Wire namespace caches and agenix secrets
This commit is contained in:
Conrad Kramer
parent
5bd95b7a7c
commit
028627bfcb
8 changed files with 66 additions and 102 deletions
|
|
@ -28,7 +28,6 @@ Options:
|
|||
--contact-user <name> Forgejo username used for PAT creation (default: contact)
|
||||
--scope-owner <name> Forgejo org/user owner for the default NSC scope (default: hackclub)
|
||||
--scope-name <name> Forgejo repository name for the default NSC scope (default: burrow)
|
||||
--write-intake Also write plaintext runtime inputs to intake/ for local debugging.
|
||||
-h, --help Show this help text.
|
||||
EOF
|
||||
}
|
||||
|
|
@ -43,7 +42,6 @@ CONTACT_USER="${FORGEJO_CONTACT_USER:-contact}"
|
|||
SCOPE_OWNER="${FORGEJO_SCOPE_OWNER:-hackclub}"
|
||||
SCOPE_NAME="${FORGEJO_SCOPE_NAME:-burrow}"
|
||||
BURROW_FLAKE_TMPDIRS=()
|
||||
WRITE_INTAKE=0
|
||||
TMP_DIR=""
|
||||
|
||||
cleanup() {
|
||||
|
|
@ -87,10 +85,6 @@ while [[ $# -gt 0 ]]; do
|
|||
SCOPE_NAME="${2:?missing value for --scope-name}"
|
||||
shift 2
|
||||
;;
|
||||
--write-intake)
|
||||
WRITE_INTAKE=1
|
||||
shift
|
||||
;;
|
||||
-h|--help)
|
||||
usage
|
||||
exit 0
|
||||
|
|
@ -174,8 +168,6 @@ PY
|
|||
chmod 600 "${token_file}"
|
||||
elif [[ -f "${token_secret}" ]]; then
|
||||
burrow_decrypt_age_secret_to_temp "${REPO_ROOT}" "${token_secret}" > "${token_file}"
|
||||
elif [[ -s "${REPO_ROOT}/intake/forgejo_nsc_token.txt" ]]; then
|
||||
cp "${REPO_ROOT}/intake/forgejo_nsc_token.txt" "${token_file}"
|
||||
fi
|
||||
|
||||
if [[ -s "${token_file}" ]]; then
|
||||
|
|
@ -298,20 +290,5 @@ burrow_encrypt_secret_from_file "${REPO_ROOT}" "${token_secret}" "${token_file}"
|
|||
burrow_encrypt_secret_from_file "${REPO_ROOT}" "${dispatcher_secret}" "${dispatcher_out}"
|
||||
burrow_encrypt_secret_from_file "${REPO_ROOT}" "${autoscaler_secret}" "${autoscaler_out}"
|
||||
|
||||
if [[ "${WRITE_INTAKE}" -eq 1 ]]; then
|
||||
mkdir -p "${REPO_ROOT}/intake"
|
||||
chmod 700 "${REPO_ROOT}/intake"
|
||||
cp "${token_file}" "${REPO_ROOT}/intake/forgejo_nsc_token.txt"
|
||||
cp "${dispatcher_out}" "${REPO_ROOT}/intake/forgejo_nsc_dispatcher.yaml"
|
||||
cp "${autoscaler_out}" "${REPO_ROOT}/intake/forgejo_nsc_autoscaler.yaml"
|
||||
chmod 600 \
|
||||
"${REPO_ROOT}/intake/forgejo_nsc_token.txt" \
|
||||
"${REPO_ROOT}/intake/forgejo_nsc_dispatcher.yaml" \
|
||||
"${REPO_ROOT}/intake/forgejo_nsc_autoscaler.yaml"
|
||||
fi
|
||||
|
||||
echo "Updated secrets/forgejo/{nsc-token,nsc-dispatcher-config,nsc-autoscaler-config}.age."
|
||||
if [[ "${WRITE_INTAKE}" -eq 1 ]]; then
|
||||
echo "Also refreshed intake/forgejo_nsc_{token,dispatcher,autoscaler} for local debugging."
|
||||
fi
|
||||
echo "Minted Forgejo PAT ${token_name} for ${CONTACT_USER} on ${HOST}."
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue