feat: Migrate script to Github App (#808)

* feat: Migrate script to Github App * fix: Proper handle of variables * feat: Add missing provider
mattermost · Jan 27, 2025 · 8f797c6 · 8f797c6
1 parent c346d1f
commit 8f797c6
Show file tree

Hide file tree

Showing 6 changed files with 36 additions and 2 deletions.
diff --git a/aws/eks-customer/github.tf b/aws/eks-customer/github.tf
@@ -0,0 +1,5 @@
+data "github_app_token" "this" {
+  app_id          = var.github_app_id
+  installation_id = var.github_app_installation_id
+  pem_file        = file(var.github_app_pem_key_path)
+}
diff --git a/aws/eks-customer/providers.tf b/aws/eks-customer/providers.tf
@@ -21,5 +21,9 @@ terraform {
       source  = "hashicorp/random"
       version = ">= 3.6.2"
     }
+    github = {
+      source  = "integrations/github"
+      version = "~> 6.0"
+    }
   }
 }
diff --git a/aws/eks-customer/remove-utility.tf b/aws/eks-customer/remove-utility.tf
@@ -4,6 +4,7 @@ resource "null_resource" "remove-utilities" {
     gitops_repo_path     = var.gitops_repo_path
     gitops_repo_url      = var.gitops_repo_url
     gitops_repo_username = var.gitops_repo_username
+    gitops_repo_email    = var.gitops_repo_email
     environment          = var.environment
     cluster_name         = module.eks.cluster_name
   }
@@ -16,6 +17,8 @@ resource "null_resource" "remove-utilities" {
       GIT_REPO_PATH     = self.triggers.gitops_repo_path
       GIT_REPO_URL      = self.triggers.gitops_repo_url
       GIT_REPO_USERNAME = self.triggers.gitops_repo_username
+      GIT_REPO_EMAIL    = self.triggers.gitops_repo_email
+      GITHUB_TOKEN      = data.github_app_token.this.token
       CLUSTER_NAME      = self.triggers.cluster_name
       ENV               = self.triggers.environment
     }

diff --git a/aws/eks-customer/scripts/utils.sh b/aws/eks-customer/scripts/utils.sh
@@ -33,12 +33,12 @@ function clone_repo() {
         exit 1
     fi
     while_repo_exists
-    git clone "https://${GIT_REPO_USERNAME}:${GITLAB_OAUTH_TOKEN}@${GIT_REPO_URL}/${GIT_REPO_PATH}" $gitops_sre_dir
+    git clone "https://${GIT_REPO_USERNAME}:${GITHUB_TOKEN}@${GIT_REPO_URL}/${GIT_REPO_PATH}" $gitops_sre_dir
 
     current_dir=$(pwd)
     cd $gitops_sre_dir || exit
     git config user.name "${GIT_REPO_USERNAME}"
-    git config user.email "${GIT_REPO_USERNAME}@mattermost.com"
+    git config user.email "${GIT_REPO_EMAIL}"
     cd $current_dir || exit
 }
 

diff --git a/aws/eks-customer/utility.tf b/aws/eks-customer/utility.tf
@@ -7,6 +7,8 @@ resource "null_resource" "deploy-utilites" {
       GIT_REPO_PATH           = var.gitops_repo_path
       GIT_REPO_URL            = var.gitops_repo_url
       GIT_REPO_USERNAME       = var.gitops_repo_username
+      GIT_REPO_EMAIL          = var.gitops_repo_email
+      GITHUB_TOKEN            = data.github_app_token.this.token
       CLUSTER_NAME            = module.eks.cluster_name
       ENV                     = var.environment
       CERTIFICATE_ARN         = var.lb_certificate_arn

diff --git a/aws/eks-customer/variables.tf b/aws/eks-customer/variables.tf
@@ -106,6 +106,21 @@ variable "utilities" {
   }))
 }
 
+variable "github_app_pem_key_path" {
+  description = "The path of the Github App PEM"
+  type        = string
+}
+
+variable "github_app_id" {
+  description = "The app id for the Github App"
+  type        = string
+}
+
+variable "github_app_installation_id" {
+  description = "The installation id for the Github App"
+  type        = string
+}
+
 variable "gitops_repo_url" {
   description = "The git repo url"
   type        = string
@@ -121,6 +136,11 @@ variable "gitops_repo_username" {
   type        = string
 }
 
+variable "gitops_repo_email" {
+  description = "The git repo email for executing git commands"
+  type        = string
+}
+
 variable "lb_certificate_arn" {
   description = "The certificate arn"
   type        = string