nicolas
/
eShopOnWeb-gitops
mirror of https://github.com/nmasse-itix/eShopOnWeb-gitops.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
51 Commits
2 Branches
0 Tags
109 KiB
 
 
Tree: 91e0e4adc4
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '91e0e4adc4'
${ noResults }
eShopOnWeb-gitops/infrastructure/files/init-hook/init.sh

51 lines
2.3 KiB
Raw Blame History

#!/bin/bash
set -Eeuo pipefail
mkdir -p /tmp/bin
curl -sSfL -o /tmp/bin/yq https://github.com/mikefarah/yq/releases/download/v4.34.1/yq_linux_amd64
curl -sSfL -o /tmp/bin/cosign https://github.com/sigstore/cosign/releases/download/v2.0.2/cosign-linux-amd64
curl -sLo /tmp/bin/jq https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64
chmod 755 /tmp/bin/cosign /tmp/bin/yq /tmp/bin/jq
export PATH="/tmp/bin:$PATH"
if ! oc get secret code-signature -n eshop-infra &>/dev/null; then
echo "========================================================================"
echo " Generating a keypair for code signature with cosign"
echo "========================================================================"
echo
## Move to /tmp before creating the keypair because of:
# Error: open cosign.pub: permission denied
# main.go:74: error during command execution: open cosign.pub: permission denied
cd /tmp
COSIGN_PASSWORD=dummy cosign generate-key-pair k8s://eshop-infra/code-signature
fi
echo
echo "========================================================================"
echo " Distributing the code signature keypair to relevant namespaces"
echo "========================================================================"
echo
oc get secret code-signature -n eshop-infra -o yaml | yq eval 'del(.status, .metadata.resourceVersion, .metadata.uid, .metadata.namespace, .metadata.creationTimestamp, .metadata.selfLink, .metadata.managedFields)' - > /tmp/code-signature-secret.yaml
oc apply -f /tmp/code-signature-secret.yaml -n eshop-dev
oc apply -f /tmp/code-signature-secret.yaml -n stackrox
echo
echo "========================================================================"
echo " Distributing the Stackrox CI/CD token to relevant namespaces"
echo "========================================================================"
echo
while ! oc get secret stackrox-cicd-token -n stackrox &>/dev/null; do
echo "Secret not yet created..."
sleep 5
done
oc get secret stackrox-cicd-token -n stackrox -o yaml | yq eval 'del(.status, .metadata.resourceVersion, .metadata.uid, .metadata.namespace, .metadata.creationTimestamp, .metadata.selfLink, .metadata.managedFields)' - > /tmp/cicd-token-secret.yaml
oc apply -f /tmp/cicd-token-secret.yaml -n eshop-dev
exit 0