Many people are using private registries like AWS CodeArtifact to store critical code and distribute it within a controlled domain. Dependabot is a GitHub integrated tool that allows for dependency analysis with automatic pull requests and alerts for repositories. As the name suggests, private registries are only allowed to be accessed by people and systems that have access.
Until recently, Dependabot's only option to access private registries was to add secrets through the UI. Now they offer additional API operations for programmatically adding secrets to Dependabot.
This project aims to become a tool for people who are using AWS CodeArtifact and want to use Dependabot with it. The codeartifact-dependabot-sync enables you to automatically update your secret every 10 hours.
The following instructions show how to setup the environment to run this code within a given environment.
-
A fresh install of Golang 1.17. Please follow these instructions from the official documentation
foo@bar:~$ go version go version go1.17.6 darwin/amd64
-
A GitHub App that has access to Dependabot Secrets for your Repo or Organization. Official docs
-
clone the repo
git clone https://github.com/TierMobility/codeartifact-dependabot-sync cd codeartifact-dependabot-sync
-
(optional) get all modules
export GO111MODULE=on go get .
-
Build it
GO111MODULE=on go build . -o /codeartifact-dependabot-sync
the tool runs indefinitely until the process is killed. This can be dissabled by setting the
DAEMON
option tofalse
.
-
Key Description CODEARTIFACT_DOMAIN_OWNER Owner (AWS acc) for the AWS CodeArtifact domain. Also used when using CodeArtifact with AWS Cli CODEARTIFACT_DURATION Duration of the AWS CodeArtifact authToken. CODEARTIFACT_DOMAIN AWS CodeArtifact Domain for which access is required. Also used when using CodeArtifact with AWS Cli DEPENDABOT_ORG The GitHub organization for which the secret should be created GITHUB_PRIVATE_KEY GitHub secret for GitHub App authentication GITHUB_APP_ID The ID of the GitHub App used for authentication GITHUB_APP_TOKEN GitHub App token used for encrypting secrets -
Using env variables
-
Setup environment variables regarding point 1 from installation
-
./codeartifact-dependabot-sync
-
-
Using flags
-
The flags for the tool are the same as demonstrated in point 1 from installation.
# Get all the flags and their descriptions: ./codeartifact-dependabot-sync -h # run it with flag data ./codeartifact-dependabot-sync -DEPENDABOT-ORG=exampleOrg ...
-