defmodule GitGud.DeployKeys do
@moduledoc """
Repo-scoped SSH keys, intended for CI/automation. By default they're
read-only (`read_write: false`); set `read_write: true` to allow push.
Authorized_keys generation feeds these alongside `user_ssh_keys`. The
SSH wrapper passes the key id and the wrapper distinguishes user vs
deploy keys via the id prefix:
command="gitgud-ssh u:<user_key_id>" … (user)
command="gitgud-ssh d:<deploy_key_id>" … (deploy)
"""
import Ecto.Query, warn: false
alias GitGud.DeployKeys.DeployKey
alias GitGud.Repo
alias GitGud.Repositories.Repository
def list_keys(%Repository{id: rid}) do
DeployKey
|> where([k], k.repository_id == ^rid)
|> order_by([k], desc: k.inserted_at)
|> Repo.all()
end
def get_key!(id), do: Repo.get!(DeployKey, id)
def create_key(%Repository{id: rid}, attrs) do
%DeployKey{repository_id: rid}
|> DeployKey.changeset(attrs)
|> Repo.insert()
end
def delete_key(%DeployKey{} = key), do: Repo.delete(key)
def touch(%DeployKey{} = key) do
key
|> Ecto.Changeset.change(last_used_at: DateTime.utc_now(:second))
|> Repo.update()
end
end
1.2 KiB · text
5af55d9