forked from Sage-Bionetworks/data_curator
-
Notifications
You must be signed in to change notification settings - Fork 0
/
set_gh_secrets.R
73 lines (64 loc) · 2.33 KB
/
set_gh_secrets.R
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
# require github cli package - 'gh': https://cli.github.com/manual/
args <- commandArgs(trailingOnly = TRUE)
repo <- basename(Sys.getenv("PWD"))
# Read OAuth credential
oauth_client <- yaml::yaml.load_file(args[1])
client_id <- toString(oauth_client$CLIENT_ID)
client_secret <- toString(oauth_client$CLIENT_SECRET)
# Read credential files locations
secret_lists <- yaml::yaml.load_file(args[2])$definitions
# Change working directory to the directory of config file
setwd(dirname(args[2]))
# Validation
# Ensure client credentials are not empty
if (is.null(client_id) || nchar(client_id) == 0) stop(args[1], " is missing CLIENT_ID")
if (is.null(client_secret) || nchar(client_secret) == 0) stop(args[1], " is missing CLIENT_SECRET")
# Ensure it is not schematic or data-model repos
if (!grepl("data[-|_]curator", repo)) stop("You are not in the data curator folder !!!")
# Ensure all credential files exist
diff <- setdiff(c("synapse_config", "creds_path", "token_pickle", "service_acct_creds"), names(secret_lists))
if (length(diff) > 0) {
stop(paste(diff, "not found in the config file", collapse = "\n"))
}
# Add OAuth secrets via gh CLI
system(
sprintf(
"
gh secret set OAUTH_CLIENT_ID --body %s;
gh secret set OAUTH_CLIENT_SECRET --body %s;
",
sQuote(client_id), sQuote(client_secret)
)
)
# Set secret names SCHEMATIC_*
secret_names <- toupper(paste0("schematic_", names(secret_lists)))
# Add schematic secrets via gh CLI
for (i in seq_along(secret_lists)) {
if (!file.exists(toString(secret_lists[[i]]))) stop(secret_lists[[i]], " not found")
if (secret_names[i] == "SCHEMATIC_TOKEN_PICKLE") {
# token.pickle is a binary file
# If you want to manually add to the secret:
# 1. encode token.pickle in the terminal: base64 -w0 (linux) or base64 -b0 (macOS)
# 2. copy encoded character string to your github secret
token_str <- base64enc::base64encode(secret_lists[[i]])
system(
sprintf(
"
gh secret set %s --body %s;
",
secret_names[i], sQuote(token_str)
)
)
} else {
system(
sprintf(
"gh secret set %s < %s",
secret_names[i], secret_lists[[i]]
)
)
}
}
cat("
<<<<<<<< Important >>>>>>>>
Please manually add 'REPO_PAT', 'RSCONNECT_USER', 'RSCONNECT_SECRET', 'RSCONNECT_TOKEN'
check 'shinyapps_deploy.md' for details\n")