goors · October 17, 2024 14:31
diff --git a/github.sh b/github.sh
 #!/usr/bin/env bash

 sudo apt-get update
 sudo apt-get install -y python3-pip python3-venv
 python3 -m venv myenv
 source myenv/bin/activate && pip install pynacl

 # GitHub Repository
 repo_owner="readydataAG"
 repo_name="immoledo-rewrite"
 environment_name="preview"

 # GitHub Token with repo scope
 github_token=$1

 # API endpoint for creating or updating environment secrets
 api_url="https://api.github.com/repos/$repo_owner/$repo_name/environments/$environment_name/secrets"

 # Function to extract the p12 password
 extract_p12_password() {
  p12Password=$(sudo -i sh -c 'cd /usr/share/elasticsearch && bin/elasticsearch-keystore show xpack.security.http.ssl.keystore.secure_password')
  sudo -i sh -c "echo '$p12Password' > /home/azuser/p12Password"
  sudo chown azuser:azuser /home/azuser/p12Password
 }

 # Function to extract and encode the certificate
 extract_cert() {
  sudo -i sh -c 'cd /etc/elasticsearch/certs && base64 http_ca.crt > /home/azuser/http_ca.crt.base64'
  sudo chown azuser:azuser /home/azuser/http_ca.crt.base64
 }

 # Function to extract and encode the p12 file
 extract_p12() {
  sudo -i sh -c 'cd /etc/elasticsearch/certs && base64 http.p12 > /home/azuser/http.p12.base64'
  sudo chown azuser:azuser /home/azuser/http.p12.base64
 }

 # Function to get the repository's public key
 get_public_key() {
    response=$(curl -s -H "Authorization: Bearer $github_token" \
        -H "Accept: application/vnd.github.v3+json" \
        -H "X-GitHub-Api-Version 2022-11-28" \
        "$api_url/public-key")
    public_key=$(echo "$response" | jq -r '.key')
    key_id=$(echo "$response" | jq -r '.key_id')
    if [[ "$public_key" == "null" || -z "$public_key" ]]; then
        echo "Error fetching public key. Response: $response"
        exit 1
    fi
    echo "$public_key" "$key_id"
 }

 # Function to encrypt a secret using the repository's public key
 encrypt() {
    local secret_value="$1"
    local public_key_base64="$2"
    encrypted=$(source myenv/bin/activate && python encrypt.py $public_key_base64 $secret_value)
    echo "$encrypted"
 }

 # Function to set a secret
 set_secret() {

    local secret_name="$1"
    local secret_value="$2"
    local public_key="$3"
    local key_id="$4"


    read encrypted_value < <(encrypt "$secret_value" "$public_key")

    echo "Doing $secret_name"
    echo "Value $encrypted_value"

    http_code=$(curl -X PUT "$api_url/$secret_name" \
            -H "Authorization: token $github_token" \
            -H "Accept: application/vnd.github.v3+json" \
            -d "{\"encrypted_value\":\"$encrypted_value\",\"key_id\":\"$key_id\"}")

    echo $http_code

 }

 # Extract the secrets
 extract_p12_password
 extract_cert
 extract_p12

 # Wait for extraction to complete and then read the secrets
 certificate=/home/azuser/http_ca.crt.base64
 p12=/home/azuser/http.p12.base64
 p12_password=/home/azuser/p12Password

 # Get the public key and key_id for the repository
 read public_key key_id < <(get_public_key)

 # Set the secrets
 set_secret "ELASTIC_SEARCH_P12_PASSWORD" "$p12_password" "$public_key" "$key_id"
 set_secret "ELASTIC_SEARCH_CERTIFICATE" "$certificate" "$public_key" "$key_id"
 set_secret "ELASTIC_SEARCH_P12" "$p12" "$public_key" "$key_id"

 rm -f $certificate
 rm -f $p12
 rm -f $p12_password
 rm -rf myenv
	#!/usr/bin/env bash

	sudo apt-get update
	sudo apt-get install -y python3-pip python3-venv
	python3 -m venv myenv
	source myenv/bin/activate && pip install pynacl

	# GitHub Repository
	repo_owner="readydataAG"
	repo_name="immoledo-rewrite"
	environment_name="preview"

	# GitHub Token with repo scope
	github_token=$1

	# API endpoint for creating or updating environment secrets
	api_url="https://api.github.com/repos/$repo_owner/$repo_name/environments/$environment_name/secrets"

	# Function to extract the p12 password
	extract_p12_password() {
	p12Password=$(sudo -i sh -c 'cd /usr/share/elasticsearch && bin/elasticsearch-keystore show xpack.security.http.ssl.keystore.secure_password')
	sudo -i sh -c "echo '$p12Password' > /home/azuser/p12Password"
	sudo chown azuser:azuser /home/azuser/p12Password
	}

	# Function to extract and encode the certificate
	extract_cert() {
	sudo -i sh -c 'cd /etc/elasticsearch/certs && base64 http_ca.crt > /home/azuser/http_ca.crt.base64'
	sudo chown azuser:azuser /home/azuser/http_ca.crt.base64
	}

	# Function to extract and encode the p12 file
	extract_p12() {
	sudo -i sh -c 'cd /etc/elasticsearch/certs && base64 http.p12 > /home/azuser/http.p12.base64'
	sudo chown azuser:azuser /home/azuser/http.p12.base64
	}

	# Function to get the repository's public key
	get_public_key() {
	response=$(curl -s -H "Authorization: Bearer $github_token" \
	-H "Accept: application/vnd.github.v3+json" \
	-H "X-GitHub-Api-Version 2022-11-28" \
	"$api_url/public-key")
	public_key=$(echo "$response" \| jq -r '.key')
	key_id=$(echo "$response" \| jq -r '.key_id')
	if [[ "$public_key" == "null" \|\| -z "$public_key" ]]; then
	echo "Error fetching public key. Response: $response"
	exit 1
	fi
	echo "$public_key" "$key_id"
	}

	# Function to encrypt a secret using the repository's public key
	encrypt() {
	local secret_value="$1"
	local public_key_base64="$2"
	encrypted=$(source myenv/bin/activate && python encrypt.py $public_key_base64 $secret_value)
	echo "$encrypted"
	}

	# Function to set a secret
	set_secret() {

	local secret_name="$1"
	local secret_value="$2"
	local public_key="$3"
	local key_id="$4"


	read encrypted_value < <(encrypt "$secret_value" "$public_key")

	echo "Doing $secret_name"
	echo "Value $encrypted_value"

	http_code=$(curl -X PUT "$api_url/$secret_name" \
	-H "Authorization: token $github_token" \
	-H "Accept: application/vnd.github.v3+json" \
	-d "{\"encrypted_value\":\"$encrypted_value\",\"key_id\":\"$key_id\"}")

	echo $http_code

	}

	# Extract the secrets
	extract_p12_password
	extract_cert
	extract_p12

	# Wait for extraction to complete and then read the secrets
	certificate=/home/azuser/http_ca.crt.base64
	p12=/home/azuser/http.p12.base64
	p12_password=/home/azuser/p12Password

	# Get the public key and key_id for the repository
	read public_key key_id < <(get_public_key)

	# Set the secrets
	set_secret "ELASTIC_SEARCH_P12_PASSWORD" "$p12_password" "$public_key" "$key_id"
	set_secret "ELASTIC_SEARCH_CERTIFICATE" "$certificate" "$public_key" "$key_id"
	set_secret "ELASTIC_SEARCH_P12" "$p12" "$public_key" "$key_id"

	rm -f $certificate
	rm -f $p12
	rm -f $p12_password
	rm -rf myenv