-
Notifications
You must be signed in to change notification settings - Fork 48
/
Copy pathcodecov-secret-mapping
executable file
·62 lines (46 loc) · 1.65 KB
/
codecov-secret-mapping
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
#!/usr/bin/env bash
set -e
REPO_ROOT=$(git rev-parse --show-toplevel)
source $REPO_ROOT/boilerplate/_lib/common.sh
source $REPO_ROOT/boilerplate/_lib/release.sh
cmd=${0##*/}
usage() {
cat <<EOF
Usage: $cmd [PATH_TO_RELEASE_CLONE]
Creates a delta in $RELEASE_REPO requesting a codecov secret mapping for a
boilerplate consumer. Must be invoked from within a local clone of a repository
already subscribed to the $CONVENTION_NAME convention.
Parameters:
PATH_TO_RELEASE_CLONE File system path to a local clone of
https://github.com/$RELEASE_REPO. If not
specified, the repository will be cloned in a
temporary directory.
EOF
exit -1
}
# Was a release repo clone specified?
release_process_args "$@"
release_validate_invocation
release_prep_clone
cd $RELEASE_CLONE
mapping_file=core-services/secret-mirroring/_mapping.yaml
secret_name=$CONSUMER_NAME-codecov-token
# TODO: Do some proper yaml validation and editing here.
# See if the mapping already exists. This ain't great: it assumes the
# lines are in a particular order, and doesn't check the namespaces. See
# TODO above :)
grep -B2 $secret_name $mapping_file && err "
Found existing mapping in $mapping_file
Nothing to do."
# Append it. This ain't great: it assumes the `secrets` top-level key is
# still in play, that we're matching whitespace, etc. See TODO above :)
cat <<EOF >> $mapping_file
- from:
namespace: sd-sre-secrets
name: $secret_name
to:
namespace: ci
name: $secret_name
EOF
release_branch=$CONSUMER_ORG-$CONSUMER_NAME-$DEFAULT_BRANCH-boilerplate-$cmd
release_done_msg $release_branch