From c291f370f3d7ec6e26254eb41a91c15d8ff2abc9 Mon Sep 17 00:00:00 2001 From: Anais Date: Sat, 20 Jan 2024 17:27:48 +0100 Subject: [PATCH] test github actions secret update --- .github/workflows/infrastructure.yml | 30 ++++++++++++++-------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/infrastructure.yml b/.github/workflows/infrastructure.yml index 214d9e7..9d2124c 100644 --- a/.github/workflows/infrastructure.yml +++ b/.github/workflows/infrastructure.yml @@ -18,7 +18,6 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 - # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. - name: Terraform id: terraform working-directory: deployement/datastore-deployment @@ -37,21 +36,22 @@ jobs: - name: Update Github actions secrets working-directory: deployement - env: - MONGODB_URI: ${{ steps.terraform.outputs.MONGODB_URI }} - POSTGRESQL_FQDN: ${{ steps.terraform.outputs.POSTGRESQL_FQDN }} - POSTGRESQL_ROOT_USERNAME: ${{ steps.terraform.outputs.POSTGRESQL_ROOT_USERNAME }} - POSTGRESQL_ROOT_PASSWORD: ${{ steps.terraform.outputs.POSTGRESQL_ROOT_PASSWORD }} - REGISTRY_PASSWORD: ${{ steps.terraform.outputs.REGISTRY_PASSWORD }} - REGISTRY_USERNAME: ${{ steps.terraform.outputs.REGISTRY_USERNAME }} - REGISTRY: ${{ steps.terraform.outputs.REGISTRY }} - REGISTRY_ID: ${{ steps.terraform.outputs.REGISTRY_ID }} run: | - keys=($MONGODB_URI $POSTGRESQL_FQDN $POSTGRESQL_ROOT_USERNAME $POSTGRESQL_ROOT_PASSWORD $REGISTRY_PASSWORD $REGISTRY_USERNAME $REGISTRY $REGISTRY_ID) - echo $POSTGRESQL_FQDN + declare -A keys + # keys["MONGODB_URI"]=${{ steps.terraform.outputs.MONGODB_URI }} + keys["POSTGRESQL_FQDN"]=${{ steps.terraform.outputs.POSTGRESQL_FQDN }} + # keys["POSTGRESQL_ROOT_USERNAME"]=${{ steps.terraform.outputs.POSTGRESQL_ROOT_USERNAME }} + # keys["POSTGRESQL_ROOT_PASSWORD"]=${{ steps.terraform.outputs.POSTGRESQL_ROOT_PASSWORD }} + # keys["REGISTRY_PASSWORD"]=${{ steps.terraform.outputs.REGISTRY_PASSWORD }} + # keys["REGISTRY_USERNAME"]=${{ steps.terraform.outputs.REGISTRY_USERNAME }} + # keys["REGISTRY"]=${{ steps.terraform.outputs.REGISTRY }} + # keys["REGISTRY_ID"]=${{ steps.terraform.outputs.REGISTRY_ID }} + public_key_info=$(curl -H "Authorization: token $ACCESS_TOKEN" -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/$ORG_NAME/$REPO_NAME/actions/secrets/public-key) public_key_value=$(echo "$public_key_info" | jq -r '.key') public_key_id=$(echo "$public_key_info" | jq -r '.key_id') - MONGODB_URI=$(python3 encrypt-secret.py $MONGODB_URI $public_key_value) - echo '{"encrypted_value":"'$MONGODB_URI'","key_id":"'$public_key_id'"}' > body.json - curl -L -X PUT -H "Accept: application/vnd.github+json" -H "Authorization: Bearer $ACCESS_TOKEN" -H "X-GitHub-Api-Version: 2022-11-28" https://api.github.com/repos/$ORG_NAME/$REPO_NAME/actions/secrets/MONGODB_URI -d @body.json \ No newline at end of file + for credential in "${!keys[@]}"; do + keys[$credential]=$(python3 encrypt-secret.py ${keys[$credential]} $public_key_value) + echo '{"encrypted_value":"'${keys[$credential]}'","key_id":"'$public_key_id'"}' > body.json + curl -L -X PUT -H "Accept: application/vnd.github+json" -H "Authorization: Bearer $ACCESS_TOKEN" -H "X-GitHub-Api-Version: 2022-11-28" https://api.github.com/repos/$ORG_NAME/$REPO_NAME/actions/secrets/$credential -d @body.json + done \ No newline at end of file