Enhancing Code Quality: Refactoring Credential Shell Scripts for Setup and Teardown

.gitattributes

@@ -0,0 +1 @@
+*.sh text eol=lf

.github/resource/azure-credential-setup-wls-aks.sh

@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+set -Eeuo pipefail
+
+echo "Execute azure-credential-setup.sh - Start------------------------------------------"
+
+## Create Azure Credentials
+SERVICE_PRINCIPAL_NAME_WLS_AKS="sp-${REPO_NAME}-wls-aks-$(date +%s)"
+echo "Creating Azure Service Principal with name: $SERVICE_PRINCIPAL_NAME_WLS_AKS"
+SUBSCRIPTION_ID=$(az account show --query id -o tsv| tr -d '\r\n')
+
+AZURE_CREDENTIALS=$(az ad sp create-for-rbac --name ${SERVICE_PRINCIPAL_NAME_WLS_AKS} --role="Contributor" --scopes="/subscriptions/${SUBSCRIPTION_ID}" --sdk-auth --only-show-errors)
+SP_ID=$( az ad sp list --display-name $SERVICE_PRINCIPAL_NAME --query \[0\].id -o tsv | tr -d '\r\n')
+az role assignment create --assignee ${SP_ID} --scope="/subscriptions/${SUBSCRIPTION_ID}" --role "User Access Administrator"
+
+## Set the Azure Credentials as a secret in the repository
+gh secret set "AZURE_CREDENTIALS" -b"${AZURE_CREDENTIALS}"
+gh variable set "SERVICE_PRINCIPAL_NAME_WLS_AKS" -b"${SERVICE_PRINCIPAL_NAME_WLS_AKS}"
+
+echo "Execute azure-credential-setup.sh - End--------------------------------------------"

.github/resource/azure-credential-setup-wls-vm.sh

@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+
+set -Eeuo pipefail
+
+echo "Execute azure-credential-setup.sh - Start------------------------------------------"
+
+## Create Azure Credentials
+SERVICE_PRINCIPAL_NAME_WLS_VM="sp-${REPO_NAME}-$(date +%s)"
+echo "Creating Azure Service Principal with name: $SERVICE_PRINCIPAL_NAME_WLS_VM"
+SUBSCRIPTION_ID=$(az account show --query id -o tsv| tr -d '\r\n')
+
+SERVICE_PRINCIPAL=$(az ad sp create-for-rbac --name ${SERVICE_PRINCIPAL_NAME_WLS_VM} --role="Contributor" --scopes="/subscriptions/${SUBSCRIPTION_ID}" --sdk-auth --only-show-errors | base64 ${w0})
+AZURE_CREDENTIALS=$(echo $SERVICE_PRINCIPAL | base64 -d)
+
+## Set the Azure Credentials as a secret in the repository
+gh secret set "AZURE_CREDENTIALS" -b"${AZURE_CREDENTIALS}"
+gh variable set "SERVICE_PRINCIPAL_NAME_WLS_VM" -b"${SERVICE_PRINCIPAL_NAME_WLS_VM}"
+
+echo "Execute azure-credential-setup.sh - End--------------------------------------------"

.github/resource/azure-credential-teardown-wls-aks.sh

@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+
+set -Eeuo pipefail
+
+echo "Execute azure-credential-teardown.sh - Start------------------------------------------"
+
+gh secret delete "AZURE_CREDENTIALS"
+SERVICE_PRINCIPAL_NAME_WLS_AKS=$(gh variable get "SERVICE_PRINCIPAL_NAME_WLS_AKS")
+az ad sp delete --id $(az ad sp list --display-name $SERVICE_PRINCIPAL_NAME_WLS_AKS --query "[].appId" -o tsv| tr -d '\r\n')
+
+echo "Execute azure-credential-teardown.sh - End--------------------------------------------"

.github/resource/azure-credential-teardown-wls-vm.sh

@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+
+set -Eeuo pipefail
+
+echo "Execute azure-credential-teardown.sh - Start------------------------------------------"
+
+gh secret delete "AZURE_CREDENTIALS"
+SERVICE_PRINCIPAL_NAME_WLS_VM=$(gh variable get "SERVICE_PRINCIPAL_NAME_WLS_VM")
+az ad sp delete --id $(az ad sp list --display-name $SERVICE_PRINCIPAL_NAME_WLS_VM --query "[].appId" -o tsv| tr -d '\r\n')
+
+echo "Execute azure-credential-teardown.sh - End--------------------------------------------"

.github/resource/credentials-params-setup.sh

@@ -0,0 +1,61 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+
+# ANSI color codes
+RED='\033[0;31m'
+NC='\033[0m' # No Color
+
+echo "setup-credentials.sh - Start"
+
+# Function to print error messages in red
+print_error() {
+    local message=$1
+    echo -e "${RED}Error: ${message}${NC}"
+}
+
+check_parameters() {
+    echo "Checking parameters..."
+    local has_empty_value=0
+
+    while IFS= read -r line; do
+        name=$(echo "$line" | yq -r '.name')
+        value=$(echo "$line" | yq -r '.value')
+
+        if [ -z "$value" ] || [ "$value" == "null" ]; then
+            print_error "The parameter '$name' has an empty/null value. Please provide a valid value."
+            has_empty_value=1
+            break
+        else
+            echo "Name: $name, Value: $value"
+        fi
+    done < <(yq eval -o=json '.[]' "$param_file" | jq -c '.')
+
+    echo "return $has_empty_value"
+    return $has_empty_value
+}
+
+# Function to set values from YAML
+set_values() {
+    echo "Setting values..."
+    yq eval -o=json '.[]' "$param_file" | jq -c '.' | while read -r line; do
+        name=$(echo "$line" | jq -r '.name')
+        value=$(echo "$line" | jq -r '.value')
+        gh secret set "$name" -b"${value}"
+    done
+}
+
+# Main script execution
+main() {
+    if check_parameters; then
+        echo "All parameters are valid."
+        set_values
+    else
+        echo "Parameter check failed. Exiting."
+        exit 1
+    fi
+
+    echo "setup-credentials.sh - Finish"
+}
+
+# Run the main function
+main

.github/resource/credentials-params-teardown.sh

@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+
+echo "teardown-credentials.sh - Start"
+
+# remove param the json
+yq eval -o=json '.[]' "$param_file" | jq -c '.' | while read -r line; do
+    name=$(echo "$line" | jq -r '.name')
+    value=$(echo "$line" | jq -r '.value')
+    gh secret remove "$name"
+done
+
+echo "teardown-credentials.sh - Finish"

.github/resource/credentials-params-wls-aks.yaml

@@ -0,0 +1,23 @@
+# This file contains the parameters for the credentials used in the workflows.
+- name: ORC_SSOUSER
+  value: ""
+  description: "Oracle single sign-on userid."
+- name: ORC_SSOPSW
+  value: ""
+  description: "Password for Oracle single sign-on userid."
+- name: WDT_RUNTIMEPSW
+  value: ""
+  description: "Password for WebLogic Server and Runtime Deployment Tooling encryption."
+- name: WLS_PSW
+  value: ${WDT_RUNTIMEPSW}
+  description: "Password for WebLogic Server and Runtime Deployment Tooling encryption."
+# parameters for the credentials used in the workflows with default values.
+- name: WLS_USERNAME
+  value: "weblogic"
+  description: "WebLogic Server user name."
+- name: DB_PASSWORD
+  value: "Secret123!"
+  description: "Password for the database"
+- name: LOCATION
+  value: "eastus"
+  description: "Location of the resource group"

.github/resource/credentials-params-wls-vm.yaml

@@ -0,0 +1,35 @@
+# This file contains the parameters for the credentials used in the workflows.
+- name: OTN_USERID
+  value: ""
+  description: Oracle single sign-on userid.
+- name: OTN_PASSWORD
+  value: ""
+  description: Password for Oracle single sign-on userid.
+- name: WLS_PSW
+  value: ""
+  description: Password for WebLogic Server.
+# Git credentials
+- name: USER_EMAIL
+  value: ""
+  description: User Email of GitHub acount to access GitHub repository.
+- name: USER_NAME
+  value: ""
+  description: User name of GitHub account
+- name: GIT_TOKEN
+  value: ""
+  description: GitHub token to access GitHub repository.
+# parameters for the credentials used in the workflows with default values.
+- name: LOCATION
+  value: "eastus"
+  description: Location of the resource group
+# Optional parameters:
+# if you want to use optional parameters, please uncomment the following lines
+#- name: ELK_URI
+#  value: ""
+#  description: URI (hostname:port) for Elastic server, leave blank if you don't want to integrate ELK.
+#- name: ELK_USER_NAME
+#  value: ""
+#  description: Account password for Elastic server, leave blank if you don't want to integrate ELK.
+#- name: ELK_PSW
+#  value: ""
+#  description: Account password for Elastic server, leave blank if you don't want to integrate ELK.

.github/resource/pre-check.sh

@@ -0,0 +1,65 @@
+# Check environment and tools required to run the script
+
+# ANSI color codes
+GREEN='\033[0;32m'
+NC='\033[0m' # No Color
+
+## Check if the required tools are installed and logged in
+echo -e "${GREEN}To run this script, you need to have the following tools installed:${NC}"
+echo -e "${GREEN}1. yq${NC}"
+echo -e "${GREEN}2. Github CLI (gh)${NC}"
+echo -e "${GREEN}3. Azure CLI (az)${NC}"
+echo -e "${GREEN}And you need to be logged in to GitHub CLI (gh), and Azure CLI (az).${NC}"
+
+echo "Checking if the required tools are installed..."
+echo "Checking progress started..."
+
+if ! command -v yq &> /dev/null; then
+    echo "Check required tools and environment failed."
+    echo "yq is not installed. Please install it to proceed."
+    exit 1
+fi
+echo "1/6...yq is installed."
+
+if ! command -v jq &> /dev/null; then
+    echo "Check required tools and environment failed."
+    echo "jq is not installed. Please install it to proceed."
+    exit 1
+fi
+echo "2/6...jq is installed."
+
+# Check gh installed
+if ! command -v gh &> /dev/null; then
+    echo "Check required tools and environment failed."
+    echo "GitHub CLI (gh) is not installed. Please install it to proceed."
+    exit 1
+fi
+echo "3/6...GitHub CLI (gh) is installed."
+
+
+# Check if the GitHub CLI (gh) is logged in
+if ! gh auth status &> /dev/null; then
+    echo "Check required tools and environment failed."
+    echo "You are not logged in to GitHub CLI (gh). Please log in with `gh auth login` to proceed."
+    exit 1
+fi
+echo "4/6...You are logged in to GitHub CLI (gh)."
+
+# check if az is installed
+if ! command -v az &> /dev/null; then
+    echo "Check required tools and environment failed."
+    echo "Azure CLI (az) is not installed. Please install it to proceed."
+    exit 1
+fi
+echo "5/6...Azure CLI (az) is installed."
+
+
+# check if az is logged in
+if ! az account show &> /dev/null; then
+    echo "Check required tools and environment failed."
+    echo "You are not logged in to Azure CLI (az). Please log in with command `az login` to proceed."
+    exit 1
+fi
+echo "6/6...You are logged in to Azure CLI (az)."
+
+echo "Checking progress completed..."

.github/workflows/setup-for-wls-aks.sh

@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+
+################################################
+# This script is invoked by a human who:
+# - has done az login.
+# - can create repository secrets in the github repo from which this file was cloned.
+# - has the gh client >= 2.0.0 installed.
+# - has yq 4.x installed.
+#
+# This script initializes the repo from which this file is was cloned
+# with the necessary secrets to run the workflows.
+# Steps to run the Script:
+# 1. Run az login.
+# 2. Run gh auth login.
+# 3. Clone the repository.
+# 4. Prepare the .github/resource/credentials-params-wls-aks.yaml file with the required parameters.
+# 5. Run the script with the following command:
+#    ```
+#    cd .github/workflows
+#    bash setup-for-wls-aks.sh
+#    ```
+# 6. The script will set the required secrets in the repository.
+# 7. Check the repository secrets to verify that the secrets are set.
+################################################
+
+set -Eeuo pipefail
+
+source ../resource/pre-check.sh
+## Set environment variables
+export param_file="../resource/credentials-params-wls-aks.yaml"
+source ../resource/credentials-params-setup.sh
+source ../resource/azure-credential-setup-wls-aks.sh

.github/workflows/setup-for-wls-vm.sh

@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+
+################################################
+# This script is invoked by a human who:
+# - has done az login.
+# - can create repository secrets in the github repo from which this file was cloned.
+# - has the gh client >= 2.0.0 installed.
+# - has yq 4.x installed.
+#
+# This script initializes the repo from which this file is was cloned
+# with the necessary secrets to run the workflows.
+# Steps to run the Script:
+# 1. Run az login.
+# 2. Run gh auth login.
+# 3. Clone the repository.
+# 4. Prepare the .github/resource/credentials-params-wls-vm.yaml file with the required parameters.
+# 5. Run the script with the following command:
+#    ```
+#    cd .github/workflows
+#    bash setup-for-wls-vm.sh
+#    ```
+# 6. The script will set the required secrets in the repository.
+# 7. Check the repository secrets to verify that the secrets are set.
+################################################
+
+set -Eeuo pipefail
+
+source ../resource/pre-check.sh
+## Set environment variables
+export param_file="../resource/credentials-params-wls-vm.yaml"
+source ../resource/credentials-params-setup.sh
+source ../resource/azure-credential-setup-wls-vm.sh