billiegoose
commented
6 years ago I'm not sure! What are Google Scripts? How are you creating git commits? If it's possible to do it with isomorphic-git then you can use the pgp plugin
Open kenman345 opened 6 years ago
billiegoose
commented
6 years ago I'm not sure! What are Google Scripts? How are you creating git commits? If it's possible to do it with isomorphic-git then you can use the pgp plugin
kenman345
commented
6 years ago Google script is a flavour or a micro framework of JavaScript designed to automate and operate with Google Apps.
JavaScript on the other hand is a lingua franca level on the web used primarily to execute code on the client side. But nowdays it becomes popular as a server language as well.
Edit: Javascript is also a flavour of ecmascript. Thank to James H. Kelly pointing this out.
So basically, I cannot assume every function Javascript has will be available to me in Google Scripts, but a good amount can be as well as unique nuances that are specific to the Google Script framework.
Here is the link to the Overview of Google Apps Script.
To answer your question about how I currently am making git commits, I used the following article and example to put together a lot of what I am doing: Working with Github repository files using Google Apps Script: Examples in getting, writing and committing content by Martin Hawksey
If you scroll down from the example to the Summary section, you can see the github library inline that I am using/made modifications to. The blog also includes a link to all the code from the article in a single script, so it can be picked up and tried by anyone after a few minutes of setup as described in that article.
My thoughts are to give the commit function (self_.Repository.commit) a little more processing before committing, particularly a call to a method to format the provided input parameters with the library defined user/email for author and committer into the proper formatting for a commit to be signed, if the library has a signature defined during initialization or other steps in the process.
I figured doing it this way I would not need to revisit the rest of my code to put together the same items I need each time I commit, and I can isolate the method for making the commit message that needs to be signed to a private method of the library.
billiegoose
commented
6 years ago Ah! So you're creating the git commits directly in Github using their API? Interesting...
Luckily the Github API lets you include a signature parameter... so you just need to compute that.
In principle it's very simple! In practice, it's a matter of getting all the whitespace correct because if it is off by one byte that ruins the signature. :(
Stealing the example from the Github API page, if you can fetch the commit you've already made, then you'll probably get something like this:
{
"message": "my commit message",
"author": {
"name": "Scott Chacon",
"email": "schacon@gmail.com",
"date": "2008-07-09T16:13:30+12:00"
},
"parents": [
"7d1b31e74ee336d15cbd21741bc88a537ed063a0"
],
"tree": "827efc6d56897b048c772eb4087f854f46256132"
}and you need to format it as a string like this:
var commit = `tree 827efc6d56897b048c772eb4087f854f46256132
parent 7d1b31e74ee336d15cbd21741bc88a537ed063a0
author Scott Chacon <schacon@gmail.com> 1215576810 +1200
committer Scott Chacon <schacon@gmail.com> 1215576810 +1200
my commit message`Then if you're using this library (well... you can use @isomorphic-pgp/sign-and-verify directly), it should be:
const ipgp = require('@isomorphic-pgp/sign-and-verify')
let timestamp = Math.floor(Date.now() / 1000)
let signature = await ipgp.sign(secretKey, commit, timestamp)The scripts wont allow for multi-line variable definitions like that.
Also, is their a CDN URL I can try to use to refer to hte library itself? I think I might have better success leveraging it if I had the sign-and-verify component of the library references that way. Its not like node with the import statements, going to need a URL
Hi!
I originally found openpgpjs but they recommended I take a look here.
I am trying to get my github bot Google Script to be able to sign its commits. Do you have any advice or instructions that might help me with my efforts? Google Scripts are a bit weird but its handling everything I've wanted to do with it so far and it really would be nice to incorporate this functionality to its capabilities
I have all the other parts of committing figured out, so I absolutely only need the to be able to sign with my PGP Private key.