|
| 1 | +#!/bin/bash |
| 2 | + |
| 3 | +# This script will patch the servers config map, install the app cert and restart the server components |
| 4 | +# It is best to add the envs to your environment variables using `gp env GH_APP_ID=....` and `gp env GH_APP_KEY="..."`. |
| 5 | +# See https://www.notion.so/gitpod/How-to-deploy-a-PR-with-a-working-GitHub-App-integration-d297a1ef2f7b4b3aa8483b2ae9b47da2 (internal) for more details. |
| 6 | + |
| 7 | +# GH_APP_ID=<app-id> |
| 8 | +# GH_APP_KEY="-----BEGIN RSA PRIVATE KEY----- |
| 9 | +# ... |
| 10 | +# -----END RSA PRIVATE KEY-----" |
| 11 | +############################# |
| 12 | + |
| 13 | +if [ -z "$GH_APP_ID" ]; then |
| 14 | + echo "Missing env GH_APP_ID" |
| 15 | + return |
| 16 | +fi |
| 17 | + |
| 18 | +if [ -z "${GH_APP_KEY}" ]; then |
| 19 | + echo "Missing env GH_APP_KEY" |
| 20 | + return |
| 21 | +fi |
| 22 | + |
| 23 | +# turn spaces into newlines, in case the key got pasted in on the env var dashboard interface |
| 24 | +TMP=${GH_APP_KEY// RSA PRIVATE /RSA_PRIVATE} |
| 25 | +TMP2=${TMP// /$'\n'} |
| 26 | +GH_APP_KEY=${TMP2//RSA_PRIVATE/ RSA PRIVATE } |
| 27 | + |
| 28 | + |
| 29 | +echo 'patching configmap server-config' |
| 30 | +LINE="\"githubApp\": \{\"appId\":${GH_APP_ID},\"authProviderId\":\"Public-GitHub\",\"certPath\":\"\/github-app-cert\/cert\",\"certSecretName\":\"server-github-app-cert\",\"enabled\":true,\"marketplaceName\":\"gitpod-io\",\"webhookSecret\":\"omgsecret\"}" |
| 31 | +kubectl get cm server-config -o yaml > server-config.yml |
| 32 | +perl -0777 -i.original -pe "s/\"githubApp\":.+?\}/$LINE/igs" server-config.yml |
| 33 | +kubectl apply -f server-config.yml |
| 34 | +rm server-config.yml |
| 35 | + |
| 36 | +echo 'updating the secret' |
| 37 | +kubectl delete secret server-github-app-cert |
| 38 | +kubectl create secret generic server-github-app-cert --from-literal=cert="$GH_APP_KEY" |
| 39 | + |
| 40 | +if kubectl get deployment server -o json | grep -q 'github-app-cert-secret'; then |
| 41 | + echo 'deployment already contains github-app-cert-volume. Skipping patching server deployment.' |
| 42 | +else |
| 43 | + echo 'updating server deployment' |
| 44 | + kubectl get deployment server -o json | \ |
| 45 | + sed -E "s|\"volumeMounts\": \[|\"volumeMounts\": \[ {\"name\": \"github-app-cert-secret\", \"readOnly\": true, \"mountPath\": \"/github-app-cert\"},|" | \ |
| 46 | + sed -E "s|\"volumes\": \[|\"volumes\": \[ {\"name\": \"github-app-cert-secret\", \"secret\": { \"secretName\": \"server-github-app-cert\"}},|" | \ |
| 47 | + kubectl apply -f - |
| 48 | +fi |
| 49 | +echo 'restarting server deployment' |
| 50 | +kubectl rollout restart deployment server |
0 commit comments