hackclub/burrow
1
0
Fork 0
Code Pull requests Releases Packages Activity Actions

Normalize Namespace token file format
Some checks are pending
Build Rust / Cargo Test (push) Waiting to run
Details
Build Site / Next.js Build (push) Waiting to run
Details

Browse source
This commit is contained in:
Conrad Kramer 2026-03-18 22:15:34 -07:00
parent 5115eb831a
commit 251922da9e
2 changed files with 42 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

40
Scripts/provision-forgejo-nsc.sh
View file

@ -136,8 +136,46 @@ autoscaler_src="${REPO_ROOT}/services/forgejo-nsc/deploy/autoscaler.yaml"
if [[ "${REFRESH_TOKEN}" -eq 1 || ! -s "${token_file}" ]]; then if [[ "${REFRESH_TOKEN}" -eq 1 || ! -s "${token_file}" ]]; then
"${NSC_BIN}" auth check-login --duration 20m >/dev/null "${NSC_BIN}" auth check-login --duration 20m >/dev/null
"${NSC_BIN}" auth generate-dev-token --output_to "${token_file}" >/dev/null raw_token_file="$(mktemp)"
trap 'rm -f "${raw_token_file}"; cleanup' EXIT
"${NSC_BIN}" auth generate-dev-token --output_to "${raw_token_file}" >/dev/null
RAW_NSC_TOKEN_FILE="${raw_token_file}" TOKEN_FILE="${token_file}" python3 - <<'PY'
import json
import os
from pathlib import Path
raw = Path(os.environ["RAW_NSC_TOKEN_FILE"]).read_text(encoding="utf-8").strip()
if not raw:
raise SystemExit("generated Namespace token is empty")
Path(os.environ["TOKEN_FILE"]).write_text(
json.dumps({"bearer_token": raw}, indent=2) + "\n",
encoding="utf-8",
)
PY
rm -f "${raw_token_file}"
chmod 600 "${token_file}" chmod 600 "${token_file}"
elif [[ -s "${token_file}" ]]; then
TOKEN_FILE="${token_file}" python3 - <<'PY'
import json
import os
from pathlib import Path
path = Path(os.environ["TOKEN_FILE"])
raw = path.read_text(encoding="utf-8").strip()
if not raw:
raise SystemExit(0)
try:
parsed = json.loads(raw)
except json.JSONDecodeError:
parsed = None
if isinstance(parsed, dict) and isinstance(parsed.get("bearer_token"), str) and parsed["bearer_token"].strip():
raise SystemExit(0)
path.write_text(json.dumps({"bearer_token": raw}, indent=2) + "\n", encoding="utf-8")
PY
fi fi
webhook_secret="$(python3 - <<'PY' webhook_secret="$(python3 - <<'PY'

4
services/forgejo-nsc/README.md
View file

@ -154,7 +154,9 @@ instances:
For Burrow, use `Scripts/provision-forgejo-nsc.sh` to mint the Forgejo PAT, For Burrow, use `Scripts/provision-forgejo-nsc.sh` to mint the Forgejo PAT,
generate a Namespace token from the logged-in namespace account, and render the generate a Namespace token from the logged-in namespace account, and render the
dispatcher/autoscaler configs into `intake/forgejo_nsc_{dispatcher,autoscaler}.yaml` dispatcher/autoscaler configs into `intake/forgejo_nsc_{dispatcher,autoscaler}.yaml`
plus `intake/forgejo_nsc_token.txt`. plus `intake/forgejo_nsc_token.txt`. The token file is emitted as JSON with a
`bearer_token` field so both the Compute API path and the `nsc` CLI fallback can
consume the same secret material.
For ongoing operations, use `Scripts/sync-forgejo-nsc-config.sh`: For ongoing operations, use `Scripts/sync-forgejo-nsc-config.sh`: