DEVOPS-48 delete org secret

githubofkrishnadhas · githubofkrishnadhas · commit fb48fbfa1aa9 · 2024-03-21T00:38:26.000+05:30
diff --git a/.github/workflows/create_github_secrets_using_workflow.yaml b/.github/workflows/create_github_secrets_using_workflow.yaml
@@ -1,4 +1,4 @@
-name: create-organization-github-secrets-from-workflow
+name: create-or-update-organization-github-secrets-from-workflow
 on:
   workflow_dispatch:
     inputs:
@@ -17,7 +17,7 @@ on:
         required: true
 run-name: ${{ github.actor }} creating secrets in ${{ inputs.organization }}
 jobs:
-  create-organization-github-secrets-from-workflow:
+  create-or-update-organization-github-secrets-from-workflow:
     runs-on: ubuntu-latest
     steps:
       - name: git checkout
diff --git a/.github/workflows/delete_github_secrets_using_workflow.yaml b/.github/workflows/delete_github_secrets_using_workflow.yaml
@@ -0,0 +1,28 @@
+name: create-organization-github-secrets-from-workflow
+on:
+  workflow_dispatch:
+    inputs:
+      organization:
+        type: string
+        default: 'devwithkrishna'
+        description: 'The GitHub organization where the repository will be created.'
+        required: true
+      secret_name:
+        type: string
+        description: "Secret name to create/update on org level"
+        required: true
+
+run-name: ${{ github.actor }} deleting secret ${{ inputs.secret_name }} in ${{ inputs.organization }}
+jobs:
+  delete-organization-github-secrets-from-workflow:
+    runs-on: ubuntu-latest
+    steps:
+      - name: git checkout
+        uses: actions/checkout@v4
+      - name: delete github org secret
+        run: |
+          bash delete_github_org_secret.sh ${{ inputs.organization }} ${{ inputs.secret_name}}
+          echo "Secret deleted"
+      - name: Completed
+        run: |
+          echo "program completed successfully"
diff --git a/README.md b/README.md
@@ -1,2 +1,62 @@
-# automatically-create-github-secrets
-from azure keyvault pull secrets and using them update or create github secrets in a specified repo
+# automatically-create-delete-update-github-organization-secrets
+create , delete or update github organization secrets using github workflow
+
+# Pre requesites
+* This requires an authorization method which has organization-secret with write permission
+* Personal Access Token (PAT) is the recommended way to authenticate. In this demo PAT is USED.
+* You can generate a new one from Github settings
+* You need to encrypt a secret before you can create or update secrets.
+
+
+# How code works for create or update secret
+
+
+* First this will execute the `get_public_key.sh` shell script to get the Organization public key 
+    *  This public key is required and used for encryption of secret
+
+    `Reference`: [get-an-organization-public-key](https://docs.github.com/en/rest/actions/secrets?apiVersion=2022-11-28#get-an-organization-public-key)
+
+* Then it will execute the `get_public_key_id.sh`  script to get the organization key id. 
+    * This is required for creation or updation of secret
+
+* Then the `python program` `encrypt_using_libnacl` this uses the public key from step 1 and encrypts the secret 
+using the prefered method by GitHub.
+
+    `Reference`: [create-or-update-an-organization-secret](https://docs.github.com/en/rest/actions/secrets?apiVersion=2022-11-28#create-or-update-an-organization-secret)
+
+    - Reference used for encryption : [example-encrypting-a-secret-using-python](https://docs.github.com/en/rest/guides/encrypting-secrets-for-the-rest-api?apiVersion=2022-11-28#example-encrypting-a-secret-using-python )
+
+* Then `Python program` `create_or_update_github_org_secret` is used to take the public key id from step 2 and encrypted secret value from step 3 to create or update the secret.
+
+| status code | operation |
+|-------------|-----------|
+| 201  | Create Org secret|
+| 204  | Update an Org secret |
+
+
+- visibility of organization secret has been set to all organization repositories. selected means only the repositories specified by selected_repository_ids can access the secret.
+- Can be one of: `all`, `private`, `selected`
+
+
+## Inputs of workflow
+
+| input name | description|
+|------------|------------|
+| organization | name of github organization |
+| secret_name | organization Secret name |
+| secret_value | Secret value |
+
+
+# # How code works for deleting an organization secret
+
+* This runs the shell script `delete_github_org_secret.sh` which takes 2 inputs from github workflow 
+1. organization name
+2. secret name
+
+* Then deletes the secret
+
+| input | description| 
+|-------|--------------|
+| organization | GitHub Organization name |
+| secret_name | Secert to be deleted |
+ 
diff --git a/delete_github_org_secret.sh b/delete_github_org_secret.sh
@@ -0,0 +1,26 @@
+#! /bin/bash
+
+# The organization name. The name is not case sensitive.
+ORGANIZATION=$1
+SECRET_NAME=$2
+# Checking if the Organization name or secret name is non-empty
+if [ -z "$ORGANIZATION" ] || [ -z "$SECRET_NAME" ]; then
+  echo "Either Organization name or Secret name is empty"
+  echo "Usage: $0 <Organization name> <Secret name>"
+  exit 1
+fi
+# Making the API call and capturing the response
+response=$(curl -sL \
+  -X DELETE \
+  -H "Accept: application/vnd.github+json" \
+  -H "Authorization: Bearer $GH_TOKEN" \
+  -H "X-GitHub-Api-Version: 2022-11-28" \
+  https://api.github.com/orgs/$ORGANIZATION/actions/secrets/$SECRET_NAME)
+
+
+# Checking if the request was successful (status code 200)
+if [[ "$response" == *"Status: 204"* ]];; then
+echo "Secret $SECRET_NAME deleted successfully from organization $ORGANIZATION"
+else
+    echo "Failed to delete secret $SECRET_NAME from organization $ORGANIZATION"
+fi
