automatically-create-delete-update-github-organization-secrets/.github/workflows/create_github_secrets_using_workflow.yaml at main · devwithkrishna/automatically-create-delete-update-github-organization-secrets · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
name: create-or-update-organization-github-secrets-from-workflow
on:
  workflow_dispatch:
    inputs:
      organization:
        type: string
        default: 'devwithkrishna'
        description: 'The GitHub organization name'
        required: true
      secret_name:
        type: string
        description: "Secret name to create/update on org level"
        required: true
      secret_value:
        type: string
        description: "Secret value to add"
        required: true
run-name: ${{ github.actor }} creating secrets in ${{ inputs.organization }}
jobs:
  create-or-update-organization-github-secrets-from-workflow:
    runs-on: ubuntu-latest
    steps:
      - name: git checkout
        uses: actions/checkout@v4
      - name: Set up Python
        uses: actions/setup-python@v2
        with:
          python-version: '3.11'
      - name: package installations
        run: |
          pip install pipenv
          pipenv install
      - name: get public key
        id: get-public-key
        env:
          GH_TOKEN: ${{ secrets.DEVWITHKRISHNA_PERSONAL_ACCESS_TOKEN }}
        run: |
          public_key=$(bash get_public_key.sh ${{inputs.organization}})
          echo "PUBLIC_KEY=$public_key" >> $GITHUB_OUTPUT
      - name: get public key id
        id: get-public-key-id
        env:
          GH_TOKEN: ${{ secrets.DEVWITHKRISHNA_PERSONAL_ACCESS_TOKEN }}
        run: |
            public_key_id=$(bash get_public_key_id.sh ${{inputs.organization}})
            echo "PUBLIC_KEY_ID=$public_key_id" >> $GITHUB_OUTPUT
      - name: Encrypt secret
        id: encrypt-secret
        env:
          PUBLIC_KEY: ${{ steps.get-public-key.outputs.public_key }}
          SECRET_VALUE: ${{ inputs.secret_value }}
        run: |
          pipenv run python3 encrypt_using_libnacl.py
      - name: create or update org secret
        env:
          organization: ${{ inputs.organization }}
          secret_name: ${{ inputs.secret_name }}
          ENCRYPTED_SECRET: ${{ env.ENCRYPTED_SECRET }}
          PUBLIC_KEY_ID: ${{ steps.get-public-key-id.outputs.public_key_id }}
          GH_TOKEN: ${{ secrets.DEVWITHKRISHNA_PERSONAL_ACCESS_TOKEN }}
        run: |
          pipenv run python3 create_or_update_github_org_secret.py
      - name: Completed
        run: |
          echo "program completed successfully"