ci: use specific key for signing

2023-06-14 12:10:02 -06:00 · 2023-06-14 12:10:02 -06:00 · be7bf8d169
commit be7bf8d169
parent ca8e94ce35
3 changed files with 10 additions and 1 deletions
--- a/.allowed_signers
+++ b/.allowed_signers
@ -3,3 +3,4 @@ aaron@bolddaemon.com sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5z
 aaron@bolddaemon.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC74Cw0fk2g/Fzo2a5bJ+Tw6mEjbGR1/yx0HBt/p3R30
 aaron@bolddaemon.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDM2k2C6Ufx5RNf4qWA9BdQHJfAkskOaqEWf8yjpySwH Nix Manager
 aaron@bolddaemon.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIACUwXo7HdoPI9vAMzcbYuXRgsbHA2otn0zF1zsaaj40 nixos ci
 aaron@bolddaemon.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIlVMdlJxNwsBAb6UUA0hqSwpbMA23L+UzRgkiodpOGq CI Signing
--- a/bin/ci
+++ b/bin/ci
@ -8,7 +8,7 @@ CMD=${1:-""}
 eval $(keychain --eval --agents ssh --inherit any)
-git config user.signingkey /run/secrets/ci_ed25519_key
+git config user.signingkey /run/secrets/ci_signing_ed25519_key
 git config commit.gpgsign true
 git config gpg.ssh.allowedSignersFile .allowed_signers
--- a/configs/ci.nix
+++ b/configs/ci.nix
@ -44,6 +44,14 @@ in with lib; {
        mode = "444";
        owner = config.xinCI.user;
      };
      ci_signing_ed25519_key = {
        mode = "400";
        owner = config.xinCI.user;
      };
      ci_signing_ed25519_pub = {
        mode = "444";
        owner = config.xinCI.user;
      };
      bin_cache_priv_key = {
        mode = "400";
        owner = "root";