feat(repo): Add tf code for adding PATs to secrets

Author: spbsoluble

.github/workflows/sync-nuget.yml

@@ -54,5 +54,5 @@ jobs:
       - name: Run NuGet sync script
         run: python scripts/sync_nuget.py
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GH_NUGET_TOKEN }}
           # Add any other environment variables needed by your script

scripts/sync_nuget.py

@@ -7,7 +7,7 @@ class NuGetSyncer:
     def __init__(self):
         self.NUGET_FEED_URL = "https://pkgs.dev.azure.com/Keyfactor/_packaging/KeyfactorPackages/nuget/v3/index.json"
         self.GITHUB_NUGET_URL = "https://nuget.pkg.github.com/keyfactor/index.json"
-        self.GITHUB_TOKEN = os.getenv("GITHUB_TOKEN")
+        self.GITHUB_TOKEN = os.getenv("GH_NUGET_TOKEN", os.getenv("GITHUB_TOKEN"))
         self.TMP_DIR = "../nupkgs"
         self.PACKAGES_YML = "../packages.yml"
         self.allowed_packages = self.load_allowed_packages()

terraform/repo-config/main.tf

@@ -0,0 +1,20 @@
+// Repository reference
+data "github_repository" "nuget_repo" {
+  full_name = "Keyfactor/public-nuget-packages"
+}
+
+// Create the Azure DevOps PAT secret for NuGet package downloads
+resource "github_actions_secret" "az_devops_pat" {
+  repository      = data.github_repository.nuget_repo.name
+  secret_name     = "AZ_DEVOPS_PAT"
+  plaintext_value = var.az_devops_pat
+}
+
+// Create the GitHub PAT secret for GitHub Package uploads
+// Note: This is separate from the built-in GITHUB_TOKEN
+resource "github_actions_secret" "github_pat" {
+  repository      = data.github_repository.nuget_repo.name
+  secret_name     = "GH_NUGET_TOKEN"
+  plaintext_value = var.repo_github_pat
+}
+

terraform/repo-config/outputs.tf

@@ -0,0 +1,11 @@
+// Outputs
+output "repository_name" {
+  value = data.github_repository.nuget_repo.name
+}
+
+output "secrets_configured" {
+  value = [
+    github_actions_secret.az_devops_pat.secret_name,
+    github_actions_secret.github_pat.secret_name
+  ]
+}

terraform/repo-config/providers.tf

@@ -0,0 +1,14 @@
+// GitHub provider configuration
+terraform {
+  required_providers {
+    github = {
+      source  = "integrations/github"
+      version = "~> 5.0"
+    }
+  }
+}
+
+// Configure the GitHub Provider
+provider "github" {
+  owner = "Keyfactor"
+}

terraform/repo-config/variables.tf

@@ -0,0 +1,18 @@
+// Variables
+# variable "github_token" {
+#   description = "GitHub personal access token with repo permissions"
+#   type        = string
+#   sensitive   = true
+# }
+
+variable "az_devops_pat" {
+  description = "Azure DevOps personal access token with package read permissions"
+  type        = string
+  sensitive   = true
+}
+
+variable "repo_github_pat" {
+  description = "GitHub personal access token with package write permissions"
+  type        = string
+  sensitive   = true
+}