feat(store): 更新插件商店生成脚本和安全签名功能
All checks were successful
Sign Plugins / sign (push) Successful in 31s
All checks were successful
Sign Plugins / sign (push) Successful in 31s
- 修改 generate-store.sh 脚本添加 Gitea raw 文件基础 URL 配置 - 在 generate-store.sh 中为每个插件添加 download_url 和 signature_url 字段 - 扩展 signtool 工具添加 sign-json 命令用于签名 JSON 配置文件 - 更新 GitHub Actions 工作流添加对 security/*.json 文件的监控 - 新增 sign-security.sh 脚本用于批量签名安全相关 JSON 文件 - 添加 security/keys.json 和 security/revocation.json 模板文件
This commit is contained in:
Flik
15
.github/workflows/sign.yml
vendored
15
.github/workflows/sign.yml
vendored
@@ -6,6 +6,7 @@ on:
|
||||
paths:
|
||||
- 'plugins/**/*.js'
|
||||
- 'plugins/**/manifest.json'
|
||||
- 'security/*.json'
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
@@ -31,13 +32,25 @@ jobs:
|
||||
bash scripts/sign-all.sh /tmp/private.key
|
||||
rm -f /tmp/private.key
|
||||
|
||||
- name: Install jq
|
||||
run: sudo apt-get update && sudo apt-get install -y jq
|
||||
|
||||
- name: Generate store.json
|
||||
run: bash scripts/generate-store.sh > store.json
|
||||
|
||||
- name: Sign security files
|
||||
env:
|
||||
SIGNING_KEY: ${{ secrets.PLUGIN_SIGNING_KEY }}
|
||||
run: |
|
||||
echo "$SIGNING_KEY" > /tmp/private.key
|
||||
chmod 600 /tmp/private.key
|
||||
bash scripts/sign-security.sh /tmp/private.key
|
||||
rm -f /tmp/private.key
|
||||
|
||||
- name: Commit changes
|
||||
run: |
|
||||
git config user.name "GitHub Actions"
|
||||
git config user.email "actions@github.com"
|
||||
git add -A "plugins/**/*.sig" store.json
|
||||
git add -A "plugins/**/*.sig" store.json "security/*.json"
|
||||
git diff --staged --quiet || git commit -m "chore: update signatures and store"
|
||||
git push
|
||||
|
||||
Reference in New Issue
Block a user