Created
August 14, 2022 19:35
-
-
Save RobertKielty/5f808bef1d2b4cd30689445be46182a4 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #+TITLE: Create | |
| #+DESCRIPTION: Secret creation | |
| #+name: secret-setup | |
| #+begin_src bash :results output :tangle secret-setup.sh :shebang "#!/bin/bash" | |
| declare -r SECRETS_DIR="$(pwd)/secrets" | |
| declare -r OAUTH_TOKEN_FILE="${SECRETS_DIR}/gh-oauth-token" | |
| declare -r HMAC_TOKEN_FILE="${SECRETS_DIR}/hmac-token" | |
| declare -r GH_USER="RobertKielty" | |
| declare -r ORGANIZATION="mock-cncf-project-org" | |
| declare -r REPOS="mock-project" | |
| declare -r HMAC_TOKEN_KEY="gha_hook_hmac" | |
| declare -r OAUTH_TOKEN_KEY="gha-oauth" | |
| function prowbot-hmac-setup() { | |
| printf "Creating a hmac token for hook's webhook\n" | |
| openssl rand -hex 20 > "${HMAC_TOKEN_FILE}" | |
| printf "Created %s\n", "${HMAC_TOKEN_FILE}" | |
| } | |
| function prowbot-hmac-add-as-gh-secret() { | |
| printf "Uploading hmac token key %s, for %s to github\n" "${HMAC_TOKEN_KEY}" "${ORGANIZATION}" | |
| printf 'gh secret set %s --org %s < %s' "${HMAC_TOKEN_KEY}" "${ORGANIZATION}" "${HMAC_TOKEN_FILE}" | |
| gh secret set "${HMAC_TOKEN_KEY}" --org "${ORGANIZATION}" < "${HMAC_TOKEN_FILE}" | |
| } | |
| function prowbot-oauth-setup(){ | |
| printf "You need to create a bot account on Github.\n" | |
| printf "on that bot account goto, \n" | |
| printf "\thttps://github.com/settings/tokens\n" | |
| printf "Click on the Generate new token button\n" | |
| printf "\tThe a/c must have the public_repo and repo:status\n" | |
| printf "\tAdd the repo scope if you plan on handing private repos\n" | |
| printf "\tAdd the admin_org:hook scope if you plan on handling a github org\n\n" | |
| printf "\tPlace the generated oauth token in %s\n", "${OAUTH_TOKEN}" | |
| printf "For more details goto:\n" | |
| echo "https://github.com/kubernetes/test-infra/blob/master/prow/getting_started_deploy.md#github-bot-account" | |
| } | |
| function check-secret-config() { | |
| echo "Checking for ${SECRETS_DIR}" | |
| if [ ! -d "${SECRETS_DIR}" ]; then | |
| echo "Setting up a secrets dir to store your Github prow bot token" | |
| mkdir "${SECRETS_DIR}" | |
| fi | |
| echo "Checking for ${HMAC_TOKEN_FILE}" | |
| if [ ! -f "${HMAC_TOKEN_FILE}" ]; then | |
| echo "hmac-token file is missing" | |
| prowbot-hmac-setup | |
| fi | |
| if [ ! $(gh secret list --org "${ORGANIZATION}") ]; then | |
| prowbot-hmac-add-as-gh-secret | |
| fi | |
| echo "Checking for ${OAUTH_TOKEN_FILE}" | |
| if [ ! -f "${OAUTH_TOKEN_FILE}" ]; then | |
| echo "${OAUTH_TOKEN} is missing" | |
| # prowbot-oauth-setup | |
| fi | |
| } | |
| gh auth login --with-token < ~/.github/.PAT | |
| check-secret-config | |
| #+end_src | |
| #+RESULTS: secret-setup | |
| #+begin_src bash | |
| Checking for /home/ii/ii/sdlc-coordinator/secrets/secrets | |
| Checking for /home/ii/ii/sdlc-coordinator/secrets/secrets/hmac-token | |
| Checking for /home/ii/ii/sdlc-coordinator/secrets/secrets/gh-oauth-token | |
| is missing | |
| You need to create a bot account on Github. | |
| on that bot account goto, | |
| https://github.com/settings/tokens | |
| Click on the Generate new token button | |
| The a/c must have the public_repo and repo:status | |
| Add the repo scope if you plan on handing private repos | |
| Add the admin_org:hook scope if you plan on handling a github org | |
| Place the generated oauth token in | |
| ,For more details goto: | |
| https://github.com/kubernetes/test-infra/blob/master/prow/getting_started_deploy.md#github-bot-account | |
| #+end_src |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment