39 lines
1.7 KiB
YAML
39 lines
1.7 KiB
YAML
{{- if not (kindIs "string" .Values.githubConfigSecret) }}
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: {{ include "gha-runner-scale-set.githubsecret" . }}
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
{{- include "gha-runner-scale-set.labels" . | nindent 4 }}
|
|
finalizers:
|
|
- actions.github.com/secret-protection
|
|
data:
|
|
{{- $hasToken := false }}
|
|
{{- $hasAppId := false }}
|
|
{{- $hasInstallationId := false }}
|
|
{{- $hasPrivateKey := false }}
|
|
{{- range $secretName, $secretValue := (required "Values.githubConfigSecret is required for setting auth with GitHub server." .Values.githubConfigSecret) }}
|
|
{{- if $secretValue }}
|
|
{{ $secretName }}: {{ $secretValue | toString | b64enc }}
|
|
{{- if eq $secretName "github_token" }}
|
|
{{- $hasToken = true }}
|
|
{{- end }}
|
|
{{- if eq $secretName "github_app_id" }}
|
|
{{- $hasAppId = true }}
|
|
{{- end }}
|
|
{{- if eq $secretName "github_app_installation_id" }}
|
|
{{- $hasInstallationId = true }}
|
|
{{- end }}
|
|
{{- if eq $secretName "github_app_private_key" }}
|
|
{{- $hasPrivateKey = true }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if and (not $hasToken) (not ($hasAppId)) }}
|
|
{{- fail "A valid .Values.githubConfigSecret is required for setting auth with GitHub server, provide .Values.githubConfigSecret.github_token or .Values.githubConfigSecret.github_app_id." }}
|
|
{{- end }}
|
|
{{- if and $hasAppId (or (not $hasInstallationId) (not $hasPrivateKey)) }}
|
|
{{- fail "A valid .Values.githubConfigSecret is required for setting auth with GitHub server, provide .Values.githubConfigSecret.github_app_installation_id and .Values.githubConfigSecret.github_app_private_key." }}
|
|
{{- end }}
|
|
{{- end}} |