-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathconfigure-github-secrets.sh
62 lines (51 loc) · 2.13 KB
/
configure-github-secrets.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
#!/bin/sh
# for debugging, use `set -eux` instead of `set -eu`
set -eu
# verify the GitHub CLI is installed
if ! command -v gh > /dev/null 2>&1; then
echo "GitHub CLI is not installed. Please install it first."
echo "https://cli.github.com/"
exit 1
fi
# type GitHub environment name
echo "Enter the name of the GitHub environment: (e.g. 'ci', 'development', 'production')"
printf "GITHUB_ENV_NAME="
read -r GITHUB_ENV_NAME
# type your github repository
echo "Enter the name of the GitHub repository: (e.g. 'ks6088ts-labs/baseline-environment-on-azure-terraform')"
printf "GITHUB_REPOSITORY="
read -r GITHUB_REPOSITORY
# type the name of the application
echo "Enter the name of the application: (e.g. 'baseline-environment-on-azure-terraform_ci')"
printf "APP_NAME="
read -r APP_NAME
APPLICATION_ID=$(az ad sp list --display-name "$APP_NAME" --query "[0].appId" --output tsv)
SUBSCRIPTION_ID=$(az account show --query id --output tsv)
SUBSCRIPTION_NAME=$(az account show --query name --output tsv)
TENANT_ID=$(az account show --query tenantId --output tsv)
echo "Are you sure you want to set the following secrets?"
echo "> APPLICATION_ID: $APPLICATION_ID"
echo "> SUBSCRIPTION_ID: $SUBSCRIPTION_ID"
echo "> SUBSCRIPTION_NAME: $SUBSCRIPTION_NAME"
echo "> TENANT_ID: $TENANT_ID"
echo "> GITHUB_ENV_NAME: $GITHUB_ENV_NAME"
echo "> GITHUB_REPOSITORY: $GITHUB_REPOSITORY"
# type `y` to proceed
printf "Do you want to proceed? [y/N]: "
read -r response
if [ "$response" != "y" ]; then
echo "Operation aborted."
exit 1
fi
# (Optional) Azure sign in
# gh auth login
# Create a new environment
# https://github.com/cli/cli/issues/5149
# https://stackoverflow.com/a/71388564/4457856
gh api --method PUT -H "Accept: application/vnd.github+json" \
repos/"$GITHUB_REPOSITORY"/environments/"$GITHUB_ENV_NAME"
# Set secrets for the environment
gh secret set --env "$GITHUB_ENV_NAME" ARM_CLIENT_ID --body "$APPLICATION_ID"
gh secret set --env "$GITHUB_ENV_NAME" ARM_SUBSCRIPTION_ID --body "$SUBSCRIPTION_ID"
gh secret set --env "$GITHUB_ENV_NAME" ARM_TENANT_ID --body "$TENANT_ID"
gh secret set --env "$GITHUB_ENV_NAME" ARM_USE_OIDC --body "true"