openapi-parser/load-secrets.sh at main · lancomsystems/openapi-parser · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
#!/usr/bin/env bash

if [[ "${BASH_SOURCE[0]}" == "$0" ]]; then
    echo "Error: This script must be sourced:" >&2
    echo "  source ./load-secrets.sh" >&2
    exit 1
fi

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
SECRETS_FILE="$SCRIPT_DIR/secrets.sops.yaml"

if [[ ! -f "$SECRETS_FILE" ]]; then
    echo "Error: $SECRETS_FILE not found" >&2
    return 1
fi

if ! command -v sops &>/dev/null; then
    echo "Error: sops is not installed" >&2
    return 1
fi

echo "Loading secrets from $SECRETS_FILE ..."
while IFS= read -r line; do
    if [[ "$line" =~ ^([A-Z_]+):[[:space:]]+(.+)$ ]]; then
        key="${BASH_REMATCH[1]}"
        value="${BASH_REMATCH[2]}"
        export "$key"="$value"
        echo "  $key=***"
    fi
done < <(sops decrypt "$SECRETS_FILE")

echo ""
echo "Test publish (without release):"
echo "  ./gradlew publishToSonatype"