feature(keyringctl): adding ci command to verify newly added certs

Currently only newly added certificates will be checked against the expectations as existing keys are not all fully compatible with those assumptions. New certificates are determined by using $CI_MERGE_REQUEST_DIFF_BASE_SHA as the base,
2021-10-24 22:08:50 +02:00
parent 9733fbafd8
commit a9e63edfa8
5 changed files with 125 additions and 1 deletions
--- a/libkeyringctl/cli.py
+++ b/libkeyringctl/cli.py
@ -8,6 +8,7 @@ from pathlib import Path
 from tempfile import TemporaryDirectory
 from tempfile import mkdtemp

+from .ci import ci
 from .keyring import Username
 from .keyring import build
 from .keyring import convert
@ -114,6 +115,11 @@ verify_parser.add_argument(
 )
 verify_parser.set_defaults(lint_hokey=True, lint_sq_keyring=True)

+ci_parser = subcommands.add_parser(
+    "ci",
+    help="ci command to verify certain aspects and expectations in pipelines",
+)
+

 def main() -> None:  # noqa: ignore=C901
    args = parser.parse_args()
@ -123,6 +129,7 @@ def main() -> None:  # noqa: ignore=C901

    # temporary working directory that gets auto cleaned
    with TemporaryDirectory(prefix="arch-keyringctl-") as tempdir:
+        project_root = Path(".").absolute()
        keyring_root = Path("keyring").absolute()
        working_dir = Path(tempdir)
        debug(f"Working directory: {working_dir}")
@ -190,6 +197,8 @@ def main() -> None:  # noqa: ignore=C901
                    lint_hokey=args.lint_hokey,
                    lint_sq_keyring=args.lint_sq_keyring,
                )
+            elif "ci" == args.subcommand:
+                ci(working_dir=working_dir, keyring_root=keyring_root, project_root=project_root)
            else:
                parser.print_help()