site: Fix public key for production (#18)

Signed-off-by: Ryan Northey <[email protected]>
envoyproxy · Aug 25, 2024 · 6f2a26b · 6f2a26b
1 parent c40162c
commit 6f2a26b
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 6 deletions.
diff --git a/BUILD b/BUILD
@@ -121,5 +121,5 @@ pkg_tar(
         "//debs:html",
         "//site:html",
     ],
-    srcs = ["//site:signing-key"],
+    srcs = ["//site:signing_key"],
 )
diff --git a/build-repository.sh b/build-repository.sh
@@ -58,13 +58,14 @@ Passphrase: ${SIGNING_KEY_PASSPHRASE}
 %commit
 %echo done
 EOF
-    gpg --export -a "Envoy CI" > site/signing.key
+    gpg --export -a "Envoy CI" > site/signing.key.txt
 }
 
 import_private_key () {
     echo -e "$(underline $(bold "Import maintainers private signing key: repository signing"))"
-    echo "${SIGNING_KEY_0}${SIGNING_KEY_1}${SIGNING_KEY_2}${SIGNING_KEY_3}" | base64 -d > signing.key
-    gpg --batch --pinentry-mode loopback --import signing.key
+    echo "${SIGNING_KEY_0}${SIGNING_KEY_1}${SIGNING_KEY_2}${SIGNING_KEY_3}" \
+        | base64 -d \
+        | gpg --batch --pinentry-mode loopback --import
 }
 
 create_excludes () {
@@ -95,7 +96,7 @@ main () {
         echo "$DEPLOY_PRIME_URL" > site/url.txt
         bazel_args+=(
             --//site:url=//site:url.txt
-            --//site:signing-key=//site:signing.key)
+            --//site:signing-key=//site:signing.key.txt)
     else
         bazel_args+=(--//:production=//:true)
     fi

diff --git a/site/BUILD b/site/BUILD
@@ -3,7 +3,7 @@ load("@envoy_toolshed//website:macros.bzl", "static_website")
 ENVOY_APT_URL = "https://apt.envoyproxy.io"
 
 exports_files([
-    "signing.key",
+    "signing.key.txt",
     "url.txt",
 ])
 
@@ -15,6 +15,16 @@ genrule(
     """ % ENVOY_APT_URL,
 )
 
+genrule(
+    name = "signing_key",
+    outs = ["signing.key"],
+    cmd = """
+    cat $(location :signing-key) > $@
+    """,
+    srcs = [":signing-key"],
+    visibility = ["//visibility:public"],
+)
+
 label_flag(
     name = "url",
     build_setting_default = ":default_url",