From 66e6caad6930d5bf389b9d84b88a3d213afa32b5 Mon Sep 17 00:00:00 2001 From: gomez385 Date: Mon, 30 Sep 2024 20:59:17 -0400 Subject: [PATCH 01/24] first test --- .github/workflows/terraform_plan.yaml | 13 +++-- data.tf | 2 - encode_jwt.py | 80 +++++++++++++++++++++++++++ versions.tf | 2 +- 4 files changed, 90 insertions(+), 7 deletions(-) create mode 100644 encode_jwt.py diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index 02841cf..7346d65 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -16,10 +16,10 @@ jobs: runs-on: [ "229685449397" ] env: -# GITHUB_APP_ID: ${{ vars.GH_APP_ID }} -# GITHUB_APP_INSTALLATION_ID: ${{ vars.GH_APP_INSTALLATION_ID }} -# GITHUB_APP_PEM_FILE: ${{ secrets.GH_APP_PEM_FILE }} - GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} +# GITHUB_APP_ID: ${{ vars.GH_APP_ID }} + GITHUB_APP_INSTALLATION_ID: ${{ vars.GH_APP_INSTALLATION_ID }} + GITHUB_APP_PEM_FILE: ${{ secrets.GH_APP_PEM_FILE }} +# GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} GITHUB_OWNER: CSVD GITHUB_BASE_URL: https://github.e.it.census.gov/ TF_WORKSPACE: ${{ vars.terraform_workspace }} @@ -48,6 +48,11 @@ jobs: echo AWS_SECRET_ACCESS_KEY=`jq -r '.SecretAccessKey' aws_credentials.json` >> $GITHUB_ENV aws configure set aws_session_token `jq -r '.Token' aws_credentials.json` echo AWS_SESSION_TOKEN=`jq -r '.Token' aws_credentials.json` >> $GITHUB_ENV + + - name: Setup GITHUB Credentials + id: github_credentials + run: | + export GITHUB_TOKEN=$(python encode_jwt.py $GITHUB_APP_PEM_FILE $GITHUB_APP_INSTALLATION_ID $GITHUB_BASE_URL) - name: Terraform Init id: init diff --git a/data.tf b/data.tf index 6692404..ff319be 100644 --- a/data.tf +++ b/data.tf @@ -1,3 +1 @@ -data "aws_region" "current" {} - data "github_organization_teams" "teams" {} diff --git a/encode_jwt.py b/encode_jwt.py new file mode 100644 index 0000000..fd640d4 --- /dev/null +++ b/encode_jwt.py @@ -0,0 +1,80 @@ +## Run this script set the private key as github_app_private_key and installation_id as the installation id of the app + +#export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-bundle.crt +#export github_app_private_key="-----BEGIN" +#export github_app_installation_id=11 +#export github_app_url=https://github.e.it.census.gov +#export GITHUB_TOKEN=$(python encode_jwt.py "$github_app_private_key" "$github_app_installation_id" "$github_app_url") + +import time +import json +import base64 +import argparse +import requests +from cryptography.hazmat.primitives import hashes +from cryptography.hazmat.primitives.asymmetric import padding +from cryptography.hazmat.primitives.serialization import load_pem_private_key +import sys + +# Set up argument parser +parser = argparse.ArgumentParser(description='Encode JWT with RS256 and get GitHub Enterprise installation access token') +parser.add_argument('private_key', type=str, help='PEM formatted private key string') +parser.add_argument('installation_id', type=str, help='GitHub App Installation ID') +parser.add_argument('enterprise_url', type=str, help='GitHub Enterprise API URL (e.g., https://github.e.it.census.gov)') +args = parser.parse_args() + +# Load the PEM private key +private_key = load_pem_private_key(args.private_key.encode(), password=None) + +# JWT Header +header = { + "alg": "RS256", + "typ": "JWT" +} + +# JWT Payload +payload = { + "iat": int(time.time()), + "exp": int(time.time()) + (10 * 60), + "iss": "6" # Replace with your actual GitHub App ID +} + +# Encode Header and Payload as Base64 +header_encoded = base64.urlsafe_b64encode(json.dumps(header).encode()).decode().rstrip("=") +payload_encoded = base64.urlsafe_b64encode(json.dumps(payload).encode()).decode().rstrip("=") + +# Create the message (header + payload) +message = f"{header_encoded}.{payload_encoded}".encode() + +# Sign the message using RS256 +signature = private_key.sign( + message, + padding.PKCS1v15(), + hashes.SHA256() +) + +# Encode the signature in Base64 +signature_encoded = base64.urlsafe_b64encode(signature).decode().rstrip("=") + +# Construct the full JWT +jwt_token = f"{header_encoded}.{payload_encoded}.{signature_encoded}" + +# Prepare the request to get the installation access token +headers = { + "Authorization": f"Bearer {jwt_token}", + "Accept": "application/vnd.github+json" +} + +# Make the request to the GitHub Enterprise API to get the installation access token +url = f"{args.enterprise_url}/api/v3/app/installations/{args.installation_id}/access_tokens" +response = requests.post(url, headers=headers) + +# Check if the request was successful +if response.status_code == 201: + installation_access_token = response.json().get('token') + print(installation_access_token) # Output the token only +else: + # Raise an error with a message + sys.stderr.write(f"Error: Failed to get installation access token. Status code: {response.status_code}\n") + sys.stderr.write(f"{response.text}\n") + sys.exit(1) # Exit with an error code diff --git a/versions.tf b/versions.tf index 187b843..1030799 100644 --- a/versions.tf +++ b/versions.tf @@ -2,7 +2,7 @@ terraform { required_providers { random = { source = "integrations/github" - version = ">= 6.2.2" + version = ">= 6.3.0" } aws = { source = "hashicorp/aws" From e0692bf4cf27a34d0957b1ed7eaeb8425e66b8d1 Mon Sep 17 00:00:00 2001 From: gomez385 Date: Mon, 30 Sep 2024 21:01:20 -0400 Subject: [PATCH 02/24] make fix --- .github/workflows/terraform_plan.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index 7346d65..977585d 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -51,7 +51,8 @@ jobs: - name: Setup GITHUB Credentials id: github_credentials - run: | + run: | + pip install requests export GITHUB_TOKEN=$(python encode_jwt.py $GITHUB_APP_PEM_FILE $GITHUB_APP_INSTALLATION_ID $GITHUB_BASE_URL) - name: Terraform Init From 18eff8e2db442bc96a99ae190c40f7e5d9eedd41 Mon Sep 17 00:00:00 2001 From: gomez385 Date: Mon, 30 Sep 2024 21:03:52 -0400 Subject: [PATCH 03/24] make fix --- .github/workflows/terraform_plan.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index 977585d..273e158 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -52,9 +52,11 @@ jobs: - name: Setup GITHUB Credentials id: github_credentials run: | + python -m venv venv + source venv/bin/activate pip install requests export GITHUB_TOKEN=$(python encode_jwt.py $GITHUB_APP_PEM_FILE $GITHUB_APP_INSTALLATION_ID $GITHUB_BASE_URL) - + - name: Terraform Init id: init run: /opt/tfenv/bin/terraform init -upgrade From bd7eae2dcf8368c187e203513a28ec63b97373d3 Mon Sep 17 00:00:00 2001 From: gomez385 Date: Mon, 30 Sep 2024 21:06:36 -0400 Subject: [PATCH 04/24] make fix --- .github/workflows/terraform_plan.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index 273e158..537429c 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -49,6 +49,9 @@ jobs: aws configure set aws_session_token `jq -r '.Token' aws_credentials.json` echo AWS_SESSION_TOKEN=`jq -r '.Token' aws_credentials.json` >> $GITHUB_ENV + - name: Install Python venv + run: sudo apt-get update && sudo apt-get install -y python3-venv + - name: Setup GITHUB Credentials id: github_credentials run: | From fd76b31cc4ae98782c367b9dc970fb556053b8aa Mon Sep 17 00:00:00 2001 From: gomez385 Date: Mon, 30 Sep 2024 21:10:10 -0400 Subject: [PATCH 05/24] make fix --- .github/workflows/terraform_plan.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index 537429c..52af7f5 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -50,7 +50,9 @@ jobs: echo AWS_SESSION_TOKEN=`jq -r '.Token' aws_credentials.json` >> $GITHUB_ENV - name: Install Python venv - run: sudo apt-get update && sudo apt-get install -y python3-venv + run: | + export http_proxy=http://proxy.tco.census.gov:3128 + sudo apt-get update && sudo apt-get install -y python3-venv - name: Setup GITHUB Credentials id: github_credentials From 882465e443b9ef43d7d8bcc40da3cd149f30a5c7 Mon Sep 17 00:00:00 2001 From: gomez385 Date: Mon, 30 Sep 2024 21:13:20 -0400 Subject: [PATCH 06/24] make fix --- .github/workflows/terraform_plan.yaml | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index 52af7f5..92beb77 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -49,17 +49,10 @@ jobs: aws configure set aws_session_token `jq -r '.Token' aws_credentials.json` echo AWS_SESSION_TOKEN=`jq -r '.Token' aws_credentials.json` >> $GITHUB_ENV - - name: Install Python venv - run: | - export http_proxy=http://proxy.tco.census.gov:3128 - sudo apt-get update && sudo apt-get install -y python3-venv - - name: Setup GITHUB Credentials id: github_credentials run: | - python -m venv venv - source venv/bin/activate - pip install requests + sudo pip install requests export GITHUB_TOKEN=$(python encode_jwt.py $GITHUB_APP_PEM_FILE $GITHUB_APP_INSTALLATION_ID $GITHUB_BASE_URL) - name: Terraform Init From d57284bd26d40248979337dbb2fa5c362c4ad0d0 Mon Sep 17 00:00:00 2001 From: gomez385 Date: Tue, 1 Oct 2024 16:05:24 -0400 Subject: [PATCH 07/24] make fix --- .github/workflows/terraform_plan.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index 92beb77..1ecaf0b 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -51,8 +51,7 @@ jobs: - name: Setup GITHUB Credentials id: github_credentials - run: | - sudo pip install requests + run: export GITHUB_TOKEN=$(python encode_jwt.py $GITHUB_APP_PEM_FILE $GITHUB_APP_INSTALLATION_ID $GITHUB_BASE_URL) - name: Terraform Init From 89627f4fdda782e921ae49d86b581f546b6ea258 Mon Sep 17 00:00:00 2001 From: gomez385 Date: Tue, 1 Oct 2024 17:14:05 -0400 Subject: [PATCH 08/24] Empty From 7b54166549b43d8eb4546209ce120dc373471533 Mon Sep 17 00:00:00 2001 From: gomez385 Date: Tue, 1 Oct 2024 17:16:02 -0400 Subject: [PATCH 09/24] make fix --- .github/workflows/terraform_plan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index 1ecaf0b..066a761 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -52,7 +52,7 @@ jobs: - name: Setup GITHUB Credentials id: github_credentials run: - export GITHUB_TOKEN=$(python encode_jwt.py $GITHUB_APP_PEM_FILE $GITHUB_APP_INSTALLATION_ID $GITHUB_BASE_URL) + export GITHUB_TOKEN=$(python encode_jwt.py "$GITHUB_APP_PEM_FILE" "$GITHUB_APP_INSTALLATION_ID" "$GITHUB_BASE_URL") - name: Terraform Init id: init From c25ebb292f146a746451927cefabacacd88659f2 Mon Sep 17 00:00:00 2001 From: gomez385 Date: Tue, 1 Oct 2024 17:21:44 -0400 Subject: [PATCH 10/24] Empty From ee58694d02b5269dbf0713078c2d5c3312ced7c9 Mon Sep 17 00:00:00 2001 From: David John Arnold Jr Date: Tue, 1 Oct 2024 14:25:14 -0700 Subject: [PATCH 11/24] Update terraform_plan.yaml --- .github/workflows/terraform_plan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index 066a761..cd6dec1 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -52,7 +52,7 @@ jobs: - name: Setup GITHUB Credentials id: github_credentials run: - export GITHUB_TOKEN=$(python encode_jwt.py "$GITHUB_APP_PEM_FILE" "$GITHUB_APP_INSTALLATION_ID" "$GITHUB_BASE_URL") + echo GITHUB_TOKEN=$(python encode_jwt.py "${{ env.GITHUB_APP_PEM_FILE }}" "${{ env.GITHUB_APP_INSTALLATION_ID }}" "${{ env.GITHUB_BASE_URL }}") >> $GITHUB_ENV - name: Terraform Init id: init From 508e975590ab42260283e5ff94674a228ee3deba Mon Sep 17 00:00:00 2001 From: gomez385 Date: Tue, 1 Oct 2024 17:26:19 -0400 Subject: [PATCH 12/24] make fix --- .github/workflows/terraform_plan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index cd6dec1..e06f4cb 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -52,7 +52,7 @@ jobs: - name: Setup GITHUB Credentials id: github_credentials run: - echo GITHUB_TOKEN=$(python encode_jwt.py "${{ env.GITHUB_APP_PEM_FILE }}" "${{ env.GITHUB_APP_INSTALLATION_ID }}" "${{ env.GITHUB_BASE_URL }}") >> $GITHUB_ENV + python encode_jwt.py "${{ env.GITHUB_APP_PEM_FILE }}" "${{ env.GITHUB_APP_INSTALLATION_ID }}" "${{ env.GITHUB_BASE_URL }}" #>> $GITHUB_ENV - name: Terraform Init id: init From 2f4cfb7a5f4f8722568cae0c8f3d519b9de67081 Mon Sep 17 00:00:00 2001 From: gomez385 Date: Tue, 1 Oct 2024 17:31:05 -0400 Subject: [PATCH 13/24] make fix --- .github/workflows/terraform_plan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index e06f4cb..1f50699 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -52,7 +52,7 @@ jobs: - name: Setup GITHUB Credentials id: github_credentials run: - python encode_jwt.py "${{ env.GITHUB_APP_PEM_FILE }}" "${{ env.GITHUB_APP_INSTALLATION_ID }}" "${{ env.GITHUB_BASE_URL }}" #>> $GITHUB_ENV + python encode_jwt.py "${{ secrets.GITHUB_APP_PEM_FILE }}" "${{ vars.GITHUB_APP_INSTALLATION_ID }}" https://github.e.it.census.gov/" #>> $GITHUB_ENV - name: Terraform Init id: init From d455c5b01a8e766e597e8e0710e276467a4f0a32 Mon Sep 17 00:00:00 2001 From: gomez385 Date: Tue, 1 Oct 2024 17:35:08 -0400 Subject: [PATCH 14/24] make fix --- .github/workflows/terraform_plan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index 1f50699..d96ab54 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -52,7 +52,7 @@ jobs: - name: Setup GITHUB Credentials id: github_credentials run: - python encode_jwt.py "${{ secrets.GITHUB_APP_PEM_FILE }}" "${{ vars.GITHUB_APP_INSTALLATION_ID }}" https://github.e.it.census.gov/" #>> $GITHUB_ENV + python encode_jwt.py "${{ secrets.GITHUB_APP_PEM_FILE }}" "${{ vars.GITHUB_APP_INSTALLATION_ID }}" "https://github.e.it.census.gov/" #>> $GITHUB_ENV - name: Terraform Init id: init From cae233120d2d09b6cd67f2d8e3066a1c99d3fef3 Mon Sep 17 00:00:00 2001 From: gomez385 Date: Tue, 1 Oct 2024 17:38:14 -0400 Subject: [PATCH 15/24] make fix --- .github/workflows/terraform_plan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index d96ab54..c4847f3 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -52,7 +52,7 @@ jobs: - name: Setup GITHUB Credentials id: github_credentials run: - python encode_jwt.py "${{ secrets.GITHUB_APP_PEM_FILE }}" "${{ vars.GITHUB_APP_INSTALLATION_ID }}" "https://github.e.it.census.gov/" #>> $GITHUB_ENV + python encode_jwt.py "$GITHUB_APP_PEM_FILE $GITHUB_APP_INSTALLATION_ID $GITHUB_BASE_URL" #>> $GITHUB_ENV - name: Terraform Init id: init From b89c1654b40319eaac577a83238663c7a2cc77ed Mon Sep 17 00:00:00 2001 From: gomez385 Date: Tue, 1 Oct 2024 17:39:34 -0400 Subject: [PATCH 16/24] make fix --- .github/workflows/terraform_plan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index c4847f3..d4b5f66 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -52,7 +52,7 @@ jobs: - name: Setup GITHUB Credentials id: github_credentials run: - python encode_jwt.py "$GITHUB_APP_PEM_FILE $GITHUB_APP_INSTALLATION_ID $GITHUB_BASE_URL" #>> $GITHUB_ENV + python encode_jwt.py "$GITHUB_APP_PEM_FILE" "$GITHUB_APP_INSTALLATION_ID" "$GITHUB_BASE_URL" #>> $GITHUB_ENV - name: Terraform Init id: init From b37a747abfdc5745fb33416acc8002433aeebd50 Mon Sep 17 00:00:00 2001 From: gomez385 Date: Tue, 1 Oct 2024 17:42:45 -0400 Subject: [PATCH 17/24] make fix --- .github/workflows/terraform_plan.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index d4b5f66..266e1e7 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -51,7 +51,8 @@ jobs: - name: Setup GITHUB Credentials id: github_credentials - run: + run: | + export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-bundle.crt python encode_jwt.py "$GITHUB_APP_PEM_FILE" "$GITHUB_APP_INSTALLATION_ID" "$GITHUB_BASE_URL" #>> $GITHUB_ENV - name: Terraform Init From 96aab0969d08471171d1715911193153b72582c0 Mon Sep 17 00:00:00 2001 From: gomez385 Date: Tue, 1 Oct 2024 17:46:19 -0400 Subject: [PATCH 18/24] make fix --- .github/workflows/terraform_plan.yaml | 1 - encode_jwt.py | 3 +++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index 266e1e7..057c608 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -52,7 +52,6 @@ jobs: - name: Setup GITHUB Credentials id: github_credentials run: | - export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-bundle.crt python encode_jwt.py "$GITHUB_APP_PEM_FILE" "$GITHUB_APP_INSTALLATION_ID" "$GITHUB_BASE_URL" #>> $GITHUB_ENV - name: Terraform Init diff --git a/encode_jwt.py b/encode_jwt.py index fd640d4..a77dcc1 100644 --- a/encode_jwt.py +++ b/encode_jwt.py @@ -23,6 +23,9 @@ parser.add_argument('enterprise_url', type=str, help='GitHub Enterprise API URL (e.g., https://github.e.it.census.gov)') args = parser.parse_args() +print(args.private_key) +print(args.installation_id) +print(args.enterprise_url) # Load the PEM private key private_key = load_pem_private_key(args.private_key.encode(), password=None) From ac30e945037665334434f501b86f59753b50c41b Mon Sep 17 00:00:00 2001 From: gomez385 Date: Tue, 1 Oct 2024 17:50:03 -0400 Subject: [PATCH 19/24] make fix --- encode_jwt.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/encode_jwt.py b/encode_jwt.py index a77dcc1..b2e7e51 100644 --- a/encode_jwt.py +++ b/encode_jwt.py @@ -68,8 +68,10 @@ "Accept": "application/vnd.github+json" } +print(jwt_token) + # Make the request to the GitHub Enterprise API to get the installation access token -url = f"{args.enterprise_url}/api/v3/app/installations/{args.installation_id}/access_tokens" +url = f"{args.enterprise_url}api/v3/app/installations/{args.installation_id}/access_tokens" response = requests.post(url, headers=headers) # Check if the request was successful From 25ba273d50d50f9b9f0e73d30f9db4f53cc9b6b9 Mon Sep 17 00:00:00 2001 From: gomez385 Date: Tue, 1 Oct 2024 17:52:32 -0400 Subject: [PATCH 20/24] make fix --- .github/workflows/terraform_plan.yaml | 2 +- encode_jwt.py | 5 ----- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index 057c608..4a0b337 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -52,7 +52,7 @@ jobs: - name: Setup GITHUB Credentials id: github_credentials run: | - python encode_jwt.py "$GITHUB_APP_PEM_FILE" "$GITHUB_APP_INSTALLATION_ID" "$GITHUB_BASE_URL" #>> $GITHUB_ENV + export GITHUB_TOKEN=$(python encode_jwt.py "$GITHUB_APP_PEM_FILE" "$GITHUB_APP_INSTALLATION_ID" "$GITHUB_BASE_URL") - name: Terraform Init id: init diff --git a/encode_jwt.py b/encode_jwt.py index b2e7e51..a777670 100644 --- a/encode_jwt.py +++ b/encode_jwt.py @@ -23,9 +23,6 @@ parser.add_argument('enterprise_url', type=str, help='GitHub Enterprise API URL (e.g., https://github.e.it.census.gov)') args = parser.parse_args() -print(args.private_key) -print(args.installation_id) -print(args.enterprise_url) # Load the PEM private key private_key = load_pem_private_key(args.private_key.encode(), password=None) @@ -68,8 +65,6 @@ "Accept": "application/vnd.github+json" } -print(jwt_token) - # Make the request to the GitHub Enterprise API to get the installation access token url = f"{args.enterprise_url}api/v3/app/installations/{args.installation_id}/access_tokens" response = requests.post(url, headers=headers) From 6296b58710b7c6db4b4eb1d943c7c9a4c7219ce7 Mon Sep 17 00:00:00 2001 From: gomez385 Date: Tue, 1 Oct 2024 17:55:53 -0400 Subject: [PATCH 21/24] make fix --- .github/workflows/terraform_plan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index 4a0b337..8a2092f 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -52,7 +52,7 @@ jobs: - name: Setup GITHUB Credentials id: github_credentials run: | - export GITHUB_TOKEN=$(python encode_jwt.py "$GITHUB_APP_PEM_FILE" "$GITHUB_APP_INSTALLATION_ID" "$GITHUB_BASE_URL") + export GITHUB_TOKEN=$(python encode_jwt.py "$GITHUB_APP_PEM_FILE" "$GITHUB_APP_INSTALLATION_ID" "$GITHUB_BASE_URL") >> $GITHUB_ENV - name: Terraform Init id: init From 83785c72c97dfe303456bc52979b9de38377a4b4 Mon Sep 17 00:00:00 2001 From: gomez385 Date: Tue, 1 Oct 2024 17:56:28 -0400 Subject: [PATCH 22/24] make fix --- .github/workflows/terraform_plan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index 8a2092f..d57aa70 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -52,7 +52,7 @@ jobs: - name: Setup GITHUB Credentials id: github_credentials run: | - export GITHUB_TOKEN=$(python encode_jwt.py "$GITHUB_APP_PEM_FILE" "$GITHUB_APP_INSTALLATION_ID" "$GITHUB_BASE_URL") >> $GITHUB_ENV + echo GITHUB_TOKEN=$(python encode_jwt.py "$GITHUB_APP_PEM_FILE" "$GITHUB_APP_INSTALLATION_ID" "$GITHUB_BASE_URL") >> $GITHUB_ENV - name: Terraform Init id: init From 1ab25be5a4ad5f21320d4429899f3c58c6cec5c5 Mon Sep 17 00:00:00 2001 From: arnol377 Date: Wed, 2 Oct 2024 15:39:36 -0400 Subject: [PATCH 23/24] pushing latest --- image-pipeline.tf | 6 +++--- main.tf | 8 ++++---- morpheus.tf | 2 +- repolist.tf | 18 ++++++++++++++++++ sandbox.tf | 2 +- varfiles/default | 0 varfiles/default.tfvars | 14 ++++++++++++++ variables.tf | 12 ++++++++++++ 8 files changed, 53 insertions(+), 9 deletions(-) create mode 100644 repolist.tf delete mode 100644 varfiles/default diff --git a/image-pipeline.tf b/image-pipeline.tf index a60ba30..dcc5065 100644 --- a/image-pipeline.tf +++ b/image-pipeline.tf @@ -50,7 +50,7 @@ module "asset_releases" { github_repo_description = "Terraform Workspace for publishing image-pipeline-assets" repo_org = "CSVD" name = "image-pipeline-asset-releases" - github_org_teams = local.github_organization_teams + github_org_teams = local.github_organization_teams github_repo_topics = [ "terraform" ] @@ -68,7 +68,7 @@ module "aws_image_pipeline" { github_repo_description = "Terraform Workspace for creating and managing AWS Image Pipelines" repo_org = "CSVD" name = "aws-image-pipeline" - github_org_teams = local.github_organization_teams + github_org_teams = local.github_organization_teams github_repo_topics = [ "terraform" ] @@ -112,7 +112,7 @@ module "terraform_aws_image_pipeline" { github_repo_description = "Terraform Module that creates codepipeline and codebuild jobs and other resources for building and deploying images" repo_org = "CSVD" name = "terraform-aws-image-pipeline" - github_org_teams = local.github_organization_teams + github_org_teams = local.github_organization_teams github_repo_topics = [ "terraform" ] diff --git a/main.tf b/main.tf index e0457de..a10c620 100644 --- a/main.tf +++ b/main.tf @@ -27,7 +27,7 @@ module "elastic_beanstalk" { enforce_prs = false collaborators = local.collaborators pull_request_bypassers = local.pull_request_bypassers - github_org_teams = local.github_organization_teams + github_org_teams = local.github_organization_teams } @@ -273,7 +273,7 @@ module "setup_terraform" { create_codeowners = false enforce_prs = false collaborators = local.collaborators - github_org_teams = local.github_organization_teams + github_org_teams = local.github_organization_teams } module "setup_node" { @@ -289,7 +289,7 @@ module "setup_node" { create_codeowners = false enforce_prs = false collaborators = local.collaborators - github_org_teams = local.github_organization_teams + github_org_teams = local.github_organization_teams } # ghe-runner @@ -306,7 +306,7 @@ module "ghe_runners" { create_codeowners = false enforce_prs = false collaborators = local.collaborators - github_org_teams = local.github_organization_teams + github_org_teams = local.github_organization_teams } module "vpc_services" { diff --git a/morpheus.tf b/morpheus.tf index 132b969..4a82a28 100644 --- a/morpheus.tf +++ b/morpheus.tf @@ -10,7 +10,7 @@ module "morpheus_repos" { source = "HappyPathway/repo/github" #github_codeowners_team = "CSVD" github_repo_description = "Repo for morpheus cloud" - github_org_teams = local.github_organization_teams + github_org_teams = local.github_organization_teams repo_org = "CSVD" name = each.value github_repo_topics = [ diff --git a/repolist.tf b/repolist.tf new file mode 100644 index 0000000..4c11376 --- /dev/null +++ b/repolist.tf @@ -0,0 +1,18 @@ +module "repo_list" { + source = "HappyPathway/repo/github" + for_each = tomap({ for repo in var.repolist : repo.name => repo }) + #github_codeowners_team = "CSVD" + github_repo_description = each.value.description + repo_org = each.value.repo_org + name = each.value.name + github_repo_topics = [ + "terraform" + ] + is_template = each.value.is_template + force_name = true + create_codeowners = false + enforce_prs = each.value.enforce_prs + collaborators = local.collaborators + pull_request_bypassers = local.pull_request_bypassers + github_org_teams = local.github_organization_teams +} diff --git a/sandbox.tf b/sandbox.tf index e80f158..38e5611 100644 --- a/sandbox.tf +++ b/sandbox.tf @@ -19,7 +19,7 @@ module "sandbox" { create_codeowners = false enforce_prs = false collaborators = { "arnol377" : "admin" } - github_org_teams = local.github_organization_teams + github_org_teams = local.github_organization_teams managed_extra_files = [ { path = ".github/workflows/terraform-plan.yaml" diff --git a/varfiles/default b/varfiles/default deleted file mode 100644 index e69de29..0000000 diff --git a/varfiles/default.tfvars b/varfiles/default.tfvars index fa1a342..6ad4a1d 100644 --- a/varfiles/default.tfvars +++ b/varfiles/default.tfvars @@ -1,3 +1,17 @@ image_pipeline_workflows = { "image-pipeline-goss-testing" = "./workflows/goss-testing.yaml" } + +repolist = [ + { + description = "Managing AWS CSVD Secrets" + repo_org = "CSVD" + name = "aws-secrets" + }, + { + description = "Tools for managing Terraform" + repo_org = "CSVD" + name = "tf-tools" + } +] + diff --git a/variables.tf b/variables.tf index 0f1b652..82faa87 100644 --- a/variables.tf +++ b/variables.tf @@ -1,3 +1,15 @@ variable "image_pipeline_workflows" { type = map(string) } + +variable "repolist" { + type = list(object({ + description = string + repo_org = string + name = string + is_template = optional(bool, false) + create_codeowners = optional(bool, false) + enforce_prs = optional(bool, false) + })) + default = [] +} From 4f26fa9ca16a3246ed74395b1cc24f84b10e7896 Mon Sep 17 00:00:00 2001 From: arnol377 Date: Mon, 7 Oct 2024 19:02:37 -0400 Subject: [PATCH 24/24] uypdating --- imported-repos.tf | 14 ++++++++++++ main.tf | 17 --------------- repolist.tf | 18 +++++++--------- varfiles/default.tfvars | 48 ++++++++++++++++++++++++++++++++++++++++- variables.tf | 1 + 5 files changed, 70 insertions(+), 28 deletions(-) create mode 100644 imported-repos.tf diff --git a/imported-repos.tf b/imported-repos.tf new file mode 100644 index 0000000..cfc8959 --- /dev/null +++ b/imported-repos.tf @@ -0,0 +1,14 @@ +module "netbackup_automation_platform" { + source = "HappyPathway/gh-actions/importer" + github_repo_topics = [] + vulnerability_alerts = false + public_repo = { + default_branch = "main" + clone_url = "https://github.com/VeritasOS/netbackup-automation-platform.git" + } + internal_repo = { + name = "netbackup-automation-platform" + org = "CSVD" + topics = ["automation-platform"] + } +} diff --git a/main.tf b/main.tf index a10c620..1205503 100644 --- a/main.tf +++ b/main.tf @@ -68,23 +68,6 @@ module "csvd-org-management" { github_org_teams = local.github_organization_teams } -module "external-actions" { - source = "HappyPathway/repo/github" - #github_codeowners_team = "CSVD" - github_repo_description = "Automation Repos for Morpheus POC" - repo_org = "CSVD" - name = "external-actions" - github_repo_topics = [ - "terraform" - ] - force_name = true - create_codeowners = false - enforce_prs = false - collaborators = local.collaborators - pull_request_bypassers = local.pull_request_bypassers - github_org_teams = local.github_organization_teams -} - module "github-runner-images" { source = "HappyPathway/repo/github" #github_codeowners_team = "CSVD" diff --git a/repolist.tf b/repolist.tf index 4c11376..bed6c3a 100644 --- a/repolist.tf +++ b/repolist.tf @@ -5,14 +5,12 @@ module "repo_list" { github_repo_description = each.value.description repo_org = each.value.repo_org name = each.value.name - github_repo_topics = [ - "terraform" - ] - is_template = each.value.is_template - force_name = true - create_codeowners = false - enforce_prs = each.value.enforce_prs - collaborators = local.collaborators - pull_request_bypassers = local.pull_request_bypassers - github_org_teams = local.github_organization_teams + github_repo_topics = each.value.repo_topics + is_template = each.value.is_template + force_name = true + create_codeowners = false + enforce_prs = each.value.enforce_prs + collaborators = local.collaborators + pull_request_bypassers = local.pull_request_bypassers + github_org_teams = local.github_organization_teams } diff --git a/varfiles/default.tfvars b/varfiles/default.tfvars index 6ad4a1d..9e37a68 100644 --- a/varfiles/default.tfvars +++ b/varfiles/default.tfvars @@ -7,11 +7,57 @@ repolist = [ description = "Managing AWS CSVD Secrets" repo_org = "CSVD" name = "aws-secrets" + repo_topics = [ + "terraform-tools" + ] }, { description = "Tools for managing Terraform" repo_org = "CSVD" name = "tf-tools" - } + repo_topics = [ + "terraform-tools" + ] + }, + { + description = "Composite Action for Terraform-Validate" + repo_org = "CSVD" + name = "terraform-validate" + repo_topics = [ + "composite-action" + ] + }, + { + description = "Composite Action for Terraform-Plan" + repo_org = "CSVD" + name = "terraform-plan" + repo_topics = [ + "composite-action" + ] + }, + { + description = "Composite Action for Terraform-Apply" + repo_org = "CSVD" + name = "terraform-apply" + repo_topics = [ + "composite-action" + ] + }, + { + description = "Composite Action for Terraform-Apply" + repo_org = "CSVD" + name = "terraform-init" + repo_topics = [ + "composite-action" + ] + }, + { + description = "Composite Action for AWS Auth" + repo_org = "CSVD" + name = "aws-auth" + repo_topics = [ + "composite-action" + ] + } ] diff --git a/variables.tf b/variables.tf index 82faa87..a8b1a49 100644 --- a/variables.tf +++ b/variables.tf @@ -10,6 +10,7 @@ variable "repolist" { is_template = optional(bool, false) create_codeowners = optional(bool, false) enforce_prs = optional(bool, false) + repo_topics = optional(list(string), ["terraform-workspace"]) })) default = [] }