-
Notifications
You must be signed in to change notification settings - Fork 3
/
spread
executable file
·48 lines (38 loc) · 1.4 KB
/
spread
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
#!/usr/bin/env php
<?php
use GuzzleHttp\Client;
require_once(__DIR__.'/init.php');
if (!$githubToken = getenv('SPREAD_GITHUB_TOKEN')) {
fail('The GitHub access token must be provided through the SPREAD_GITHUB_TOKEN environment variable');
}
$client = new Client([
// Base URI is used with relative requests
'base_uri' => 'https://api.github.com',
'auth' => ['', $githubToken],
]);
$config = fetch_config();
$keypair = keypair($config);
foreach (get_repositories($config) as $repo => $repoConfig) {
print "$repo:\n";
[$keyId, $repoPublicKey] = fetch_repo_key($client, $repo);
$availableSecrets = list_secrets($client, $repo);
foreach ($repoConfig as $secretName => $file) {
if ($file === null) {
if (isset($availableSecrets[$secretName])) {
print "\t- $secretName: deleting\n";
delete_secret($client, $repo, $secretName);
} else {
print "\t- $secretName: already deleted\n";
}
continue;
}
if (!file_exists($file)) {
print "\t- $secretName: file '$file' does not exist, skipping\n";
continue;
}
print "\t- $secretName: updating\n";
$secretValue = fetch_secret($keypair, $file);
$encryptedValue = encrypt_64($secretValue, $repoPublicKey);
put_secret($client, $repo, $secretName, $encryptedValue, $keyId);
}
}