forked from benoitf/github-secrets-generator
-
Notifications
You must be signed in to change notification settings - Fork 1
/
run.sh
executable file
·134 lines (111 loc) · 3.61 KB
/
run.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
#!/bin/bash
build_container ()
{
BUILDER=$(command -v podman || true)
if [[ ! -x $BUILDER ]]; then
BUILDER=$(command -v docker || true)
if [[ ! -x $BUILDER ]]; then
echo "[ERROR] can't find docker or podman. Abort!"; exit 1
fi
fi
$BUILDER build -t github-secrets-generator .
}
checkIfSecretExists()
{
GH_ORG_REPO=$1
SECRET_TO_CHECK=$2
if [[ ! $GITHUB_TOKEN ]]; then echo "Must export a valid GITHUB_TOKEN to run this script."; exit 1; fi
if [[ $SECRET_TO_CHECK == "" ]]; then usage; fi
echo "In github.com/${GH_ORG_REPO}, fetch:"
for myVAR in $SECRET_TO_CHECK; do
if [[ $SECRET_TO_CHECK != "--list" ]]; then
echo "* $myVAR"
fi
podman run --rm --entrypoint /checkIfSecretExists.sh github-secrets-generator "${GITHUB_TOKEN}" "${GH_ORG_REPO}" "${myVAR}"
done
}
uploadSecretsFromFile()
{
GH_ORG_REPO=$1
secretfile=$2
if [[ ! $GITHUB_TOKEN ]]; then echo "Must export a valid GITHUB_TOKEN to run this script."; exit 1; fi
echo "In github.com/${GH_ORG_REPO}, update:"
while IFS= read -r myline
do
myVAR=${myline% *}
myVAL=${myline#* }
if [[ $myVAR ]] && [[ $myVAL ]]; then
echo "* $myVAR"
podman run --rm --entrypoint /generate.sh github-secrets-generator "${GITHUB_TOKEN}" "${GH_ORG_REPO}" "${myVAR}" "${myVAL}"
fi
unset myVAR
unset myVAL
done <"$secretfile"
}
deleteSecretsFromFile()
{
GH_ORG_REPO=$1
secretfile=$2
if [[ ! $GITHUB_TOKEN ]]; then echo "Must export a valid GITHUB_TOKEN to run this script."; exit 1; fi
echo "In github.com/${GH_ORG_REPO}, delete:"
while read -r myVAR;
do
myVAR=${myVAR% *}
echo "* $myVAR"
podman run --rm --entrypoint /delete.sh github-secrets-generator "${GITHUB_TOKEN}" "${GH_ORG_REPO}" "${myVAR}"
done <"$secretfile"
}
usage () {
echo "
To build the github-secrets-generator container (requires podman or docker):
Usage: $0 --build
Example: $0 --build
To check if a secret already exists in a repo:
Usage: $0 -r [GH org/project] [SECRET_TO_CHECK]
Example: $0 -r eclipse-che/che-theia CHE_BOT_GITHUB_TOKEN
Example: $0 -r che-incubator/jetbrains-editor-images CHE_INCUBATOR_BOT_GITHUB_TOKEN
To list existing secrets by name:
Usage: $0 -r [GH org/project] --list
Example: $0 -r eclipse-che/che-theia --list
To upload 1 or more secrets from a file (one per line):
Usage: $0 -r [GH org/project] -f [SECRET_FILE]
Example: $0 -r eclipse-che/che-dashboard -f mykeys.txt
Plaintext secret file format: one entry per line, key-value separated by a space
KEY1_NAME VALUE1
KEY2_NAME VALUE2
To delete 1 or more secrets from a file (one per line):
Usage: $0 -r [GH org/project] -d -f [SECRET_FILE]
Example: $0 -r eclipse-che/che-dashboard -d -f mykeys.txt
Plaintext secret file format: one entry per line
SECRET_NAME1
SECRET_NAME2
"
exit 1
}
if [[ $# -lt 1 ]]; then usage; exit; fi
DO_BUILD=0
DO_DELETE=0
REPO=""
SECRETFILE=""
SECRET_TO_CHECK=""
while [[ "$#" -gt 0 ]]; do
case $1 in
'--build') DO_BUILD=1; shift 1;;
'-d') DO_DELETE=1; shift 1;;
'-r') REPO="$2"; shift 1;;
'-f') SECRETFILE="$2"; shift 1;;
*) SECRET_TO_CHECK="$1"; shift 1;;
esac
shift 1
done
if [[ $DO_BUILD -eq 1 ]]; then build_container; fi
if [[ ! $REPO ]] && [[ $DO_BUILD -eq 0 ]]; then usage; exit; fi
if [[ $DO_DELETE -eq 1 ]]; then
deleteSecretsFromFile $REPO $SECRETFILE
elif [[ $SECRETFILE ]]; then
uploadSecretsFromFile $REPO $SECRETFILE
elif [[ $SECRET_TO_CHECK ]]; then
checkIfSecretExists $REPO $SECRET_TO_CHECK
elif [[ $DO_BUILD -eq 0 ]]; then
usage
fi