Skip to content

Commit e59058e

Browse files
cschleidencschleiden
authored
Merge pull request #183 from github/cschleiden/add-launch-secrets
Add Actions launch secrets to backup
2 parents c5f9e41 + 9e0e032 commit e59058e

File tree

4 files changed

+93
-2
lines changed

4 files changed

+93
-2
lines changed

share/github-backup-utils/ghe-backup-settings

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,20 @@ if ghe-ssh "$host" -- ghe-config --true app.actions.enabled; then
6464
backup-secret "Actions secondary encryption cert thumbprint" "actions-secondary-encryption-cert-thumbprint" "secrets.actions.SecondaryEncryptionCertificateThumbprint"
6565
backup-secret "Actions service principal cert" "actions-service-principal-cert" "secrets.actions.ServicePrincipalCertificate"
6666
backup-secret "Actions SPS validation cert thumbprint" "actions-sps-validation-cert-thumbprint" "secrets.actions.SpsValidationCertThumbprint"
67+
68+
backup-secret "Actions Launch secrets encryption/decryption" "actions-launch-secrets-private-key" "secrets.launch.actions-secrets-private-key"
69+
backup-secret "Actions Launch credz HMAC key" "actions-launch-credz-hmac" "secrets.launch.credz-hmac-secret"
70+
backup-secret "Actions Launch deployer HMAC key" "actions-launch-deployer-hmac" "secrets.launch.deployer-hmac-secret"
71+
backup-secret "Actions Launch Client id" "actions-launch-client-id" "secrets.launch.client-id"
72+
backup-secret "Actions Launch Client secret" "actions-launch-client-secret" "secrets.launch.client-secret"
73+
backup-secret "Actions Launch receiver webhook secret" "actions-launch-receiver-webhook-secret" "secrets.launch.receiver-webhook-secret"
74+
backup-secret "Actions Launch app private key" "actions-launch-app-private-key" "secrets.launch.app-private-key"
75+
backup-secret "Actions Launch app public key" "actions-launch-app-public-key" "secrets.launch.app-public-key"
76+
backup-secret "Actions Launch app id" "actions-launch-app-id" "secrets.launch.app-id"
77+
backup-secret "Actions Launch app relay id" "actions-launch-app-relay-id" "secrets.launch.app-relay-id"
78+
backup-secret "Actions Launch action runner secret" "actions-launch-action-runner-secret" "secrets.launch.action-runner-secret"
79+
backup-secret "Actions Launch service cert" "actions-launch-azp-app-cert" "secrets.launch.azp-app-cert"
80+
backup-secret "Actions Launch service private key" "actions-launch-app-app-private-key" "secrets.launch.azp-app-private-key"
6781
fi
6882

6983
if ghe-ssh "$host" -- "test -f $GHE_REMOTE_DATA_USER_DIR/common/idp.crt"; then

share/github-backup-utils/ghe-restore-actions

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -69,6 +69,23 @@ restore-secret "Actions secondary encryption cert thumbprint" "actions-secondary
6969
restore-secret "Actions service principal cert" "actions-service-principal-cert" "secrets.actions.ServicePrincipalCertificate"
7070
restore-secret "Actions SPS validation cert thumbprint" "actions-sps-validation-cert-thumbprint" "secrets.actions.SpsValidationCertThumbprint"
7171

72+
restore-secret "Actions Launch secrets encryption/decryption" "actions-launch-secrets-private-key" "secrets.launch.actions-secrets-private-key"
73+
restore-secret "Actions Launch credz HMAC key" "actions-launch-credz-hmac" "secrets.launch.credz-hmac-secret"
74+
restore-secret "Actions Launch deployer HMAC key" "actions-launch-deployer-hmac" "secrets.launch.deployer-hmac-secret"
75+
restore-secret "Actions Launch Client id" "actions-launch-client-id" "secrets.launch.client-id"
76+
restore-secret "Actions Launch Client secret" "actions-launch-client-secret" "secrets.launch.client-secret"
77+
restore-secret "Actions Launch receiver webhook secret" "actions-launch-receiver-webhook-secret" "secrets.launch.receiver-webhook-secret"
78+
restore-secret "Actions Launch app private key" "actions-launch-app-private-key" "secrets.launch.app-private-key"
79+
restore-secret "Actions Launch app public key" "actions-launch-app-public-key" "secrets.launch.app-public-key"
80+
restore-secret "Actions Launch app id" "actions-launch-app-id" "secrets.launch.app-id"
81+
restore-secret "Actions Launch app relay id" "actions-launch-app-relay-id" "secrets.launch.app-relay-id"
82+
restore-secret "Actions Launch action runner secret" "actions-launch-action-runner-secret" "secrets.launch.action-runner-secret"
83+
restore-secret "Actions Launch service cert" "actions-launch-azp-app-cert" "secrets.launch.azp-app-cert"
84+
restore-secret "Actions Launch service private key" "actions-launch-app-app-private-key" "secrets.launch.azp-app-private-key"
85+
86+
restore-secret "Actions Launch token oauth key" "actions-oauth-s2s-signing-key" "secrets.launch.token-oauth-key"
87+
restore-secret "Actions Launch token oauth cert" "actions-oauth-s2s-signing-cert" "secrets.launch.token-oauth-cert"
88+
7289
# Setup the database logins.
7390
ghe_verbose "* Restoring database logins and users to $host ..."
7491

test/test-ghe-backup.sh

Lines changed: 32 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -420,7 +420,7 @@ begin_test "ghe-backup warns if database names mismatched"
420420
add_mssql_backup_file "full_mssql_5" 3 "log"
421421

422422
output=$(ghe-backup -v || true)
423-
! echo "$output" | grep -E "Taking .* backup"
423+
! echo "$output" | grep -E "Taking .* backup"
424424
echo "$output" | grep "Warning: Found following 2 backup files"
425425
)
426426
end_test
@@ -451,6 +451,22 @@ begin_test "ghe-backup takes backup of Actions settings"
451451
"secrets.actions.SecondaryEncryptionCertificateThumbprint"
452452
"secrets.actions.ServicePrincipalCertificate"
453453
"secrets.actions.SpsValidationCertThumbprint"
454+
455+
"secrets.launch.actions-secrets-private-key"
456+
"secrets.launch.credz-hmac-secret"
457+
"secrets.launch.deployer-hmac-secret"
458+
"secrets.launch.client-id"
459+
"secrets.launch.client-secret"
460+
"secrets.launch.receiver-webhook-secret"
461+
"secrets.launch.app-private-key"
462+
"secrets.launch.app-public-key"
463+
"secrets.launch.app-id"
464+
"secrets.launch.app-relay-id"
465+
"secrets.launch.action-runner-secret"
466+
"secrets.launch.token-oauth-key"
467+
"secrets.launch.token-oauth-cert"
468+
"secrets.launch.azp-app-cert"
469+
"secrets.launch.azp-app-private-key"
454470
)
455471

456472
for secret in "${required_secrets[@]}"; do
@@ -476,6 +492,20 @@ begin_test "ghe-backup takes backup of Actions settings"
476492
"actions-secondary-encryption-cert-thumbprint"
477493
"actions-service-principal-cert"
478494
"actions-sps-validation-cert-thumbprint"
495+
496+
"actions-launch-secrets-private-key"
497+
"actions-launch-credz-hmac"
498+
"actions-launch-deployer-hmac"
499+
"actions-launch-client-id"
500+
"actions-launch-client-secret"
501+
"actions-launch-receiver-webhook-secret"
502+
"actions-launch-app-private-key"
503+
"actions-launch-app-public-key"
504+
"actions-launch-app-id"
505+
"actions-launch-app-relay-id"
506+
"actions-launch-action-runner-secret"
507+
"actions-launch-azp-app-cert"
508+
"actions-launch-app-app-private-key"
479509
)
480510

481511
for file in "${required_files[@]}"; do
@@ -491,7 +521,7 @@ begin_test "ghe-backup takes backup of Actions files"
491521

492522
output=$(ghe-backup -v)
493523
echo $output | grep "Transferring Actions files from"
494-
524+
495525
diff -ru "$GHE_REMOTE_DATA_USER_DIR/actions" "$GHE_DATA_DIR/current/actions"
496526
)
497527
end_test

test/test-ghe-restore.sh

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -333,6 +333,20 @@ begin_test "ghe-restore with Actions settings"
333333
"actions-secondary-encryption-cert-thumbprint"
334334
"actions-service-principal-cert"
335335
"actions-sps-validation-cert-thumbprint"
336+
337+
"actions-launch-secrets-private-key"
338+
"actions-launch-credz-hmac"
339+
"actions-launch-deployer-hmac"
340+
"actions-launch-client-id"
341+
"actions-launch-client-secret"
342+
"actions-launch-receiver-webhook-secret"
343+
"actions-launch-app-private-key"
344+
"actions-launch-app-public-key"
345+
"actions-launch-app-id"
346+
"actions-launch-app-relay-id"
347+
"actions-launch-action-runner-secret"
348+
"actions-launch-azp-app-cert"
349+
"actions-launch-app-app-private-key"
336350
)
337351

338352
for file in "${required_files[@]}"; do
@@ -358,6 +372,22 @@ begin_test "ghe-restore with Actions settings"
358372
"secrets.actions.SecondaryEncryptionCertificateThumbprint"
359373
"secrets.actions.ServicePrincipalCertificate"
360374
"secrets.actions.SpsValidationCertThumbprint"
375+
376+
"secrets.launch.actions-secrets-private-key"
377+
"secrets.launch.credz-hmac-secret"
378+
"secrets.launch.deployer-hmac-secret"
379+
"secrets.launch.client-id"
380+
"secrets.launch.client-secret"
381+
"secrets.launch.receiver-webhook-secret"
382+
"secrets.launch.app-private-key"
383+
"secrets.launch.app-public-key"
384+
"secrets.launch.app-id"
385+
"secrets.launch.app-relay-id"
386+
"secrets.launch.action-runner-secret"
387+
"secrets.launch.token-oauth-key"
388+
"secrets.launch.token-oauth-cert"
389+
"secrets.launch.azp-app-cert"
390+
"secrets.launch.azp-app-private-key"
361391
)
362392

363393
for secret in "${required_secrets[@]}"; do

0 commit comments

Comments
 (0)