goors/github.sh

## github.sh
#!/usr/bin/env bash

sudo apt-get update
sudo apt-get install -y python3-pip python3-venv
python3 -m venv myenv
source myenv/bin/activate && pip install pynacl

# GitHub Repository
repo_owner="readydataAG"
repo_name="immoledo-rewrite"
environment_name="Production"

# GitHub Token with repo scope
github_token=$1

# API endpoint for creating or updating environment secrets
api_url="https://api.github.com/repos/$repo_owner/$repo_name/environments/$environment_name/secrets"

# Function to extract the p12 password
extract_p12_password() {
  p12Password=$(sudo -i sh -c 'cd /usr/share/elasticsearch && bin/elasticsearch-keystore show xpack.security.http.ssl.keystore.secure_password')
  sudo -i sh -c "echo '$p12Password' > /home/azuser/p12Password"
  sudo chown azuser:azuser /home/azuser/p12Password
}

# Function to extract and encode the certificate
extract_cert() {
  sudo -i sh -c 'cd /etc/elasticsearch/certs && base64 http_ca.crt > /home/azuser/http_ca.crt.base64'
  sudo chown azuser:azuser /home/azuser/http_ca.crt.base64
}

# Function to extract and encode the p12 file
extract_p12() {
  sudo -i sh -c 'cd /etc/elasticsearch/certs && base64 http.p12 > /home/azuser/http.p12.base64'
  sudo chown azuser:azuser /home/azuser/http.p12.base64
}

# Function to get the repository's public key
get_public_key() {
    response=$(curl -s -H "Authorization: Bearer $github_token" \
        -H "Accept: application/vnd.github.v3+json" \
        -H "X-GitHub-Api-Version 2022-11-28" \
        "$api_url/public-key")
    public_key=$(echo "$response" | jq -r '.key')
    key_id=$(echo "$response" | jq -r '.key_id')
    if [[ "$public_key" == "null" || -z "$public_key" ]]; then
        echo "Error fetching public key. Response: $response"
        exit 1
    fi
    echo "$public_key" "$key_id"
}

# Function to encrypt a secret using the repository's public key
encrypt() {
    local secret_value="$1"
    local public_key_base64="$2"
    encrypted=$(source myenv/bin/activate && python encrypt.py $public_key_base64 $secret_value)
    echo "$encrypted"
}

# Function to set a secret
set_secret() {

    local secret_name="$1"
    local secret_value="$2"
    local public_key="$3"
    local key_id="$4"


    read encrypted_value < <(encrypt "$secret_value" "$public_key")

    echo "Doing $secret_name"
    echo "Value $encrypted_value"

    http_code=$(curl -X PUT "$api_url/$secret_name" \
            -H "Authorization: token $github_token" \
            -H "Accept: application/vnd.github.v3+json" \
            -d "{\"encrypted_value\":\"$encrypted_value\",\"key_id\":\"$key_id\"}")

    echo $http_code

}

# Extract the secrets
extract_p12_password
extract_cert
extract_p12

# Wait for extraction to complete and then read the secrets
certificate=/home/azuser/http_ca.crt.base64
p12=/home/azuser/http.p12.base64
p12_password=/home/azuser/p12Password

# Get the public key and key_id for the repository
read public_key key_id < <(get_public_key)

# Set the secrets
set_secret "ELASTIC_SEARCH_P12_PASSWORD" "$p12_password" "$public_key" "$key_id"
set_secret "ELASTIC_SEARCH_CERTIFICATE" "$certificate" "$public_key" "$key_id"
set_secret "ELASTIC_SEARCH_P12" "$p12" "$public_key" "$key_id"

rm -f $certificate
rm -f $p12
rm -f $p12_password
rm -rf myenv
	#!/usr/bin/env bash

	sudo apt-get update
	sudo apt-get install -y python3-pip python3-venv
	python3 -m venv myenv
	source myenv/bin/activate && pip install pynacl

	# GitHub Repository
	repo_owner="readydataAG"
	repo_name="immoledo-rewrite"
	environment_name="Production"

	# GitHub Token with repo scope
	github_token=$1

	# API endpoint for creating or updating environment secrets
	api_url="https://api.github.com/repos/$repo_owner/$repo_name/environments/$environment_name/secrets"

	# Function to extract the p12 password
	extract_p12_password() {
	p12Password=$(sudo -i sh -c 'cd /usr/share/elasticsearch && bin/elasticsearch-keystore show xpack.security.http.ssl.keystore.secure_password')
	sudo -i sh -c "echo '$p12Password' > /home/azuser/p12Password"
	sudo chown azuser:azuser /home/azuser/p12Password
	}

	# Function to extract and encode the certificate
	extract_cert() {
	sudo -i sh -c 'cd /etc/elasticsearch/certs && base64 http_ca.crt > /home/azuser/http_ca.crt.base64'
	sudo chown azuser:azuser /home/azuser/http_ca.crt.base64
	}

	# Function to extract and encode the p12 file
	extract_p12() {
	sudo -i sh -c 'cd /etc/elasticsearch/certs && base64 http.p12 > /home/azuser/http.p12.base64'
	sudo chown azuser:azuser /home/azuser/http.p12.base64
	}

	# Function to get the repository's public key
	get_public_key() {
	response=$(curl -s -H "Authorization: Bearer $github_token" \
	-H "Accept: application/vnd.github.v3+json" \
	-H "X-GitHub-Api-Version 2022-11-28" \
	"$api_url/public-key")
	public_key=$(echo "$response" \| jq -r '.key')
	key_id=$(echo "$response" \| jq -r '.key_id')
	if [[ "$public_key" == "null" \|\| -z "$public_key" ]]; then
	echo "Error fetching public key. Response: $response"
	exit 1
	fi
	echo "$public_key" "$key_id"
	}

	# Function to encrypt a secret using the repository's public key
	encrypt() {
	local secret_value="$1"
	local public_key_base64="$2"
	encrypted=$(source myenv/bin/activate && python encrypt.py $public_key_base64 $secret_value)
	echo "$encrypted"
	}

	# Function to set a secret
	set_secret() {

	local secret_name="$1"
	local secret_value="$2"
	local public_key="$3"
	local key_id="$4"


	read encrypted_value < <(encrypt "$secret_value" "$public_key")

	echo "Doing $secret_name"
	echo "Value $encrypted_value"

	http_code=$(curl -X PUT "$api_url/$secret_name" \
	-H "Authorization: token $github_token" \
	-H "Accept: application/vnd.github.v3+json" \
	-d "{\"encrypted_value\":\"$encrypted_value\",\"key_id\":\"$key_id\"}")

	echo $http_code

	}

	# Extract the secrets
	extract_p12_password
	extract_cert
	extract_p12

	# Wait for extraction to complete and then read the secrets
	certificate=/home/azuser/http_ca.crt.base64
	p12=/home/azuser/http.p12.base64
	p12_password=/home/azuser/p12Password

	# Get the public key and key_id for the repository
	read public_key key_id < <(get_public_key)

	# Set the secrets
	set_secret "ELASTIC_SEARCH_P12_PASSWORD" "$p12_password" "$public_key" "$key_id"
	set_secret "ELASTIC_SEARCH_CERTIFICATE" "$certificate" "$public_key" "$key_id"
	set_secret "ELASTIC_SEARCH_P12" "$p12" "$public_key" "$key_id"

	rm -f $certificate
	rm -f $p12
	rm -f $p12_password
	rm -rf myenv