From 3eb9362cc2eba916246d6e8e78133c1b56af0ae5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?IOhannes=20m=20zm=C3=B6lnig?= Date: Fri, 5 Aug 2022 16:10:10 +0200 Subject: [PATCH] gh-action: give some feedback whether the submission was correctly PGP-signed --- .github/workflows/join.yml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/.github/workflows/join.yml b/.github/workflows/join.yml index 918b186..97d73ef 100644 --- a/.github/workflows/join.yml +++ b/.github/workflows/join.yml @@ -30,8 +30,13 @@ jobs: echo "KEY: ${key}" echo "fetching GPG key from keyring.debian.org..." gpg --homedir mygpg --keyserver keyring.debian.org --recv-keys "$key" + debuser=$(gpg --homedir mygpg -k ${key} | grep "@debian.org>" | sed -e 's|.*<\([^@]*\)@debian.org>.*|\1|') + echo "USER: ${debuser}" echo "verifying the signature..." gpg --homedir mygpg --verify file.txt + echo "::set-output name=DEBUSER::${debuser}" + outputs: + deb-username: ${{ steps.gpg-check.outputs.DEBUSER }} decline: name: Decline membership @@ -48,3 +53,21 @@ jobs: Therefore this issue is closed automatically. If you feel that this is unwarranted (e.g. because the auto-closing :robot: has a bug), please leave a comment. + + debuser: + name: Debian user + runs-on: ubuntu-latest + needs: ["keycheck"] + if: "${{ needs.keycheck.outputs.deb-username != '' }}" + steps: + - name: Post username + env: + DEBUSERNAME: ${{ needs.keycheck.outputs.deb-username }} + uses: peter-evans/create-or-update-comment@v2 + with: + issue-number: ${{ github.event.issue.number }} + body: | + Your membership application was correctly PGP signed with a key that is in the Debian keyring :tada:, + and you were were identified via your debian.org email as Debian user `${{ needs.keycheck.outputs.deb-username }}`. + + Please stay tuned until some human administrator accepts your application.