204 lines
5.4 KiB
Bash
204 lines
5.4 KiB
Bash
#! /bin/bash
|
|
|
|
# DEFAULTS/GLOBALS
|
|
GPG_KEY=""
|
|
GPG_USER=""
|
|
SSH_KEY=""
|
|
SSH_PUB=""
|
|
GIT_USER=""
|
|
GIT_EMAIL=""
|
|
GIT_TOKEN=""
|
|
SIGNKEY=""
|
|
|
|
# check if we have options
|
|
while :; do
|
|
case $1 in
|
|
--gpg-key) # Takes an option argument; ensure it has been specified.
|
|
if [ "$2" ]; then
|
|
GPG_KEY=$2
|
|
shift
|
|
else
|
|
echo 'ERROR: "--gpg-key" requires a non-empty option argument.'
|
|
exit 1
|
|
fi
|
|
;;
|
|
--gpg-key=?*)
|
|
GPG_KEY=${1#*=} # Delete everything up to "=" and assign the remainder.
|
|
;;
|
|
--gpg-key=) # Handle the case of an empty --gpg-key=
|
|
echo 'ERROR: "--gpg-key" requires a non-empty option argument.'
|
|
exit 1
|
|
;;
|
|
--gpg-user) # Takes an option argument; ensure it has been specified.
|
|
if [ "$2" ]; then
|
|
GPG_USER=$2
|
|
shift
|
|
else
|
|
echo 'ERROR: "--gpg-user" requires a non-empty option argument.'
|
|
exit 1
|
|
fi
|
|
;;
|
|
--gpg-user=?*)
|
|
GPG_USER=${1#*=} # Delete everything up to "=" and assign the remainder.
|
|
;;
|
|
--gpg-user=) # Handle the case of an empty --gpg-user=
|
|
echo 'ERROR: "--gpg-user" requires a non-empty option argument.'
|
|
exit 1
|
|
;;
|
|
--ssh-key) # Takes an option argument; ensure it has been specified.
|
|
if [ "$2" ]; then
|
|
SSH_KEY=$2
|
|
shift
|
|
else
|
|
echo 'ERROR: "--ssh-key" requires a non-empty option argument.'
|
|
exit 1
|
|
fi
|
|
;;
|
|
--ssh-key=?*)
|
|
SSH_KEY=${1#*=} # Delete everything up to "=" and assign the remainder.
|
|
;;
|
|
--ssh-key=) # Handle the case of an empty --ssh-key=
|
|
echo 'ERROR: "--ssh-key" requires a non-empty option argument.'
|
|
exit 1
|
|
;;
|
|
--ssh-pub) # Takes an option argument; ensure it has been specified.
|
|
if [ "$2" ]; then
|
|
SSH_PUB=$2
|
|
shift
|
|
else
|
|
echo 'ERROR: "--ssh-pub" requires a non-empty option argument.'
|
|
exit 1
|
|
fi
|
|
;;
|
|
--ssh-pub=?*)
|
|
SSH_PUB=${1#*=} # Delete everything up to "=" and assign the remainder.
|
|
;;
|
|
--ssh-pub=) # Handle the case of an empty --ssh-pub=
|
|
echo 'ERROR: "--ssh-pub" requires a non-empty option argument.'
|
|
exit 1
|
|
;;
|
|
--git-user) # Takes an option argument; ensure it has been specified.
|
|
if [ "$2" ]; then
|
|
GIT_USER=$2
|
|
shift
|
|
else
|
|
echo 'ERROR: "--git-user" requires a non-empty option argument.'
|
|
exit 1
|
|
fi
|
|
;;
|
|
--git-user=?*)
|
|
GIT_USER=${1#*=} # Delete everything up to "=" and assign the remainder.
|
|
;;
|
|
--git-user=) # Handle the case of an empty --git-user=
|
|
echo 'ERROR: "--git-user" requires a non-empty option argument.'
|
|
exit 1
|
|
;;
|
|
--git-email) # Takes an option argument; ensure it has been specified.
|
|
if [ "$2" ]; then
|
|
GIT_EMAIL=$2
|
|
shift
|
|
else
|
|
echo 'ERROR: "--git-email" requires a non-empty option argument.'
|
|
exit 1
|
|
fi
|
|
;;
|
|
--git-email=?*)
|
|
GIT_EMAIL=${1#*=} # Delete everything up to "=" and assign the remainder.
|
|
;;
|
|
--git-email=) # Handle the case of an empty --git-email=
|
|
echo 'ERROR: "--git-email" requires a non-empty option argument.'
|
|
exit 1
|
|
;;
|
|
--git-token) # Takes an option argument; ensure it has been specified.
|
|
if [ "$2" ]; then
|
|
GIT_TOKEN=$2
|
|
shift
|
|
else
|
|
echo 'ERROR: "--git-token" requires a non-empty option argument.'
|
|
exit 1
|
|
fi
|
|
;;
|
|
--git-token=?*)
|
|
GIT_TOKEN=${1#*=} # Delete everything up to "=" and assign the remainder.
|
|
;;
|
|
--git-token=) # Handle the case of an empty --git-token=
|
|
echo 'ERROR: "--git-token" requires a non-empty option argument.'
|
|
exit 1
|
|
;;
|
|
*) # Default case: No more options, so break out of the loop.
|
|
break ;;
|
|
esac
|
|
shift
|
|
done
|
|
|
|
# We must sign all git push events
|
|
if [ -z "${GPG_KEY}" ]; then
|
|
echo >&2 "The GPG_KEY:${GPG_KEY} is not set. Aborting."
|
|
exit 1
|
|
else
|
|
# place the secret in the open to github... where it is anyway.
|
|
echo "${GPG_KEY}" >robot.asc
|
|
# add the key to the system
|
|
gpg --import robot.asc
|
|
# always remove this key again
|
|
rm -f robot.asc
|
|
fi
|
|
|
|
# To set the github signingkey we need to get the gpg key id with the key user name
|
|
if [ -z "${GPG_USER}" ]; then
|
|
echo >&2 "The GPG_USER:${GPG_USER} is not set. Aborting."
|
|
exit 1
|
|
else
|
|
# get the gpg signingkey ID
|
|
SIGNKEY=$(gpg --list-signatures --with-colons | grep 'sig' | grep "${GPG_USER}" | head -n 1 | cut -d':' -f5)
|
|
fi
|
|
|
|
# make the ssh dir
|
|
mkdir -p ~/.ssh
|
|
|
|
# we need to set the SSH key to push/pull to/from github
|
|
if [ -z "${SSH_KEY}" ]; then
|
|
echo >&2 "The SSH_KEY is not set. Aborting."
|
|
exit 1
|
|
fi
|
|
if [ -z "${SSH_PUB}" ]; then
|
|
echo >&2 "The SSH_PUB is not set. Aborting."
|
|
exit 1
|
|
fi
|
|
|
|
# create a github config folder
|
|
mkdir -p ~/.github
|
|
# set the github personal access token for use in github CLI
|
|
# this can be an empty value as we don't always need this
|
|
echo "${GIT_TOKEN}" >~/.github/personal.access.token
|
|
chmod 400 ~/.github/personal.access.token
|
|
|
|
# move the keys into place (check the type!)
|
|
echo "${SSH_KEY}" >~/.ssh/id_ed25519
|
|
echo "${SSH_PUB}" >~/.ssh/id_ed25519.pub
|
|
|
|
# set the protection of the key files
|
|
chmod 400 ~/.ssh/id_ed25519
|
|
chmod 400 ~/.ssh/id_ed25519.pub
|
|
|
|
# We need the git user name/email set to access github
|
|
if [ -z "${GIT_USER}" ]; then
|
|
echo >&2 "The GIT_USER is not set. Aborting."
|
|
exit 1
|
|
fi
|
|
if [ -z "${GIT_EMAIL}" ]; then
|
|
echo >&2 "The GIT_EMAIL is not set. Aborting."
|
|
exit 1
|
|
fi
|
|
|
|
# set the github user details
|
|
git config --global user.name "${GIT_USER}"
|
|
git config --global user.email "${GIT_EMAIL}"
|
|
git config --global user.signingkey "${SIGNKEY}"
|
|
git config --global commit.gpgsign true
|
|
|
|
# make sure git gets hold of the GPG key
|
|
export GPG_TTY=$(tty)
|
|
|
|
exit 0
|