test: add encrypted secrets test to overlayfs workflow

- Generate random encryption key and store in GitHub Secrets via gh CLI - Encrypt test message with GPG and commit to repo - Decrypt in workflow using key from secrets and echo result - Demonstrates encrypted secrets approach for SSH keys
2025-11-04 18:55:49 +00:00 · 2025-10-29 08:04:28 +07:00
parent d790f97430
commit 6014356d91
2 changed files with 26 additions and 0 deletions
--- a/.github/secrets/test-message.gpg
+++ b/.github/secrets/test-message.gpg
@@ -0,0 +1 @@
+<EFBFBD>
--- a/.github/workflows/test-overlayfs-delta.yml
+++ b/.github/workflows/test-overlayfs-delta.yml
@@ -9,6 +9,31 @@ jobs:
  test-overlayfs:
    runs-on: ubuntu-latest
    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Test encrypted secrets (decrypt test message)
+        run: |
+          echo "========================================"
+          echo "TESTING ENCRYPTED SECRETS"
+          echo "========================================"
+          echo ""
+          echo "Decrypting test message from .github/secrets/test-message.gpg"
+          echo "Using encryption key from GitHub Secrets..."
+          echo ""
+
+          # Decrypt using key from GitHub Secrets
+          echo "${{ secrets.TEST_ENCRYPTION_KEY }}" | \
+            gpg --batch --yes --passphrase-fd 0 \
+            --decrypt .github/secrets/test-message.gpg
+
+          echo ""
+          echo "========================================"
+          echo "If you see the success message above,"
+          echo "then encrypted secrets work! 🎉"
+          echo "========================================"
+          echo ""
+
      - name: Setup OverlayFS layers
        run: |
          echo "=== Creating directory structure ==="