hackclub/burrow
1
0
Fork 0
Code Pull requests Releases Packages Activity Actions

Stabilize forgejo namespace auth and secrets
Some checks failed
Build Apple / Build App (iOS Simulator) (push) Has been cancelled
Details
Build Rust / Cargo Test (push) Failing after 9s
Details
Build Site / Next.js Build (push) Failing after 8s
Details
Build Apple / Build App (macOS) (push) Has been cancelled
Details

Browse source
This commit is contained in:
Conrad Kramer 2026-03-19 04:08:10 -07:00
parent 5c0a9b3f54
commit 5b09f3a742
8 changed files with 59 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

21
Scripts/_burrow-secrets.sh
View file

@ -107,18 +107,25 @@ burrow_encrypt_secret_from_file() {
local secret_path="$2"
local source_path="$3"
local agenix_path
local identity_path
local backup_file=""
if [[ ! -s "${source_path}" ]]; then
echo "secret source missing or empty: ${source_path}" >&2
return 1
fi
agenix_path="$(burrow_secret_repo_path "${repo_root}" "${secret_path}")"
identity_path="$(burrow_agenix_identity_path "${repo_root}")"
if [[ -n "${identity_path}" ]]; then
nix --extra-experimental-features "nix-command flakes" run "${repo_root}#agenix" -- -e "${agenix_path}" -i "${identity_path}" < "${source_path}"
else
nix --extra-experimental-features "nix-command flakes" run "${repo_root}#agenix" -- -e "${agenix_path}" < "${source_path}"
if [[ -f "${secret_path}" ]]; then
backup_file="$(mktemp "${TMPDIR:-/tmp}/burrow-secret-backup.XXXXXX")"
cp "${secret_path}" "${backup_file}"
fi
rm -f "${secret_path}"
if ! nix --extra-experimental-features "nix-command flakes" run "${repo_root}#agenix" -- -e "${agenix_path}" < "${source_path}"; then
if [[ -n "${backup_file}" && -f "${backup_file}" ]]; then
mv "${backup_file}" "${secret_path}"
fi
return 1
fi
[[ -n "${backup_file}" ]] && rm -f "${backup_file}"
}