-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsetup.sh
136 lines (110 loc) · 5.46 KB
/
setup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
#!/bin/bash
set -e
cd "$(dirname "$0")/.."
check_command() {
if ! command -v $1 &> /dev/null; then
echo "$1 is required but not installed. Please install it before proceeding."
exit 1
fi
}
confirm_action() {
read -p "$1 (y/N): " choice
case "$choice" in
y|Y ) echo "Proceeding...";;
* ) echo "Aborting."; exit 0;;
esac
}
echo "Checking required software..."
check_command "aws"
check_command "sam"
check_command "bun"
check_command "go"
echo "All required software is installed."
request_certificate() {
local domain=$1
echo "Requesting ACM certificate for $domain..."
cert_arn=$(aws acm request-certificate --region us-east-1 --domain-name "$domain" --validation-method DNS --query 'CertificateArn' --output text)
echo "ACM certificate ARN: $cert_arn"
echo "Waiting for certificate..."
sleep 4
aws acm describe-certificate --region us-east-1 --certificate-arn "$cert_arn" --query 'Certificate.DomainValidationOptions[0].ResourceRecord'
echo "Add the above DNS record to your domain."
}
request_wild_certificate() {
local domain=$1
echo "Requesting ACM certificate for $domain..."
cert_wild_arn=$(aws acm request-certificate --region us-east-1 --domain-name "$domain" --validation-method DNS --query 'CertificateArn' --output text)
echo "ACM certificate ARN: $cert_wild_arn"
echo "Waiting for certificate..."
sleep 4
aws acm describe-certificate --region us-east-1 --certificate-arn "$cert_wild_arn" --query 'Certificate.DomainValidationOptions[0].ResourceRecord'
echo "Add the above DNS record to your domain."
}
# Function to create GitHub credentials in AWS Secrets Manager
create_github_secrets() {
secret_name="battleshiper-github-credentials"
echo "Checking if the GitHub secret already exists..."
set +e
github_cred_arn=$(aws secretsmanager describe-secret --secret-id $secret_name --query 'ARN' --output text)
set -e
if [ -n "$github_cred_arn" ]; then
read -p "Skip GitHub secret update (y/N): " choice
case "$choice" in
y|Y ) echo "Skipping..."; return 0;;
esac
fi
read -p "Enter GitHub Client ID: " client_id
read -p "Enter GitHub Client Secret: " client_secret
read -p "Enter GitHub App ID: " app_id
read -p "Enter GitHub App Secret (without pem headers): " app_secret
read -p "Enter GitHub Webhook Secret: " webhook_secret
if [ -z "$github_cred_arn" ]; then
echo "Creating GitHub credentials in AWS Secrets Manager..."
aws secretsmanager create-secret \
--name $secret_name \
--secret-string "{\"client_id\":\"$client_id\",\"client_secret\":\"$client_secret\",\"app_id\":\"$app_id\",\"app_secret\":\"$app_secret\",\"webhook_secret\":\"$webhook_secret\"}" \
--query 'ARN' --output text
echo "GitHub Credentials ARN: $github_cred_arn"
else
echo "GitHub secret already exists. Updating secret..."
aws secretsmanager update-secret \
--secret-id $secret_name \
--secret-string "{\"client_id\":\"$client_id\",\"client_secret\":\"$client_secret\",\"app_id\":\"$app_id\",\"app_secret\":\"$app_secret\",\"webhook_secret\":\"$webhook_secret\"}" \
--query 'ARN' --output text
echo "GitHub Credentials updated. ARN: $github_cred_arn"
fi
}
# Step 1: Request ACM Certificates
read -p "Enter your Battleshiper domain (e.g., battleshiper.dev): " domain
request_certificate "$domain"
confirm_action "Have you added the DNS record for the base domain?"
# Request wildcard certificate
wild_domain="*.$domain"
request_wild_certificate "$wild_domain"
confirm_action "Have you added the DNS record for the wildcard domain?"
# Step 2: Set up GitHub Application and Credentials
echo "Set up the GitHub application following the GitHub documentation:"
echo " - Set Callback URL to https://$domain/api/auth/callback."
echo " - Enable 'User-to-server token expiration' feature."
echo " - Set permission of 'Repository->Contents' to 'read-only'."
echo " - Subscribe to 'Push' and 'Repository' events."
echo " - Enable Webhook and set the URL to https://$domain/api/pipeline/event."
echo " - Create a strong Webhook secret and remember it for the next step."
confirm_action "Have you created the GitHub application and extracted credentials?"
echo "Generating GitHub application secret..."
create_github_secrets
read -p "Enter the GitHub username that will be selected as admin: " username
# Step 3: Build and Deploy the Battleshiper System
echo "Building the Battleshiper system with AWS SAM..."
sam build
echo "Deploying the Battleshiper system to AWS..."
sam deploy --parameter-overrides ApplicationDomain="$domain" ApplicationDomainCertificateArn="$cert_arn" ApplicationDomainWildcardCertificateArn="$cert_wild_arn" GithubOAuthClientCredentialArn="$github_cred_arn" GithubAdministratorUsername="$username"
cdn_host=$(aws cloudformation describe-stacks --stack-name battleshiper --query "Stacks[0].Outputs[?OutputKey=='BattleshiperCDNHost'].OutputValue" --output text)
cdn_project_host=$(aws cloudformation describe-stacks --stack-name battleshiper --query "Stacks[0].Outputs[?OutputKey=='BattleshiperProjectCDNHost'].OutputValue" --output text)
echo "Redeploying Battleshiper to initiate web pipeline..."
sam build && sam deploy
# Step 4: Final DNS Setup
echo "Add the following DNS records to your provider to finalize deployment:"
echo "1. CNAME $domain $cdn_host"
echo "2. CNAME *.$domain $cdn_project_host"
echo "Battleshiper system setup complete."