hieptranquoc/.env-common.example

## .env-common.example
GCP_PROJECT_ID=teracy-iorad
GCP_ZONE=us-central1-a
GCP_CLUSTER_NAME=dev
K8S_NAMESPACE=hoatle
REGISTRY_IMAGE=gcr.io/teracy-iorad/hieptranquoc/iorad-bot
GCP_KEY_FILE_BASE64=

## .env-develop-cd.example
DEPLOY_K8S_ENABLED=true
HELM_DEBUG_ENABLED=true
HELM_TIMEOUT=2000s
# cert-manager-issuer
CERT_MANAGER_ISSUER_EMAIL=hieptq8888@gmail.com
# iorad-bot
HELM_IORAD_BOT_HOST=iorad-bot-develop.hieptq.iorad.dev
HELM_STORAGE_CLASS_NAME=
HELM_IORAD_BOT_BASE_URL=
HELM_IORAD_BASE_URL=
HELM_SLACK_APP_ID=
HELM_SLACK_CLIENT_ID=
HELM_SLACK_VERIFICATION_TOKEN=
HELM_APP_SECRET=
HELM_SLACK_CLIENT_SECRET=
HELM_SLACK_CLIENT_SIGNING_SECRET=

## .env-develop-ci.example
DOCKER_PUSH_ENABLED=true
BUILD_ENABLED=true

## .env-type-config
develop=gist://fa6c51e11fc7164b90ee1e4411a72934#.env-common.asc
develop=gist://fa6c51e11fc7164b90ee1e4411a72934#.env-develop-ci.asc
develop=gist://fa6c51e11fc7164b90ee1e4411a72934#.env-develop-cd.asc

## .gitignore
*
!.gitignore
!*.asc
!*.example

## README.md

      
    Raw
  

              README.md
            
          
    iorad-bot-gha-config

secret env configuration for iorad-bot
Init

Create a gist and pushing this template repo to your gist repo.


$ sh init.sh to create a random passphrase


Create .env-common, .env-develop-ci and .env-develop-cd files


Fill in the env values for these env files


Fill in the right values for the .env-type-config


Update


$ bash encrypt.sh <file> to encrypt files


$ git push the changes


References


https://github.com/teracyhq-incubator/secret-manager-action


## decrypt.sh
#!/usr/bin/env bash

FILE_TO_DECRYPT=$1

if [ "${FILE_TO_DECRYPT}" == ""]; then
  echo "FILE_TO_DECRYPT must be specified";
  exit 1;
fi

# TODO(hoatle): implement this

## encrypt.sh
#!/usr/bin/env bash

FILE_TO_ENCRYPT=$1

if [ "${FILE_TO_ENCRYPT}" == "" ]; then
  echo "FILE_TO_ENCRYPT must be specified";
  exit 1;
fi

if test -f "${FILE_TO_ENCRYPT}.asc"; then
  rm "${FILE_TO_ENCRYPT}.asc"
fi
cat .passphrase | gpg --symmetric --cipher-algo AES256 --batch --passphrase-fd 0 --armor ${FILE_TO_ENCRYPT}

## export.sh
#!/usr/bin/env bash

# see: https://gist.github.com/judy2k/7656bfe3b322d669ef75364a46327836
export $(egrep -v '^#' $1 | xargs)

## init.sh
#!/usr/bin/env bash

gpg --gen-random --armor 1 12 > .passphrase
	GCP_PROJECT_ID=teracy-iorad
	GCP_ZONE=us-central1-a
	GCP_CLUSTER_NAME=dev
	K8S_NAMESPACE=hoatle
	REGISTRY_IMAGE=gcr.io/teracy-iorad/hieptranquoc/iorad-bot
	GCP_KEY_FILE_BASE64=
	DEPLOY_K8S_ENABLED=true
	HELM_DEBUG_ENABLED=true
	HELM_TIMEOUT=2000s
	# cert-manager-issuer
	CERT_MANAGER_ISSUER_EMAIL=hieptq8888@gmail.com
	# iorad-bot
	HELM_IORAD_BOT_HOST=iorad-bot-develop.hieptq.iorad.dev
	HELM_STORAGE_CLASS_NAME=
	HELM_IORAD_BOT_BASE_URL=
	HELM_IORAD_BASE_URL=
	HELM_SLACK_APP_ID=
	HELM_SLACK_CLIENT_ID=
	HELM_SLACK_VERIFICATION_TOKEN=
	HELM_APP_SECRET=
	HELM_SLACK_CLIENT_SECRET=
	HELM_SLACK_CLIENT_SIGNING_SECRET=
	develop=gist://fa6c51e11fc7164b90ee1e4411a72934#.env-common.asc
	develop=gist://fa6c51e11fc7164b90ee1e4411a72934#.env-develop-ci.asc
	develop=gist://fa6c51e11fc7164b90ee1e4411a72934#.env-develop-cd.asc
	#!/usr/bin/env bash

	FILE_TO_DECRYPT=$1

	if [ "${FILE_TO_DECRYPT}" == ""]; then
	echo "FILE_TO_DECRYPT must be specified";
	exit 1;
	fi

	# TODO(hoatle): implement this
	#!/usr/bin/env bash

	FILE_TO_ENCRYPT=$1

	if [ "${FILE_TO_ENCRYPT}" == "" ]; then
	echo "FILE_TO_ENCRYPT must be specified";
	exit 1;
	fi

	if test -f "${FILE_TO_ENCRYPT}.asc"; then
	rm "${FILE_TO_ENCRYPT}.asc"
	fi
	cat .passphrase \| gpg --symmetric --cipher-algo AES256 --batch --passphrase-fd 0 --armor ${FILE_TO_ENCRYPT}
	#!/usr/bin/env bash

	# see: https://gist.github.com/judy2k/7656bfe3b322d669ef75364a46327836
	export $(egrep -v '^#' $1 \| xargs)
	#!/usr/bin/env bash

	gpg --gen-random --armor 1 12 > .passphrase