-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsetup-github-secrets.sh
More file actions
executable file
Β·149 lines (125 loc) Β· 4.65 KB
/
setup-github-secrets.sh
File metadata and controls
executable file
Β·149 lines (125 loc) Β· 4.65 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
#!/bin/bash
# GitHub Secrets Setup Script for Trends.Earth UI Deployment
# This script helps configure the required GitHub secrets for ECR + CodeDeploy deployment
set -e
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Configuration
REPO_OWNER="ConservationInternational"
REPO_NAME="trends.earth-api-ui"
echo -e "${BLUE}π GitHub Secrets Setup for Trends.Earth UI Deployment${NC}"
echo "========================================================"
echo ""
# Check if gh CLI is installed
if ! command -v gh &> /dev/null; then
echo -e "${RED}β GitHub CLI (gh) is not installed${NC}"
echo "Please install it from: https://cli.github.com/"
exit 1
fi
# Check if user is authenticated
if ! gh auth status &> /dev/null; then
echo -e "${RED}β Not authenticated with GitHub CLI${NC}"
echo "Please run: gh auth login"
exit 1
fi
echo -e "${GREEN}β
GitHub CLI is installed and authenticated${NC}"
echo ""
# Function to set a secret
set_secret() {
local secret_name=$1
local secret_description=$2
local is_optional=${3:-false}
echo -e "${YELLOW}Setting: ${secret_name}${NC}"
echo "Description: ${secret_description}"
if [ "$is_optional" = true ]; then
echo -e "${BLUE}(Optional - press Enter to skip)${NC}"
fi
echo -n "Enter value: "
read -s secret_value
echo ""
if [ -n "$secret_value" ]; then
if gh secret set "$secret_name" --body "$secret_value" --repo "$REPO_OWNER/$REPO_NAME"; then
echo -e "${GREEN}β
Successfully set ${secret_name}${NC}"
else
echo -e "${RED}β Failed to set ${secret_name}${NC}"
fi
elif [ "$is_optional" = false ]; then
echo -e "${RED}β ${secret_name} is required but no value provided${NC}"
return 1
else
echo -e "${YELLOW}βοΈ Skipped ${secret_name}${NC}"
fi
echo ""
}
# Function to set a secret from file
set_secret_from_file() {
local secret_name=$1
local secret_description=$2
local file_description=$3
echo -e "${YELLOW}Setting: ${secret_name}${NC}"
echo "Description: ${secret_description}"
echo "File: ${file_description}"
echo -n "Enter file path: "
read file_path
if [ -f "$file_path" ]; then
if gh secret set "$secret_name" < "$file_path" --repo "$REPO_OWNER/$REPO_NAME"; then
echo -e "${GREEN}β
Successfully set ${secret_name} from file${NC}"
else
echo -e "${RED}β Failed to set ${secret_name}${NC}"
fi
else
echo -e "${RED}β File not found: ${file_path}${NC}"
return 1
fi
echo ""
}
echo "This script will help you configure all the required GitHub secrets."
echo "You can also set these manually in the GitHub repository settings."
echo ""
echo -e "${YELLOW}Press Enter to continue or Ctrl+C to exit...${NC}"
read
echo ""
echo -e "${BLUE}π AWS Credentials${NC}"
echo "=================="
set_secret "AWS_ACCESS_KEY_ID" "AWS access key for ECR, CodeDeploy, and S3 access"
set_secret "AWS_SECRET_ACCESS_KEY" "AWS secret key for ECR, CodeDeploy, and S3 access"
set_secret "AWS_REGION" "AWS region (e.g., us-east-1)" true
echo ""
echo -e "${BLUE}π CodeDeploy Configuration${NC}"
echo "==========================="
set_secret "CODEDEPLOY_S3_BUCKET" "S3 bucket for CodeDeploy deployment artifacts"
echo ""
echo -e "${BLUE}π Optional Services${NC}"
echo "===================="
set_secret "ROLLBAR_ACCESS_TOKEN" "Rollbar access token for deployment notifications" true
echo ""
echo -e "${GREEN}π GitHub Secrets Setup Complete!${NC}"
echo ""
# Verify secrets were set
echo "Verifying secrets..."
echo ""
# List all secrets to verify
if gh secret list --repo "$REPO_OWNER/$REPO_NAME" &> /dev/null; then
echo -e "${BLUE}π Current repository secrets:${NC}"
gh secret list --repo "$REPO_OWNER/$REPO_NAME"
else
echo -e "${RED}β Unable to list secrets. Please verify manually in GitHub repository settings.${NC}"
fi
echo ""
echo -e "${YELLOW}β οΈ Important Notes:${NC}"
echo "1. Never commit private keys or sensitive information to the repository"
echo "2. Regularly rotate SSH keys and AWS credentials"
echo "3. Review security group rules to allow only necessary access"
echo "4. Monitor deployment logs for any authentication issues"
echo ""
echo -e "${BLUE}π Next Steps:${NC}"
echo "1. Set up AWS infrastructure (see docs/deployment/aws-infrastructure-setup.md)"
echo "2. Test deployment workflows with a manual trigger"
echo "3. Verify application health endpoints are accessible"
echo "4. Set up monitoring and alerting"
echo ""
echo -e "${GREEN}For more information, see: docs/deployment/README.md${NC}"