forgejo-ci-runners/.taskfiles/_scripts/push_token.sh

60 lines
1.9 KiB
Bash

#!/usr/bin/env bash
# Prerequisites:
# 1password vault created with a single item in it with the property 'runner_token'.
# Define the vault and item used.
# Usage: ./push_token.sh <incus vm instance name>
set -euo pipefail
# Check if instance name is provided
if [ "$#" -ne 1 ]; then
echo "Usage: $0 <instance-name>" >&2
exit 1
fi
INCUS_INSTANCE="$1" # Use the provided instance name
# Set variables
OP_ITEM_NAME="forgejo-runner" # Name of the 1Password item containing the runner token
OP_VAULT_NAME="forgejo-runner" # Name of the 1Password vault
TOKEN_FILE="tokenfile" # Name of the temporary file to store the token
INCUS_PATH="$INCUS_INSTANCE/var/lib/gitea-runner/default/$TOKEN_FILE"
# Check if OP_SESSION environment variable exists, if not, sign in
if [ -z "${OP_SESSION:-}" ]; then
echo "Not logged in to 1Password CLI. Attempting to sign in..."
if ! eval $(op signin); then
echo "Failed to sign in to 1Password CLI. Please sign in manually using 'op signin'" >&2
exit 1
fi
fi
# Ensure the target directory exists in the Incus instance
#incus exec "$INCUS_INSTANCE" -- mkdir -p /var/lib/gitea-runner/default
#incus exec "$INCUS_INSTANCE" -- chown gitea-runner:gitea-runner /var/lib/gitea-runner/default
# Retrieve the token from 1Password
TOKEN=$(op item get "$OP_ITEM_NAME" --vault "$OP_VAULT_NAME" --fields runner_token)
if [ -z "$TOKEN" ]; then
echo "Failed to retrieve token from 1Password" >&2
exit 1
fi
# Create the token file
echo "TOKEN=$TOKEN" > "$TOKEN_FILE"
# Push the file to Incus
echo "Running: incus file push $INCUS_PATH"
if incus file push "$TOKEN_FILE" "$INCUS_PATH"; then
echo "Token file successfully pushed to Incus instance $INCUS_INSTANCE"
else
echo "Failed to push token file to Incus instance $INCUS_INSTANCE" >&2
rm "$TOKEN_FILE"
exit 1
fi
# Clean up the local token file
rm "$TOKEN_FILE"
echo "Operation completed successfully"