我正处于构建简单自动部署管道的初始阶段。我想要实现的步骤之一是批量设置 GitHub Actions 机密,因为我的项目中有很多机密。注意:我是 DevOps 和 bash 脚本的新手。
- 终端:我正在使用 git bash;
- 操作系统:我使用的是 Windows 10,但是我希望相同的脚本可以在 Windows 和 Linux/Unix 终端上运行;
到目前为止,这就是我所得到的:
REPO_OWNER="your-username"
REPO_NAME="your-repo"
GITHUB_TOKEN="your-personal-access-token"
# Function to get the latest public key.
get_public_key() {
local response
response=$(curl -s -X GET -H "Authorization: token $GITHUB_TOKEN" -H "Accept: application/vnd.github.v3+json" "https://api.github.com/repos/$REPO_OWNER/$REPO_NAME/actions/secrets/public-key")
echo "$response" | jq -r '.key,.key_id'
}
# Associative array of secrets and their values.
declare -A secrets
secrets["SECRET1_TEST"]="value1"
secrets["SECRET2_TEST "]="value2"
secrets["SECRET3_TEST "]="value3"
# Get the latest public key
public_key_info=($(get_public_key))
public_key="${public_key_info[0]}"
key_id="${public_key_info[1]}"
for secret in "${!secrets[@]}"; do
# Get the secret value from the associative array.
secret_value="${secrets[$secret]}"
# Encrypt the secret using the public key
encrypted_value=$(echo -n "$secret_value" | openssl pkeyutl -encrypt -pubin -inkey <(echo "$public_key") | openssl enc -base64 -A)
# Set the secret using the GitHub API.
curl -X PUT \
-H "Authorization: token $GITHUB_TOKEN" \
-H "Accept: application/vnd.github.v3+json" \
"https://api.github.com/repos/$REPO_OWNER/$REPO_NAME/actions/secrets/$secret" \
-d "{\"encrypted_value\":\"$encrypted_value\",\"key_id\":\"$key_id\"}"
done
运行此脚本时,出现以下错误:
Could not open file or uri for loading public key from /proc/1885/fd/63: No such file or directory
pkeyutl: Error initializing context
{
"message": "Invalid request.\n\n does not match /^(?:[A-Za-z0-9+\\/]{4})*(?:[A-Za-z0-9+\\/]{2}==|[A-Za-z0-9+\\/]{3}=|[A-Za-z0-9+\\/]{4})$/.",
"documentation_url": "https://docs.github.com/rest/actions/secrets#create-or-update-a-repository-secret"
}
您对脚本可能存在什么问题有什么想法吗?或者还有其他方法建议吗?
编辑:调试
我正在调试脚本。似乎encrypted_value打印的是空的。