DEVOPS-47 updated script and to get public key id

githubofkrishnadhas · githubofkrishnadhas · commit 93d279926fff · 2024-03-20T22:19:51.000+05:30
diff --git a/.github/workflows/create_github_secrets_using_workflow.yaml b/.github/workflows/create_github_secrets_using_workflow.yaml
@@ -37,6 +37,13 @@ jobs:
         run: |
           public_key=$(bash get_public_key.sh ${{inputs.organization}})
           echo "PUBLIC_KEY=$public_key" >> $GITHUB_OUTPUT
+      - name: get public key id
+        id: get-public-key-id
+        env:
+            GH_TOKEN: ${{ secrets.DEVWITHKRISHNA_PERSONAL_ACCESS_TOKEN }}
+        run: |
+            public_key_id=$(bash get_public_key_id.sh ${{inputs.organization}})
+            echo "PUBLIC_KEY_ID=$public_key_id" >> $GITHUB_OUTPUT
       - name: Encrypt secret
         id: encrypt-secret
         env:
@@ -49,6 +56,7 @@ jobs:
           organization: ${{ inputs.organization }}
           secret_name: ${{ inputs.secret_name }}
           ENCRYPTED_SECRET: ${{ env.ENCRYPTED_SECRET }}
+          PUBLIC_KEY_ID: ${{ steps.get-public-key-id.outputs.public_key_id }}
           GH_TOKEN: ${{ secrets.DEVWITHKRISHNA_PERSONAL_ACCESS_TOKEN }}
         run: |
           pipenv run python3 create_or_update_github_org_secret.py
diff --git a/create_or_update_github_org_secret.py b/create_or_update_github_org_secret.py
@@ -35,7 +35,8 @@ def create_or_update_organization_secret_github(organization: str, secret_name:
     }
     data = {
         "encrypted_value": encrypted_secret,
-        "visibility": "all"
+        "visibility": "all",
+        "key_id": os.getenv('PUBLIC_KEY_ID')
     }
     response = requests.put(github_org_secret_endpoint, headers=headers, json=data)
     print(response.json())
diff --git a/get_public_key.sh b/get_public_key.sh
@@ -17,6 +17,8 @@ response=$(curl -sL \
   -H "X-GitHub-Api-Version: 2022-11-28" \
   https://api.github.com/orgs/$ORGANIZATION/actions/secrets/public-key)
 
+echo $response
+sleep 10
 # Checking if the request was successful (status code 200)
 if [ ! -z "$response" ]; then
   # Extracting the public key from the response
diff --git a/get_public_key_id.sh b/get_public_key_id.sh
@@ -0,0 +1,30 @@
+#! /bin/bash
+
+# The organization name. The name is not case sensitive.
+ORGANIZATION=$1
+
+# Checking if the Organization name is non-empty
+if [ -z "$ORGANIZATION" ]; then
+  echo "Organization name is empty"
+  echo "Usage: $0 <Organization name>"
+  exit 1
+fi
+
+# Making the API call and capturing the response
+response=$(curl -sL \
+  -H "Accept: application/vnd.github+json" \
+  -H "Authorization: Bearer $GH_TOKEN" \
+  -H "X-GitHub-Api-Version: 2022-11-28" \
+  https://api.github.com/orgs/$ORGANIZATION/actions/secrets/public-key)
+
+echo $response
+sleep 10
+# Checking if the request was successful (status code 200)
+if [ ! -z "$response" ]; then
+  # Extracting the public key from the response
+  public_key_id=$(echo "$response" | jq -r '.key_id')
+  echo "$public_key_id"
+
+else
+  echo "Failed to retrieve public key id for $ORGANIZATION. Response is empty."
+fi

Original file line number	Diff line number	Diff line change
`@@ -35,7 +35,8 @@ def create_or_update_organization_secret_github(organization: str, secret_name:`
`35`	`35`	`}`
`36`	`36`	`data = {`
`37`	`37`	`"encrypted_value": encrypted_secret,`
`38`		`- "visibility": "all"`
	`38`	`+ "visibility": "all",`
	`39`	`+ "key_id": os.getenv('PUBLIC_KEY_ID')`
`39`	`40`	`}`
`40`	`41`	`response = requests.put(github_org_secret_endpoint, headers=headers, json=data)`
`41`	`42`	`print(response.json())`