-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathget-token.sh
executable file
·67 lines (54 loc) · 1.39 KB
/
get-token.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
#!/usr/bin/env bash
set -eu
tps_url="$1"
tps_token="$2"
hcloud_token="$3"
log() {
echo >&2 "$*"
}
# do_request [<args>...]
do_request() {
curl \
--fail-with-body \
--retry 2 \
--silent \
--user-agent "tps-action/unknown" \
"$@"
}
# get_gha_token
get_gha_token() {
log "Requesting Github Action token"
if [[ -z "$ACTIONS_ID_TOKEN_REQUEST_URL" ]]; then
log "::error::ACTIONS_ID_TOKEN_REQUEST_URL is empty"
exit 1
fi
if [[ -z "$ACTIONS_ID_TOKEN_REQUEST_TOKEN" ]]; then
log "::error::ACTIONS_ID_TOKEN_REQUEST_TOKEN is empty"
exit 1
fi
do_request \
--header "Authorization: Bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
"$ACTIONS_ID_TOKEN_REQUEST_URL&audience=tps" |
jq -r .value
}
# get_hcloud_token <gha_token>
get_hcloud_token() {
log "Requesting HCloud token"
do_request --request POST \
--header "Authorization: Bearer $1" \
"$tps_url"
}
# If HCLOUD_TOKEN is not provided, fetch a token from TPS.
if [[ -z "$hcloud_token" ]]; then
# If TPS token is not provided, use Github Actions ID tokens.
if [[ -z "$tps_token" ]]; then
tps_token=$(get_gha_token)
fi
hcloud_token="$(get_hcloud_token "$tps_token")"
fi
if [[ "${hcloud_token:-}" == "" ]]; then
log "::error::Couldn't determine HCLOUD_TOKEN. Are repository secrets correctly set?"
exit 1
fi
echo "::add-mask::$hcloud_token"
echo "HCLOUD_TOKEN=$hcloud_token" >> "$GITHUB_ENV"