-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathset_secrets.sh
More file actions
executable file
·189 lines (167 loc) · 8.66 KB
/
set_secrets.sh
File metadata and controls
executable file
·189 lines (167 loc) · 8.66 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
#!/usr/bin/env bash
check_gh_logged_in() {
if ! gh auth status >/dev/null 2>&1; then
echo "You need to login using gh auth login"
exit 1
fi
}
set_repository_secret() {
secret_name=$1
secret_value=$2
app=$3
if [ -z "${secret_value}" ]; then
echo "value passed for secret ${secret_name} is unset or set to the empty string. Not setting"
return 0
fi
echo
echo "*****************************************"
echo
echo "setting value for ${secret_name}"
echo "secret_value: ${secret_value}"
read -r -p "Press Enter to set secret or ctrl+c to exit"
gh secret set "${secret_name}" \
--repo NHSDigital/eps-prescription-tracker-ui \
--app "${app}" \
--body "${secret_value}"
}
set_environment_secret() {
secret_name=$1
secret_value=$2
environment=$3
if [ -z "${secret_value}" ]; then
echo "value passed for secret ${secret_name} is unset or set to the empty string. Not setting"
return 0
fi
echo
echo "*****************************************"
echo
echo "setting value for ${secret_name} in environment ${environment}"
echo "secret_value: ${secret_value}"
read -r -p "Press Enter to set secret or ctrl+c to exit"
gh secret set "${secret_name}" \
--repo NHSDigital/eps-prescription-tracker-ui \
--env "${environment}" \
--body "${secret_value}"
}
set_repository_private_key_secret() {
secret_name=$1
private_key_file_name=$2
github_app=$3
private_key=$(cat "${private_key_file_name}")
if [ -z "${private_key}" ]; then
echo "private_key is unset or set to the empty string"
exit 1
fi
set_repository_secret "${secret_name}" "${private_key}" "${github_app}"
}
set_environment_private_key_secret() {
secret_name=$1
private_key_file_name=$2
environment=$3
private_key=$(cat "${private_key_file_name}")
if [ -z "${private_key}" ]; then
echo "private_key is unset or set to the empty string"
exit 1
fi
set_environment_secret "${secret_name}" "${private_key}" "${environment}"
}
get_deploy_role() {
environment=$1
# shellcheck disable=SC2016
CLOUD_FORMATION_DEPLOY_ROLE=$(aws cloudformation list-exports \
--profile prescription-"${environment}" \
--query 'Exports[?Name==`ci-resources:CloudFormationDeployRole`].Value' \
--output text)
echo "${CLOUD_FORMATION_DEPLOY_ROLE}"
}
get_cdk_image_pull_role() {
environment=$1
# shellcheck disable=SC2016
CDK_PULL_IMAGE_ROLE=$(aws cloudformation list-exports \
--profile prescription-"${environment}" \
--query 'Exports[?Name==`ci-resources:CDKPullImageRole`].Value' \
--output text)
echo "${CDK_PULL_IMAGE_ROLE}"
}
check_gh_logged_in
# dev and dev-pr
DEV_DEPLOY_ROLE=$(get_deploy_role dev)
DEV_CDK_PULL_IMAGE_ROLE=$(get_cdk_image_pull_role dev)
set_environment_secret CDK_PULL_IMAGE_ROLE "${DEV_CDK_PULL_IMAGE_ROLE}" dev-pr
set_environment_secret CLOUD_FORMATION_DEPLOY_ROLE "${DEV_DEPLOY_ROLE}" dev-pr
set_environment_secret CIS2_OIDC_CLIENT_ID "${DEV_CIS2_OIDC_CLIENT_ID}" dev-pr
set_environment_secret MOCK_OIDC_CLIENT_ID "${DEV_MOCK_CLIENT_ID}" dev-pr
set_environment_private_key_secret JWT_PRIVATE_KEY ".secrets/eps-cpt-ui-dev.pem" dev-pr
set_environment_secret APIGEE_API_KEY "${APIGEE_DEV_API_KEY}" dev-pr
set_environment_secret APIGEE_API_SECRET "${APIGEE_DEV_API_SECRET}" dev-pr
set_environment_secret APIGEE_DOHS_API_KEY "${APIGEE_PTL_DOHS_API_KEY}" dev-pr
set_environment_secret CLOUDFRONT_ORIGIN_CUSTOM_HEADER "$(uuidgen)" dev-pr
set_environment_private_key_secret REGRESSION_TESTS_PEM ".secrets/eps-regression-testing.private-key.pem" dev-pr
set_repository_secret CDK_PULL_IMAGE_ROLE "${DEV_CDK_PULL_IMAGE_ROLE}" dependabot
set_repository_secret CLOUD_FORMATION_DEPLOY_ROLE "${DEV_DEPLOY_ROLE}" dependabot
set_repository_secret CIS2_OIDC_CLIENT_ID "${DEV_CIS2_OIDC_CLIENT_ID}" dependabot
set_repository_secret MOCK_OIDC_CLIENT_ID "${DEV_MOCK_CLIENT_ID}" dependabot
set_repository_private_key_secret JWT_PRIVATE_KEY ".secrets/eps-cpt-ui-dev.pem" dependabot
set_repository_secret APIGEE_API_KEY "${APIGEE_DEV_API_KEY}" dependabot
set_repository_secret APIGEE_API_SECRET "${APIGEE_DEV_API_SECRET}" dependabot
set_repository_secret APIGEE_DOHS_API_KEY "${APIGEE_PTL_DOHS_API_KEY}" dependabot
set_repository_secret CLOUDFRONT_ORIGIN_CUSTOM_HEADER "$(uuidgen)" dependabot
set_repository_private_key_secret REGRESSION_TESTS_PEM ".secrets/eps-regression-testing.private-key.pem" dependabot
set_environment_secret CDK_PULL_IMAGE_ROLE "${DEV_CDK_PULL_IMAGE_ROLE}" dev
set_environment_secret CLOUD_FORMATION_DEPLOY_ROLE "${DEV_DEPLOY_ROLE}" dev
set_environment_secret CIS2_OIDC_CLIENT_ID "${DEV_CIS2_OIDC_CLIENT_ID}" dev
set_environment_secret MOCK_OIDC_CLIENT_ID "${DEV_MOCK_CLIENT_ID}" dev
set_environment_private_key_secret JWT_PRIVATE_KEY ".secrets/eps-cpt-ui-dev.pem" dev
set_environment_secret APIGEE_API_KEY "${APIGEE_DEV_API_KEY}" dev
set_environment_secret APIGEE_API_SECRET "${APIGEE_DEV_API_SECRET}" dev
set_environment_secret APIGEE_DOHS_API_KEY "${APIGEE_PTL_DOHS_API_KEY}" dev
set_environment_secret CLOUDFRONT_ORIGIN_CUSTOM_HEADER "$(uuidgen)" dev
set_environment_private_key_secret REGRESSION_TESTS_PEM ".secrets/eps-regression-testing.private-key.pem" dev
QA_DEPLOY_ROLE=$(get_deploy_role qa)
QA_CDK_PULL_IMAGE_ROLE=$(get_cdk_image_pull_role qa)
set_environment_secret CDK_PULL_IMAGE_ROLE "${QA_CDK_PULL_IMAGE_ROLE}" qa
set_environment_secret CLOUD_FORMATION_DEPLOY_ROLE "${QA_DEPLOY_ROLE}" qa
set_environment_secret CIS2_OIDC_CLIENT_ID "${QA_CIS2_OIDC_CLIENT_ID}" qa
set_environment_secret MOCK_OIDC_CLIENT_ID "${QA_MOCK_CLIENT_ID}" qa
set_environment_private_key_secret JWT_PRIVATE_KEY ".secrets/eps-cpt-ui-qa.pem" qa
set_environment_secret APIGEE_API_KEY "${APIGEE_QA_API_KEY}" qa
set_environment_secret APIGEE_API_SECRET "${APIGEE_QA_API_SECRET}" qa
set_environment_secret APIGEE_DOHS_API_KEY "${APIGEE_PTL_DOHS_API_KEY}" qa
set_environment_secret CLOUDFRONT_ORIGIN_CUSTOM_HEADER "$(uuidgen)" qa
set_environment_private_key_secret REGRESSION_TESTS_PEM ".secrets/eps-regression-testing.private-key.pem" qa
REF_DEPLOY_ROLE=$(get_deploy_role ref)
REF_CDK_PULL_IMAGE_ROLE=$(get_cdk_image_pull_role ref)
set_environment_secret CDK_PULL_IMAGE_ROLE "${REF_CDK_PULL_IMAGE_ROLE}" ref
set_environment_secret CLOUD_FORMATION_DEPLOY_ROLE "${REF_DEPLOY_ROLE}" ref
set_environment_secret CIS2_OIDC_CLIENT_ID "${QA_CIS2_OIDC_CLIENT_ID}" ref
set_environment_secret MOCK_OIDC_CLIENT_ID "${QA_MOCK_CLIENT_ID}" ref
set_environment_private_key_secret JWT_PRIVATE_KEY ".secrets/eps-cpt-ui-ref.pem" ref
set_environment_secret APIGEE_API_KEY "${APIGEE_QA_API_KEY}" ref
set_environment_secret APIGEE_API_SECRET "${APIGEE_QA_API_SECRET}" ref
set_environment_secret APIGEE_DOHS_API_KEY "${APIGEE_PTL_DOHS_API_KEY}" ref
set_environment_secret CLOUDFRONT_ORIGIN_CUSTOM_HEADER "$(uuidgen)" ref
set_environment_private_key_secret REGRESSION_TESTS_PEM ".secrets/eps-regression-testing.private-key.pem" ref
INT_DEPLOY_ROLE=$(get_deploy_role int)
INT_CDK_PULL_IMAGE_ROLE=$(get_cdk_image_pull_role int)
set_environment_secret CDK_PULL_IMAGE_ROLE "${INT_CDK_PULL_IMAGE_ROLE}" int
set_environment_secret CLOUD_FORMATION_DEPLOY_ROLE "${INT_DEPLOY_ROLE}" int
set_environment_secret CIS2_OIDC_CLIENT_ID "${INT_CIS2_OIDC_CLIENT_ID}" int
set_environment_secret MOCK_OIDC_CLIENT_ID "${INT_MOCK_CLIENT_ID}" int
set_environment_private_key_secret JWT_PRIVATE_KEY ".secrets/eps-cpt-ui-int.pem" int
set_environment_secret APIGEE_API_KEY "${APIGEE_INT_API_KEY}" int
set_environment_secret APIGEE_API_SECRET "${APIGEE_INT_API_SECRET}" int
set_environment_secret APIGEE_DOHS_API_KEY "${APIGEE_PTL_DOHS_API_KEY}" int
set_environment_secret CLOUDFRONT_ORIGIN_CUSTOM_HEADER "$(uuidgen)" int
set_environment_private_key_secret REGRESSION_TESTS_PEM ".secrets/eps-regression-testing.private-key.pem" int
PROD_DEPLOY_ROLE=$(get_deploy_role prod)
PROD_CDK_PULL_IMAGE_ROLE=$(get_cdk_image_pull_role prod)
set_environment_secret CDK_PULL_IMAGE_ROLE "${PROD_CDK_PULL_IMAGE_ROLE}" prod
set_environment_secret CLOUD_FORMATION_DEPLOY_ROLE "${PROD_DEPLOY_ROLE}" prod
set_environment_secret CIS2_OIDC_CLIENT_ID "${PROD_CIS2_OIDC_CLIENT_ID}" prod
set_environment_secret MOCK_OIDC_CLIENT_ID "${PROD_MOCK_CLIENT_ID}" prod
set_environment_private_key_secret JWT_PRIVATE_KEY ".secrets/eps-cpt-ui-prod.pem" prod
set_environment_secret APIGEE_API_KEY "${APIGEE_PROD_API_KEY}" prod
set_environment_secret APIGEE_API_SECRET "${APIGEE_PROD_API_SECRET}" prod
set_environment_secret APIGEE_DOHS_API_KEY "${APIGEE_PROD_DOHS_API_KEY}" prod
set_environment_secret CLOUDFRONT_ORIGIN_CUSTOM_HEADER "$(uuidgen)" prod
set_environment_private_key_secret REGRESSION_TESTS_PEM ".secrets/eps-regression-testing.private-key.pem" prod