-
Notifications
You must be signed in to change notification settings - Fork 0
/
cert-github-publisher.sh
executable file
·80 lines (66 loc) · 2.03 KB
/
cert-github-publisher.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
#!/bin/sh
set -e
if test -z "$GITHUB_APP_ID"; then
echo "GITHUB_APP_ID" not set.
exit 1
fi
if test -z "$GITHUB_APP_INSTALLATION_ID"; then
echo "GITHUB_APP_INSTALLATION_ID" not set.
exit 1
fi
if test -z "$GITHUB_APP_PRIVATEKEY"; then
echo "GITHUB_APP_PRIVATEKEY" not set.
exit 1
fi
if test -z "$GITHUB_REPO"; then
echo "GITHUB_REPO" not set.
exit 1
fi
if test -z "$UPDATE_YAML_FILE"; then
echo "UPDATE_YAML_FILE" not set.
exit 1
fi
if test -z "$UPDATE_YAML_PATH_EXPRESSION"; then
echo "UPDATE_YAML_PATH_EXPRESSION" not set.
exit 1
fi
: "${SEALEDSECRETS_CONTROLLER_NAMESPACE:=kube-system}"
: "${SEALEDSECRETS_CONTROLLER_NAME:=sealed-secrets-controller}"
: "${SEALEDSECRETS_CONTROLLER_CERT_URL:=}"
: "${COMMIT_TITLE:=chore: update sealedsecret cert}"
: "${BRANCH_PREFIX:=chore/sealedsecret-cert/}"
: "${PR_LABELS:=chore,sealedsecrets}"
: "${PR_ASSIGNEES:=}"
: "${PR_REVIEWERS:=}"
: "${PR_TEAM_REVIEWERS:=}"
: "${PR_BASE_BRANCH:=main}"
: "${PR_MERGE:=false}"
: "${PR_MERGE_METHOD:=squash}"
set -x
kubeseal \
--controller-namespace "$SEALEDSECRETS_CONTROLLER_NAMESPACE" \
--controller-name "$SEALEDSECRETS_CONTROLLER_NAME" \
--cert "$SEALEDSECRETS_CONTROLLER_CERT_URL" \
--fetch-cert > /tmp/cert.pem
set +x
SS_CERT="$(cat /tmp/cert.pem)"
export SS_CERT GITHUB_APP_ID GITHUB_INSTALLATION_ID="$GITHUB_APP_INSTALLATION_ID" GITHUB_PRIVATEKEY="$GITHUB_APP_PRIVATEKEY"
set -x
octopilot \
--fail-on-error \
--log-level debug \
--github-auth-method app \
--git-stage-all-changed=false \
--repo "$GITHUB_REPO" \
--update "yq(file=$UPDATE_YAML_FILE,expression='$UPDATE_YAML_PATH_EXPRESSION = strenv(SS_CERT)',create=true)" \
--git-stage-pattern "$UPDATE_YAML_FILE" \
--git-commit-title "$COMMIT_TITLE" \
--git-branch-prefix "$BRANCH_PREFIX" \
--pr-labels "$PR_LABELS" \
--pr-assignees "$PR_ASSIGNEES" \
--pr-reviewers "$PR_REVIEWERS" \
--pr-team-reviewers "$PR_TEAM_REVIEWERS" \
--pr-base-branch "$PR_BASE_BRANCH" \
--pr-base-branch "$PR_BASE_BRANCH" \
--pr-merge="$PR_MERGE" \
--pr-merge-method "$PR_MERGE_METHOD"