.github: workflows: qubesos.yml: add trigger-woodpecker-cicd job for signing by DaniilKl · Pull Request #26 · TrenchBoot/secure-kernel-loader

DaniilKl · 2026-04-16T11:48:13Z

Related to this PR TrenchBoot/.github#16 .

signing Signed-off-by: Danil Klimuk <daniil.klimuk@3mdeb.com>

m-iwanicki

@DaniilKl As you can see, woodpecker failed (missing token?): https://github.com/TrenchBoot/secure-kernel-loader/actions/runs/25159637133/job/73751113565

DaniilKl · 2026-04-30T10:24:48Z

@DaniilKl As you can see, woodpecker failed (missing token?): https://github.com/TrenchBoot/secure-kernel-loader/actions/runs/25159637133/job/73751113565

Yes, missing token. I am discussing this with organization admins.

DaniilKl · 2026-04-30T16:53:29Z

I am closing this, as there were a decision to not use the access via tokens stored as GitHub secrets to the ci.3mdeb.com for security reasons. This is to prevent the tokens leak from GitHub, that could compromise the packages that will be signed and/or the entire ci.3mdeb.com instance. Reason: the Woodpecker does not have scoped access control for its tokens, every token give the full access to a Woodpecker instance.

DaniilKl requested a review from macpijan April 16, 2026 11:48

DaniilKl self-assigned this Apr 16, 2026

DaniilKl force-pushed the add-signing-job branch from e6e10fe to 068f979 Compare April 16, 2026 11:49

DaniilKl mentioned this pull request Apr 16, 2026

Public availability of automatically built TrenchBoot packages integrated on top of the QubesOS upstream TrenchBoot/trenchboot-issues#83

Open

m-iwanicki requested changes Apr 23, 2026

View reviewed changes

Comment thread .github/workflows/qubesos.yml Outdated

m-iwanicki requested changes Apr 23, 2026

View reviewed changes

Comment thread .github/workflows/qubesos.yml Outdated

m-iwanicki requested changes Apr 23, 2026

View reviewed changes

Comment thread .github/workflows/qubesos.yml Outdated

DaniilKl force-pushed the add-signing-job branch 2 times, most recently from 6340b7d to 787c0ee Compare April 27, 2026 18:10

DaniilKl requested a review from m-iwanicki April 27, 2026 18:10

m-iwanicki requested changes Apr 28, 2026

View reviewed changes

Comment thread .github/workflows/qubesos.yml

m-iwanicki requested changes Apr 28, 2026

View reviewed changes

Comment thread .github/workflows/qubesos-rc.yml Outdated

DaniilKl force-pushed the add-signing-job branch from 787c0ee to f97a5b8 Compare April 29, 2026 08:03

.github: workflows: qubesos.yml: add trigger-woodpecker-cicd job for

1b0ce6f

signing Signed-off-by: Danil Klimuk <daniil.klimuk@3mdeb.com>

DaniilKl force-pushed the add-signing-job branch from f97a5b8 to 1b0ce6f Compare April 29, 2026 08:30

DaniilKl requested a review from m-iwanicki April 29, 2026 08:30

m-iwanicki requested changes Apr 30, 2026

View reviewed changes

DaniilKl closed this Apr 30, 2026

DaniilKl deleted the add-signing-job branch April 30, 2026 16:53

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

.github: workflows: qubesos.yml: add trigger-woodpecker-cicd job for signing#26

.github: workflows: qubesos.yml: add trigger-woodpecker-cicd job for signing#26
DaniilKl wants to merge 1 commit into
masterfrom
add-signing-job

DaniilKl commented Apr 16, 2026

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

m-iwanicki left a comment

Uh oh!

DaniilKl commented Apr 30, 2026

Uh oh!

DaniilKl commented Apr 30, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

DaniilKl commented Apr 16, 2026

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

m-iwanicki left a comment

Choose a reason for hiding this comment

Uh oh!

DaniilKl commented Apr 30, 2026

Uh oh!

DaniilKl commented Apr 30, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

DaniilKl commented Apr 30, 2026 •

edited

Loading