sunbeam-charms/generate_token.sh
Guillaume Boutry 81be68e168
Regenerate secrets to publish charms
Add utility for generating a new secret.

Change-Id: If1c379ba88a8ab012bee1fc70265966f59c17dea
2024-01-12 14:05:29 +01:00

54 lines
1.7 KiB
Bash
Executable File

#!/bin/bash
# This script generates a token that can publish the charms to charmhub.
# The token is specific to every charms inside this repository, and has to be
# generated every time a new charm is added to the repository (or when it is
# expired).
if ! command -v charmcraft &> /dev/null
then
echo "charmcraft could not be found"
echo "Install it with: snap install charmcraft --classic"
exit 1
fi
if ! command -v zuul-client &> /dev/null
then
echo "zuul-client could not be found"
echo "Install it with: pip install zuul-client"
exit 1
fi
opt_charm=""
for charm in $(cat charms/*/{metadata,charmcraft}.yaml | grep -e "^name: " | awk '{print $2}'); do
opt_charm="$opt_charm --charm=$charm"
done
set -x
charmcraft login --export=sunbeam-charms.auth \
$opt_charm \
--permission=package-manage-metadata \
--permission=package-manage-releases \
--permission=package-manage-revisions \
--permission=package-view-metadata \
--permission=package-view-releases \
--permission=package-view-revisions \
--ttl=7776000
# Fetch project public key
[ ! -f "sunbeam-charms.pub" ] && curl https://zuul.opendev.org/api/tenant/openstack/key/opendev.org/openstack/sunbeam-charms.pub -o sunbeam-charms.pub
zuul-client --zuul-url https://zuul.opendev.org encrypt \
--public-key sunbeam-charms.pub \
--tenant openstack \
--project opendev.org/openstack/sunbeam-charms \
--secret-name charmhub_token \
--field-name value \
--infile sunbeam-charms.auth \
--outfile sunbeam-charms.charmhub.token
generated="\ # Generated on $(date --iso-8601=seconds --utc) with 90 days ttl"
sed '1d' < sunbeam-charms.charmhub.token | sed "4 i $generated" > zuul.d/secrets.yaml