Update encrypted key used for CI access

2025-10-02 06:38:20 +00:00 · 2019-12-18 13:23:51 -08:00 · 2019-12-18 13:23:51 -08:00 · 52f97c7e45
commit 52f97c7e45
parent c59b81306b
4 changed files with 40 additions and 4 deletions
--- a/ci/README
+++ b/ci/README
@ -0,0 +1,32 @@
+=========================================
+Continuous Integration Configuration Info
+=========================================
+
+The following pointers are aimed at maintainers to help describe a few points
+about the Cirrus CI setup that may not be obvious/intuitive.
+
+Private Test Suite
+------------------
+
+Access to the private test suite is available in CI tasks except in Pull
+Requests from people that do not otherwise have write access to the zeek
+repository on GitHub.  To configure this access for the
+``zeek-testing-private`` repository, it uses a "deploy key" which is a single
+purpose SSH key with read-only permissions.  Here's how it can be set up:
+
+1. ``ssh-keygen -f cirrus-key``
+
+2. Add contents of ``cirrus-key.pub`` as a new key on GitHub:
+   https://github.com/zeek/zeek-testing-private/settings/keys
+
+3. Generate a new Cirrus CI secured variable in the repository settings at
+   https://cirrus-ci.com/github/zeek/zeek.  The value of the secured variable
+   is the base64-encoded private key, and can be obtained from the output of
+   the command: ``base64 cirrus-key``.
+
+4. Take the ``ENCRYPTED[...]``` string generated by Cirrus and use that as the
+   value of ``ZEEK_TESTING_PRIVATE_SSH_KEY`` in ``.cirrus.yml``
+
+5. Delete the local key: ``rm cirrus-key*``
+
+6. Commit/push the changes.