75 lines
2.3 KiB
Bash
Executable file
75 lines
2.3 KiB
Bash
Executable file
#!/usr/bin/env bash
|
|
# Prerequisites:
|
|
# 1password vault created with a single item in it with the property 'runner_token'.
|
|
# Define the vault and item used.
|
|
# Usage: ./push_token.sh <incus vm instance name>
|
|
|
|
set -euo pipefail
|
|
|
|
# Check if instance name is provided
|
|
if [ "$#" -ne 1 ]; then
|
|
echo "Usage: $0 <instance-name>" >&2
|
|
exit 1
|
|
fi
|
|
|
|
INCUS_INSTANCE="$1" # Use the provided instance name
|
|
|
|
# Set variables
|
|
OP_ITEM_NAME="forgejo-runner" # Name of the 1Password item containing the runner token
|
|
OP_VAULT_NAME="forgejo-runner" # Name of the 1Password vault
|
|
TOKEN_FILE="tokenfile" # Name of the temporary file to store the token
|
|
INCUS_PATH="/var/lib/gitea-runner/default/$TOKEN_FILE"
|
|
|
|
# Check if OP_SESSION environment variable exists, if not, sign in
|
|
if [ -z "${OP_SESSION:-}" ]; then
|
|
echo "Not logged in to 1Password CLI. Attempting to sign in..."
|
|
if ! eval $(op signin); then
|
|
echo "Failed to sign in to 1Password CLI. Please sign in manually using 'op signin'" >&2
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
# Retrieve the token from 1Password
|
|
TOKEN=$(op item get "$OP_ITEM_NAME" --vault "$OP_VAULT_NAME" --fields runner_token)
|
|
|
|
if [ -z "$TOKEN" ]; then
|
|
echo "Failed to retrieve token from 1Password" >&2
|
|
exit 1
|
|
fi
|
|
|
|
# Create the token file
|
|
echo "TOKEN=$TOKEN" > "$TOKEN_FILE"
|
|
|
|
# Function to push file and check existence with retries
|
|
push_and_check_file() {
|
|
local retries=5
|
|
local count=0
|
|
while [ $count -lt $retries ]; do
|
|
echo "Attempt $((count+1)) of $retries: Pushing file to Incus instance..."
|
|
if incus file push "$TOKEN_FILE" "$INCUS_INSTANCE$INCUS_PATH"; then
|
|
if incus exec "$INCUS_INSTANCE" -- test -f "$INCUS_PATH"; then
|
|
echo "File successfully verified in Incus instance."
|
|
return 0
|
|
fi
|
|
fi
|
|
((count++))
|
|
echo "File not found or push failed. Retrying in 5 seconds..."
|
|
sleep 5
|
|
done
|
|
echo "Failed to push and verify file after $retries attempts." >&2
|
|
return 1
|
|
}
|
|
|
|
# Push the file to Incus and verify its existence
|
|
if push_and_check_file; then
|
|
echo "Token file successfully pushed and verified in Incus instance $INCUS_INSTANCE"
|
|
else
|
|
echo "Failed to push or verify token file in Incus instance $INCUS_INSTANCE" >&2
|
|
rm "$TOKEN_FILE"
|
|
exit 1
|
|
fi
|
|
|
|
# Clean up the local token file
|
|
rm "$TOKEN_FILE"
|
|
|
|
echo "Operation completed successfully"
|