Skip to content
Update SOPS keys

Update SOPS keys #11975

Sign in to view logs

Update SOPS keys

Update SOPS keys #11975

Workflow file for this run

.github/workflows/update-sops-keys.yaml at ee7717f
---
name: Update SOPS keys
on:
workflow_dispatch: {}
schedule:
- cron: 0 * * * *
push:
paths:
- .sops.yaml
jobs:
update-sops-keys:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
# TODO: https://github.com/peter-evans/create-pull-request/issues/4228
with:
persist-credentials: false
- uses: cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31
with:
nix_path: nixpkgs=channel:nixos-unstable
extra_nix_config: |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
- uses: workflow/nix-shell-action@v3.4.0
with:
packages: sops,findutils
script: |
export SOPS_AGE_KEY=${{ secrets.SOPS_AGE_KEY }}
find . -type f -name \*.sops.yaml ! -name .sops.yaml -exec sops updatekeys --yes {} \;
- name: Generate token
uses: tibdex/github-app-token@v2
id: generate-token
with:
app_id: ${{ secrets.BOT_APP_ID }}
private_key: ${{ secrets.BOT_APP_PRIVATE_KEY }}
- name: Create Pull Request
id: cpr
uses: peter-evans/create-pull-request@v8
with:
token: ${{ steps.generate-token.outputs.token }}
title: "chore(sops): update sops secrets with new public keys"
commit-message: "chore(deps): update sops secrets with new public keys"
delete-branch: true
committer: budimanjojo-bot <111944664+budimanjojo-bot[bot]@users.noreply.github.com>
author: budimanjojo-bot <111944664+budimanjojo-bot[bot]@users.noreply.github.com>
- name: Automerge
if: steps.cpr.outputs.pull-request-operation == 'created'
uses: peter-evans/enable-pull-request-automerge@v3
with:
token: ${{ steps.generate-token.outputs.token }}
pull-request-number: ${{ steps.cpr.outputs.pull-request-number }}
merge-method: squash