chore: add secret-transfer and environment_activate scripts (#30)

.scripts/README.md

@@ -0,0 +1,15 @@
+# Scripts
+
+Support scripts collection
+
+## Development
+
+### Global dependencies
+
+- [poetry](https://github.com/ovsds-personal/wiki/blob/master/src/global_dependencies/poetry/README.md)
+- [github-cli](https://github.com/ovsds-personal/wiki/blob/master/src/global_dependencies/github-cli/README.md)
+- [yacloud-cli](https://github.com/ovsds-personal/wiki/blob/master/src/global_dependencies/yacloud-cli/README.md)
+
+### Taskfile commands
+
+For all commands see [Taskfile](Taskfile.yaml) or `task --list-all`.

.scripts/Taskfile.yaml

@@ -0,0 +1,39 @@
+version: 3
+
+vars:
+  PENV: .venv
+
+silent: true
+
+tasks:
+  init:
+    desc: Initialize environment
+    cmds:
+      - echo 'Installing python dependencies...'
+      - poetry install --no-root
+
+  lint:
+    desc: Lint
+    cmds:
+      - echo 'Running poetry checks...'
+      - poetry check --lock
+
+  lint-fix:
+    desc: Lint fix
+    cmds:
+      - echo 'Running poetry autofixes...'
+      - poetry lock --no-update
+      - poetry check
+
+  clean:
+    desc: Clean environment
+    cmds:
+      - echo 'Cleaning python dependencies...'
+      - rm -rf {{.PENV}}
+
+  dependencies-update:
+    desc: Update dependencies
+    cmds:
+      - echo 'Updating python dependencies...'
+      - poetry update
+      - poetry show --outdated

.scripts/bash/environment_activate

@@ -0,0 +1,110 @@
+#!/usr/bin/env bash
+
+_EA_ENVIRONMENT_NAME=github-watcher
+
+case $(basename "$SHELL") in
+  "zsh")
+    _EA_SCRIPTS_FOLDER="${0:A:h}/.."
+    # shellcheck disable=SC2154,SC1087
+    _EA_COLOR_GREEN="%{$fg[green]%}"
+    # shellcheck disable=SC2154
+    _EA_COLOR_NC="%{$reset_color%}"
+  ;;
+  *)
+    _EA_SCRIPTS_FOLDER="$(dirname "${BASH_SOURCE[0]}")/.."
+    _EA_COLOR_GREEN="\[\e[32m\]"
+    _EA_COLOR_NC="\[\e[0m\]"
+  ;;
+esac
+
+_EA_SECRETS_TRANSFER="$_EA_SCRIPTS_FOLDER/.venv/bin/secret-transfer"
+_EA_SECRETS_SETTINGS="$_EA_SCRIPTS_FOLDER/secrets/local.yaml"
+
+_ea_unset_script_variables() {
+  unset _EA_ENVIRONMENT_NAME
+  unset _EA_SCRIPTS_FOLDER
+  unset _EA_COLOR_GREEN
+  unset _EA_COLOR_NC
+  unset _EA_SECRETS_TRANSFER
+  unset _EA_SECRETS_SETTINGS
+}
+
+_ea_export_local_variables() {
+  echo "Setting up local env variables..."
+  # shellcheck disable=SC2091
+  $($_EA_SECRETS_TRANSFER run -f "$_EA_SECRETS_SETTINGS")
+
+  GITHUB_TOKEN=$(gh auth token)
+  export GITHUB_TOKEN
+}
+
+_ea_unset_set_local_variables() {
+  echo "Cleaning up local envs..."
+  # shellcheck disable=SC2091
+  $($_EA_SECRETS_TRANSFER clean -f "$_EA_SECRETS_SETTINGS")
+  unset GH_TOKEN
+}
+
+_ea_set_console_prefix() {
+  echo "Setting up console color and prefix..."
+  _EA_PREVIOUS_PS1="${PS1}"
+  PS1="${_EA_COLOR_GREEN}(${_EA_ENVIRONMENT_NAME})${_EA_COLOR_NC}${PS1}"
+}
+
+_ea_unset_console_prefix() {
+  echo "Cleaning up console color and prefix..."
+  PS1="${_EA_PREVIOUS_PS1}"
+  unset _EA_PREVIOUS_PS1
+}
+
+_ea_set_active_environment() {
+  export _EA_ACTIVE_ENVIRONMENT=$_EA_ENVIRONMENT_NAME
+  echo ""
+  echo "Environment $_EA_ENVIRONMENT_NAME is activated."
+  echo "To deactivate: run 'environment_deactivate'."
+}
+
+_ea_unset_active_environment() {
+  echo ""
+  echo "Environment $_EA_ENVIRONMENT_NAME is deactivated."
+  unset _EA_ACTIVE_ENVIRONMENT
+}
+
+_environment_activate() {
+  if [ -n "$_EA_ACTIVE_ENVIRONMENT" ]; then
+      echo "Active env is already set to $_EA_ACTIVE_ENVIRONMENT"
+      echo "To deactivate, run 'environment_deactivate'"
+      return
+  fi
+
+  _ea_export_local_variables
+  _ea_set_console_prefix
+
+  _ea_set_active_environment
+
+  unset -f _ea_export_local_variables
+  unset -f _ea_set_console_prefix
+  unset -f _ea_set_active_environment
+  unset -f _environment_activate
+}
+
+environment_deactivate() {
+  if [ -z "$_EA_ACTIVE_ENVIRONMENT" ]; then
+      echo "No active environment to deactivate."
+      return
+  fi
+
+  _ea_unset_console_prefix
+  _ea_unset_set_local_variables
+  _ea_unset_script_variables
+
+  _ea_unset_active_environment
+
+  unset -f _ea_unset_console_prefix
+  unset -f _ea_unset_set_local_variables
+  unset -f _ea_unset_script_variables
+  unset -f _ea_unset_active_environment
+  unset -f environment_deactivate
+}
+
+_environment_activate

.scripts/poetry.toml

@@ -0,0 +1,3 @@
+[virtualenvs]
+create = true
+in-project = true

.scripts/pyproject.toml

@@ -0,0 +1,17 @@
+[build-system]
+build-backend = "poetry.core.masonry.api"
+requires = ["poetry-core>=1.0.0"]
+
+[tool.poetry]
+authors = ["ovsds <[email protected]>"]
+description = "Scripts"
+name = "scripts"
+version = "0.1.0"
+
+[tool.poetry.dependencies]
+python = "~3.12"
+secret-transfer = "^0.4.0"
+
+[[tool.poetry.source]]
+name = "PyPI"
+priority = "primary"

.scripts/secrets/.gitignore

@@ -0,0 +1 @@
+local.env

.scripts/secrets/local.env.sample

@@ -0,0 +1,3 @@
+VAULT_ADDRESS=
+VAULT_MOUNT=local-secrets
+VAULT_SECRET_NAME=

.scripts/secrets/local.yaml

@@ -0,0 +1,23 @@
+sources:
+  local_dotenv:
+    class_name: DotEnvSource
+    init_args:
+      file_path: local.env
+  vault_secrets:
+    class_name: VaultCLIKVSource
+    init_args:
+      address: $sources[local_dotenv][VAULT_ADDRESS]
+      mount: $sources[local_dotenv][VAULT_MOUNT]
+      secret_name: $sources[local_dotenv][VAULT_SECRET_NAME]
+collections:
+  local:
+    init_args:
+      TELEGRAM_TOKEN:
+        source: $sources[vault_secrets]
+      TELEGRAM_CHAT_ID:
+        source: $sources[vault_secrets]
+transfers:
+  local:
+    init_args:
+      collection: $collections[local]
+      destination: $destinations[bash_export]

Taskfile.yaml

@@ -3,6 +3,10 @@ version: 3
 silent: true
 
 includes:
+  scripts:
+    taskfile: ./.scripts
+    dir: ./.scripts
+
   backend:
     taskfile: ./backend
     dir: ./backend
@@ -40,6 +44,9 @@ tasks:
       - echo 'Installing poetry version...'
       - poetry self update {{.POETRY_TARGET_VERSION}}
 
+      - echo 'Installing .scripts dependencies...'
+      - task: scripts:init
+
       - for: { var: SERVICES, as: SERVICE }
         task: "{{.SERVICE}}:init"
     vars:
@@ -53,6 +60,9 @@ tasks:
       - task: _prettier
         vars: { COMMAND: "--check ." }
 
+      - echo 'Linting .scripts'
+      - task: scripts:lint
+
       - for: { var: SERVICES, as: SERVICE }
         task: "{{.SERVICE}}:lint"
 
@@ -63,6 +73,9 @@ tasks:
       - task: _prettier
         vars: { COMMAND: "--write ." }
 
+      - echo 'Fixing .scripts'
+      - task: scripts:lint-fix
+
       - for: { var: SERVICES, as: SERVICE }
         task: "{{.SERVICE}}:lint-fix"
 
@@ -78,6 +91,9 @@ tasks:
       - echo 'Cleaning node dependencies...'
       - rm -rf {{.NENV}}
 
+      - echo 'Cleaning .scripts dependencies...'
+      - task: scripts:clean
+
       - for: { var: SERVICES, as: SERVICE }
         task: "{{.SERVICE}}:clean"
 
@@ -92,6 +108,9 @@ tasks:
       - task: _with_nvm
         vars: { COMMAND: "npm audit" }
 
+      - echo 'Updating .scripts dependencies...'
+      - task: scripts:dependencies-update
+
       - for: { var: SERVICES, as: SERVICE }
         task: "{{.SERVICE}}:dependencies-update"
 

backend/Taskfile.yaml

@@ -12,6 +12,9 @@ vars:
 
   IMAGE_NAME: github-watcher
 
+env:
+  GITHUB_WATCHER_SETTINGS_YAML: example/settings.yaml
+
 tasks:
   _python:
     internal: true