argocd-image-updater icon indicating copy to clipboard operation
argocd-image-updater copied to clipboard

Published 20 hours ago verified publisher icon argoproj-labs

Added support for ssh signed commits and completed gpg signed commit work

Open dlactin opened this issue 1 year ago • 3 comments

Building upon the work done in PR 428 to add support for SSH signed commits.

Updated Documentation to include instructions and examples for adding an SSH signing key along with links to repository provider documentation for setting up commit verification.

Updated deployment to include volumes for SSH key secrets and the respective volume mounts.

dlactin avatar May 11 '24 03:05 dlactin

Hey @dlactin, thanks for this PR.

I was wondering what the value-add for this would be, because Argo CD would not be able to validate those commits signed by SSH just yet?

jannfis avatar May 16 '24 13:05 jannfis

Hey @jannfis, in our case we require signed commits on our infrastructure repositories. So we are unable to have image updater commit to any of our protected branches without this change.

Adding commit signing capability to image updater will allow verified commits to the target repo, commit validation with ArgoCD would be a bonus when that feature is available.

Screenshot 2024-05-16 at 9 34 02 AM

dlactin avatar May 16 '24 15:05 dlactin

Thanks for the clarification, @dlactin. The feature makes sense to me, then. Also, I guess with Source Verification Policies hopefully coming to Argo CD, we could as well integrate verification of SSH signatures and Image Updater would already know how to do sign using SSH then.

+1 from me for this feature. Please give us some time to review.

jannfis avatar May 16 '24 17:05 jannfis

Just as a heads up, this is good to go. Waiting for https://github.com/argoproj-labs/argocd-image-updater/pull/737 to be merged, then we'd need to rebase this one on top of the Git client changes. It shouldn't be too much work though.

jannfis avatar Jun 12 '24 19:06 jannfis

@dlactin Thank you for your patience! #737 has been merged, and as expected left a couple of conflicts for this PR. I can support you to resolve them, or let you do it on your own. Please let me know what you prefer.

jannfis avatar Jun 14 '24 15:06 jannfis

@dlactin Thank you for your patience! #737 has been merged, and as expected left a couple of conflicts for this PR. I can support you to resolve them, or let you do it on your own. Please let me know what you prefer.

Hey, not a problem!

I won't have time to finish this up until sometime next week so feel free to resolve them if you'd like! Otherwise I'm happy to pick this back up later.

dlactin avatar Jun 14 '24 18:06 dlactin