $GITHUB_OUTPUT
jq -r '.[] | "- [" + .cif + ".json](" + .url + ")"' nix/autofirma/truststore/prestadores/CAs_fetch_links.json >> $GITHUB_OUTPUT
echo 'EOF' >> $GITHUB_OUTPUT
download-ca-files:
name: Download CA Files for Each Provider
needs: parse-ca-fetch-links
runs-on: ubuntu-latest
strategy:
fail-fast: true
matrix:
fetch_link: ${{ fromJson(needs.parse-ca-fetch-links.outputs.fetch_links) }}
steps:
- name: Checkout Repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Install Nix Package Manager
uses: cachix/install-nix-action@02a151ada4993995686f9ed4f1be7cfbb229e56f # v31
- name: Download CA for ${{ matrix.fetch_link.cif }}
shell: bash # https://github.com/actions/runner-images/issues/4459#issuecomment-1374859960
run: |
echo '${{ toJson(matrix.fetch_link) }}' \
| nix --accept-flake-config develop --command -- download-url-linked-CAs \
| tee nix/autofirma/truststore/prestadores/CAs-by-provider/${{ matrix.fetch_link.cif }}.json
- name: Upload CA Artifact for ${{ matrix.fetch_link.cif }}
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: CAs-${{ matrix.fetch_link.cif }}
path: nix/autofirma/truststore/prestadores/CAs-by-provider/${{ matrix.fetch_link.cif }}.json
create-ca-pull-request:
name: Create Pull Request with Updated CA Files
needs:
- download-ca-files
- parse-ca-fetch-links
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Clear Existing CA Files
run: rm -f nix/autofirma/truststore/prestadores/CAs-by-provider/*.json
- name: Download CA Artifacts
uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
with:
pattern: CAs-*
path: nix/autofirma/truststore/prestadores/CAs-by-provider
merge-multiple: true
- name: Create Pull Request for Updated CA Files
uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
with:
branch: update/autofirma-CAs-by-provider
base: main
author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
delete-branch: true
labels: |
security
merge-queue
commit-message: 'update: AutoFirma CAs-by-provider'
title: "Update Trusted Providers CAs for autofirma-nix"
body: |
This PR updates the JSON files for each trusted provider based on the information available on their respective websites.
**List of Provider URLs:**
${{ needs.parse-ca-fetch-links.outputs.markdown_links }}
#### Review Checklist:
1. Verify that the updated list aligns with the official sources.
2. Ensure that no entries have been unintentionally removed, possibly due to temporary page outages.
Thank you for your review!
add-paths: |
nix/autofirma/truststore/prestadores/CAs-by-provider