Calvin test branch #101
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Migrate environments | |
| on: | |
| pull_request: | |
| types: [opened, reopened, synchronize] | |
| jobs: | |
| migrate: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Get Deployment Environments from Source Repo | |
| id: get-envs | |
| uses: actions/github-script@v7 | |
| with: | |
| result-encoding: json | |
| script: | | |
| const response = await github.rest.repos.getAllEnvironments({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| }); | |
| console.log(response.data); | |
| return response.data; | |
| - name: Create Deployment Environments in Target Repo | |
| uses: actions/github-script@v7 | |
| with: | |
| github-token: ${{ secrets.GH_PAT }} | |
| script: | | |
| const environments = ${{ steps.get-envs.outputs.result }}; | |
| for (const env of environments.environments) { | |
| let wait_timer; | |
| if (env.protection_rules) { | |
| env.protection_rules.forEach((rule) => { | |
| if (rule.type === 'wait_timer') { | |
| wait_timer = rule.wait_timer; | |
| } | |
| }); | |
| } | |
| env.wait_timer = wait_timer; | |
| const protected_branches = env.deployment_branch_policy ? env.deployment_branch_policy.protected_branches : null; | |
| const custom_branch_policies = env.deployment_branch_policy ? env.deployment_branch_policy.custom_branch_policies : null; | |
| await github.rest.repos.createOrUpdateEnvironment({ | |
| owner: context.repo.owner, | |
| repo: 'calvin-test', | |
| environment_name: env.name, | |
| deployment_branch_policy: env.deployment_branch_policy ? { | |
| protected_branches: protected_branches, | |
| custom_branch_policies: custom_branch_policies, | |
| } : null, | |
| wait_timer: env.wait_timer, | |
| }); | |
| } | |
| - name: Gather Environment Secrets | |
| id: get-sec | |
| uses: actions/github-script@v7 | |
| with: | |
| result-encoding: json | |
| github-token: ${{ secrets.GH_PAT }} | |
| script: | | |
| const response = ${{ steps.get-envs.outputs.result }}; | |
| let envs = []; | |
| for (const env of response.environments) { | |
| let envObj = { | |
| name: env.name, | |
| secrets: [], | |
| key_id: '', | |
| key: '', | |
| }; | |
| const repoID = await github.rest.repos.get({ | |
| owner: 'liatrio-enterprise', | |
| repo: 'environment-migration-test', | |
| }); | |
| console.log(repoID.data.id); | |
| const secretsResponse = await github.rest.actions.listEnvironmentSecrets({ | |
| repository_id: repoID.data.id, | |
| environment_name: env.name | |
| }); | |
| const keyResponse = await github.rest.actions.getEnvironmentPublicKey({ | |
| repository_id: repoID.data.id, | |
| environment_name: env.name, | |
| }); | |
| envObj.key_id = keyResponse.data.key_id; | |
| envObj.key = keyResponse.data.key; | |
| console.log(JSON.stringify(secretsResponse)); | |
| console.log(secretsResponse.data.secrets); | |
| console.log(keyResponse.data); | |
| for (const secret of secretsResponse.data.secrets) { | |
| console.log(secret.name); | |
| // Get the value of the secret | |
| const secretValue = await github.rest.actions.getEnvironmentSecret({ | |
| repository_id: repoID.data.id, | |
| environment_name: env.name, | |
| secret_name: secret.name, | |
| }); | |
| envObj.secrets.push({ | |
| name: secret.name, | |
| value: secretValue.data | |
| }); | |
| console.log(secretValue.data); | |
| envs.push(envObj); | |
| } | |
| } | |
| console.log(JSON.stringify(envs)); | |
| return envs; | |
| - name: Use Node.js | |
| uses: actions/setup-node@v2 | |
| with: | |
| node-version: '18' | |
| - name: Install dependencies | |
| run: npm install libsodium-wrappers | |
| - name: Run script and capture output | |
| id: encrypt | |
| run: | | |
| const sodium = require('libsodium-wrappers'); | |
| const envList = ${{ steps.get-sec.outputs.result }}; | |
| envs = []; | |
| for (const env of envList) { | |
| let envObj = { | |
| name: env.name, | |
| secrets: env.secrets, | |
| key_id: env.key_id, | |
| key: env.key, | |
| encryptedSecret: '', | |
| }; | |
| const secret = 'BRUH' | |
| const key = env.key; | |
| sodium.ready.then(() => { | |
| let binkey = sodium.from_base64(key, sodium.base64_variants.ORIGINAL) | |
| let binsec = sodium.from_string(secret) | |
| let encBytes = sodium.crypto_box_seal(binsec, binkey) | |
| let output = sodium.to_base64(encBytes, sodium.base64_variants.ORIGINAL) | |
| envObj.encryptedSecret = output; | |
| envs.push(envObj); | |
| }); | |
| } | |
| conssole.log(JSON.stringify(envs)); | |
| return envs; | |
| - name: Migrate Environment Secrets | |
| uses: actions/github-script@v7 | |
| with: | |
| result-encoding: json | |
| github-token: ${{ secrets.GH_PAT }} | |
| script: | | |
| const envs = ${{ steps.get-sec.outputs.result }}; | |
| console.log(JSON.stringify(envs)); | |
| const repoID = await github.rest.repos.get({ | |
| owner: 'liatrio-enterprise', | |
| repo: 'calvin-test', | |
| }); | |
| const temp = 'S0LZjwp5CEf7SDF5YUKUuqnUlQ75pNMPMmtHaLTLeg96OOotB7hfAlLpi1eB1sBZz/REjQ=='; | |
| for (const env of envs) { | |
| for (const sec of env.secrets){ | |
| // Migrate the secret to the target repository | |
| const secretResponse = await github.rest.actions.createOrUpdateEnvironmentSecret({ | |
| repository_id: repoID.data.id, | |
| environment_name: env.name, | |
| secret_name: sec.name, | |
| encrypted_value: temp, | |
| key_id: env.key_id, | |
| }); | |
| console.log(secretResponse.data); | |
| } | |
| } | |
| - name: Generate Issues for Each Environment | |
| uses: actions/github-script@v7 | |
| with: | |
| result-encoding: json | |
| github-token: ${{ secrets.GH_PAT }} | |
| script: | | |
| const envs = ${{ steps.get-sec.outputs.result }}; | |
| for (const env of envs) { | |
| let issueBody = `Please update the following secrets for the ${env.name} environment:\n`; | |
| for (const sec of env.secrets) { | |
| issueBody += `- [ ] ${sec.name}\n`; | |
| } | |
| issueBody += `\n\nOnce the secrets have been updated, please close this issue.`; | |
| const issueResut = await github.rest.issues.create({ | |
| owner: 'liatrio-enterprise', | |
| repo: 'calvin-test', | |
| title: 'Update secrets for environment: ' + env.name, | |
| body: issueBody, | |
| }); | |
| console.log(issueResut.data); | |
| } | |
| - name: Gather Environment Variables | |
| id: get-vars | |
| uses: actions/github-script@v7 | |
| with: | |
| result-encoding: json | |
| github-token: ${{ secrets.GH_PAT }} | |
| script: | | |
| const response = ${{ steps.get-envs.outputs.result }}; | |
| let envs = []; | |
| for (const env of response.environments) { | |
| let envObj = { | |
| name: env.name, | |
| vars: [] | |
| }; | |
| const repoID = await github.rest.repos.get({ | |
| owner: 'liatrio-enterprise', | |
| repo: 'environment-migration-test', | |
| }); | |
| console.log(repoID.data.id); | |
| const variablesResponse = await github.rest.actions.listEnvironmentVariables({ | |
| repository_id: repoID.data.id, | |
| environment_name: env.name, | |
| }); | |
| console.log(JSON.stringify(variablesResponse)); | |
| console.log(variablesResponse.data.variables); | |
| for (const variable of variablesResponse.data.variables) { | |
| console.log(variable.name); | |
| envObj.vars.push({ | |
| name: variable.name, | |
| value: variable.value | |
| }); | |
| envs.push(envObj); | |
| } | |
| } | |
| console.log(JSON.stringify(envs)); | |
| return envs; | |
| - name: Migrate Environment Variables | |
| uses: actions/github-script@v7 | |
| with: | |
| result-encoding: json | |
| github-token: ${{ secrets.GH_PAT }} | |
| script: | | |
| const envs = ${{ steps.get-vars.outputs.result }}; | |
| console.log(JSON.stringify(envs)); | |
| for (const env of envs) { | |
| const repoID = await github.rest.repos.get({ | |
| owner: 'liatrio-enterprise', | |
| repo: 'calvin-test', | |
| }); | |
| for (const variable of env.vars){ | |
| // Migrate the variable to the target repository | |
| const variableResponse = await github.rest.actions.createEnvironmentVariable({ | |
| repository_id: repoID.data.id, | |
| environment_name: env.name, | |
| name: variable.name, | |
| value: variable.value, | |
| }); | |
| console.log(variableResponse.data); | |
| } | |
| } | |