WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-05-03 04:23:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

robosignatory: ima sign side tags, infra tag, modular tags and pending

Browse Source 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi
2022-07-27 10:02:01 -07:00
parent 9ddd3e2e6d
commit b8a4eda79e
1 changed files with 16 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
roles/robosignatory/templates/robosignatory.toml.j2
View File

@@ -124,6 +124,10 @@ handlers = ["console"]
to = "f37-infra-stg"
key = "{{ (env == 'production')|ternary('fedora-infra', 'testkey') }}"
keyid = "{{ (env == 'production')|ternary('47dd8ef9', 'd300e724') }}"
{% if env == "production" %}
# ima file signing - enabled in f37
file_signing_key = "fedora-37-ima"
{% endif %}
# Gated coreos-pool tag
@@ -162,12 +166,20 @@ handlers = ["console"]
from = '<sidetag>-signing-pending'
to = '<sidetag>-testing-pending'
trusted_taggers = ['bodhi']
{% if env == "production" %}
# ima file signing - enabled in f37
file_signing_key = "fedora-37-ima"
{% endif %}
[[consumer_config.koji_instances.primary.tags]]
from = "f37-pending"
to = "f37"
key = "{{ (env == 'production')|ternary('fedora-37', 'testkey') }}"
keyid = "{{ (env == 'production')|ternary('5323552a', 'd300e724') }}"
{% if env == "production" %}
# ima file signing - enabled in f37
file_signing_key = "fedora-37-ima"
{% endif %}
[[consumer_config.koji_instances.primary.tags]]
from = "f37-modular-pending"
@@ -351,8 +363,11 @@ handlers = ["console"]
to = "f37-openh264"
key = "{{ (env == 'production')|ternary('fedora-37', 'testkey') }}"
keyid = "{{ (env == 'production')|ternary('5323552a', 'd300e724') }}"
{% if env == "production" %}
# ima file signing - enabled in f37
file_signing_key = "fedora-37-ima"
{% endif %}
[[consumer_config.koji_instances.primary.tags]]
from = "f36-openh264"
to = "f36-openh264"