Skip to content

Commit 12d67b2

Browse files
ajasnoszajasnosz
committed
chore: add encoding
1 parent 6cb4d52 commit 12d67b2

File tree

3 files changed

+25
-25
lines changed

3 files changed

+25
-25
lines changed

.github/pre-req.sh

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,8 @@ sudo apt-get update
1010
sudo apt-get install apt-transport-https ca-certificates
1111
sudo apt-get install cf-cli
1212
#CF Login
13-
cf login --skip-ssl-validation -a $API_ENDPOINT -u $API_USER -p $API_PASSWORD
13+
API_PASSWORD_DEC=$(echo $API_PASSWORD | openssl aes-256-cbc -d -a -pass pass:$ENCRYPT_KEY)
14+
cf login --skip-ssl-validation -a $API_ENDPOINT -u $API_USER -p $API_PASSWORD_DEC
1415

1516
#Create splunk-ci org and space
1617
if [ "`cf o | grep "splunk-ci-org"`" == "splunk-ci-org" ]; then
@@ -26,7 +27,8 @@ fi
2627

2728
gem install cf-uaac
2829
uaac target $API_UAA_ENDPOINT --skip-ssl-validation
29-
uaac token client get $API_USER -s $API_CLIENT_PASSWORD
30+
API_CLIENT_PASSWORD_DEC=$(echo $API_CLIENT_PASSWORD | openssl aes-256-cbc -d -a -pass pass:$ENCRYPT_KEY)
31+
uaac token client get $API_USER -s $API_CLIENT_PASSWORD_DEC
3032

3133
if [ $(uaac client get $CLIENT_ID | grep -woc $CLIENT_ID) -eq 0 ]; then
3234
uaac client add $CLIENT_ID --name splunk-firehose --secret $CLIENT_SECRET --authorized_grant_types client_credentials,refresh_token --authorities doppler.firehose,cloud_controller.admin_read_only

.github/update_manifest.sh

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,10 +2,11 @@
22
set -e
33
#Set below params in github env variable settings
44
# API_ENDPOINT, API_USER, API_PASSWORD, SPLUNK_TOKEN, SPLUNK_HOST, SPLUNK_INDEX, SPLUNK_METRIC_INDEX
5+
API_PASSWORD_DEC=$(echo $API_PASSWORD | openssl aes-256-cbc -d -a -pass pass:$ENCRYPT_KEY)
56
#Update manifest for deployment
67
sed -i 's@API_ENDPOINT:.*@'"API_ENDPOINT: $API_ENDPOINT"'@' scripts/ci_nozzle_manifest.yml
78
sed -i 's@API_USER:.*@'"API_USER: $API_USER"'@' scripts/ci_nozzle_manifest.yml
8-
sed -i 's@API_PASSWORD:.*@'"API_PASSWORD: $API_PASSWORD"'@' scripts/ci_nozzle_manifest.yml
9+
sed -i 's@API_PASSWORD:.*@'"API_PASSWORD: $API_PASSWORD_DEC"'@' scripts/ci_nozzle_manifest.yml
910
sed -i 's@CLIENT_ID:.*@'"CLIENT_ID: $CLIENT_ID"'@' scripts/ci_nozzle_manifest.yml
1011
sed -i 's@CLIENT_SECRET:.*@'"CLIENT_SECRET: $CLIENT_SECRET"'@' scripts/ci_nozzle_manifest.yml
1112
sed -i 's@SPLUNK_HOST:.*@'"SPLUNK_HOST: $SPLUNK_HOST"'@' scripts/ci_nozzle_manifest.yml

.github/workflows/main.yml

Lines changed: 19 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -70,7 +70,6 @@ jobs:
7070
API_PASSWORD: ${{ steps.get-credentials.outputs.API_PASSWORD }}
7171
API_CLIENT_PASSWORD: ${{ steps.get-credentials.outputs.API_CLIENT_PASSWORD }}
7272
ENV_ID: ${{ steps.get-credentials.outputs.ENV_ID }}
73-
AUTH_TOKEN: ${{ steps.get-credentials.outputs.AUTH_TOKEN }}
7473
steps:
7574
- name: Install Selfservice
7675
run: |
@@ -87,9 +86,7 @@ jobs:
8786

8887
- name: Claim environment and wait
8988
run: |
90-
ENV_ID="5092"
91-
echo "::add-mask::$ENV_ID"
92-
echo ENV_ID=$ENV_ID >> "$GITHUB_ENV"
89+
echo ENV_ID="$(./selfservice claimAndWait isv_ci_tas_srt_4_0 | jq -r '.id')" >> "$GITHUB_ENV"
9390
9491
- name: Set up Go
9592
uses: actions/setup-go@v3
@@ -112,25 +109,20 @@ jobs:
112109
id: get-credentials
113110
run: |
114111
./selfservice get $ENV_ID | jq -r '.credentials' > env.json
112+
echo API_ENDPOINT="https://api.$(jq -r '.sys_domain' ./env.json)" >> "$GITHUB_OUTPUT"
113+
echo API_UAA_ENDPOINT="https://uaa.$(jq -r '.sys_domain' ./env.json)" >> "$GITHUB_OUTPUT"
115114
116-
API_ENDPOINT="https://api.$(jq -r '.sys_domain' ./env.json)"
117-
echo "::add-mask::$API_ENDPOINT"
118-
echo API_ENDPOINT=$API_ENDPOINT >> "$GITHUB_OUTPUT"
119-
120-
API_UAA_ENDPOINT="https://uaa.$(jq -r '.sys_domain' ./env.json)"
121-
echo "::add-mask::$API_UAA_ENDPOINT"
122-
echo API_UAA_ENDPOINT=$API_UAA_ENDPOINT >> "$GITHUB_OUTPUT"
123-
124-
API_PASSWORD="$(hammer -t ./env.json om credentials -- -p cf -t json -c .uaa.admin_credentials | jq -r '.password')"
125-
echo "::add-mask::$API_PASSWORD"
115+
echo API_PASSWORD="$(hammer -t ./env.json om credentials -- -p cf -t json -c .uaa.admin_credentials | jq -r '.password')" >> "$GITHUB_OUTPUT"
116+
echo $API_PASSWORD | openssl aes-256-cbc -a -salt -pass pass:$ENCRYPT_KEY
126117
echo API_PASSWORD=$API_PASSWORD >> "$GITHUB_OUTPUT"
127118
128119
API_CLIENT_PASSWORD="$(hammer -t ./env.json om credentials -- -p cf -t json -c .uaa.admin_client_credentials | jq -r '.password')"
129-
echo "::add-mask::$API_CLIENT_PASSWORD"
120+
echo $API_CLIENT_PASSWORD | openssl aes-256-cbc -a -salt -pass pass:$ENCRYPT_KEY
130121
echo API_CLIENT_PASSWORD=$API_CLIENT_PASSWORD >> "$GITHUB_OUTPUT"
131122
132123
echo ENV_ID=$ENV_ID >> "$GITHUB_OUTPUT"
133-
echo AUTH_TOKEN="$AUTH_TOKEN" >> "$GITHUB_OUTPUT"
124+
env:
125+
ENCRYPT_KEY: ${{ secrets.ENCRYPT_KEY }}
134126

135127

136128
build:
@@ -176,7 +168,6 @@ jobs:
176168
API_PASSWORD: ${{ needs.create-env.outputs.API_PASSWORD }}
177169
API_CLIENT_PASSWORD: ${{ needs.create-env.outputs.API_CLIENT_PASSWORD }}
178170
API_UAA_ENDPOINT: ${{ needs.create-env.outputs.API_UAA_ENDPOINT }}
179-
AUTH_TOKEN: ${{ needs.create-env.outputs.AUTH_TOKEN }}
180171
API_USER: ${{ secrets.API_USER }}
181172
CLIENT_ID: ${{ secrets.CLIENT_ID }}
182173
CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }}
@@ -190,6 +181,10 @@ jobs:
190181
- create-env
191182
runs-on: ubuntu-latest
192183
steps:
184+
- name: Mask environments
185+
run: |
186+
echo "::add-mask::$API_PASSWORD"
187+
echo "::add-mask::$API_CLIENT_PASSWORD"
193188
194189
- name: Checkout
195190
uses: actions/checkout@v3
@@ -223,6 +218,8 @@ jobs:
223218
.github/pre-req.sh
224219
cf push -f scripts/ci_nozzle_manifest.yml -u process --random-route
225220
cf apps
221+
env:
222+
ENCRYPT_KEY: ${{ secrets.ENCRYPT_KEY }}
226223

227224
# Nozzle Log
228225
- name: Nozzle Log
@@ -236,7 +233,6 @@ jobs:
236233
API_PASSWORD: ${{ needs.create-env.outputs.API_PASSWORD }}
237234
API_CLIENT_PASSWORD: ${{ needs.create-env.outputs.API_CLIENT_PASSWORD }}
238235
API_UAA_ENDPOINT: ${{ needs.create-env.outputs.API_UAA_ENDPOINT }}
239-
AUTH_TOKEN: ${{ needs.create-env.outputs.AUTH_TOKEN }}
240236
API_USER: ${{ secrets.API_USER }}
241237
CLIENT_ID: ${{ secrets.CLIENT_ID }}
242238
CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }}
@@ -299,7 +295,6 @@ jobs:
299295
API_PASSWORD: ${{ needs.create-env.outputs.API_PASSWORD }}
300296
API_CLIENT_PASSWORD: ${{ needs.create-env.outputs.API_CLIENT_PASSWORD }}
301297
API_UAA_ENDPOINT: ${{ needs.create-env.outputs.API_UAA_ENDPOINT }}
302-
AUTH_TOKEN: ${{ needs.create-env.outputs.AUTH_TOKEN }}
303298
API_USER: ${{ secrets.API_USER }}
304299
CLIENT_ID: ${{ secrets.CLIENT_ID }}
305300
CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }}
@@ -346,6 +341,8 @@ jobs:
346341
cf push -f scripts/data_gen_manifest.yml -u process -p tools/data_gen --random-route
347342
sleep 10
348343
cf apps
344+
env:
345+
ENCRYPT_KEY: ${{ secrets.ENCRYPT_KEY }}
349346

350347
# Nozzle Log
351348
- name: Nozzle Log
@@ -393,6 +390,6 @@ jobs:
393390
echo "$(./selfservice auth $API_TOKEN | cut -c 8-)" >> "$GITHUB_ENV"
394391
env:
395392
API_TOKEN: ${{ secrets.API_TOKEN }}
396-
# - name: release environment
397-
# run: |
398-
# ./selfservice release $ENV_ID
393+
- name: release environment
394+
run: |
395+
./selfservice release $ENV_ID

0 commit comments

Comments
 (0)