Am I missing sth. here, I followed the instruction...
# esca
adamant-solstice-35288
12/04/2024, 5:19 PMAm I missing sth. here, I followed the instructions https://github.com/pulumi/esc-examples/tree/main/sync/github-secrets
to sync the secrets between esc and my github repo
it say that is can't find the properties which I added in the
syncEnv.yml Copy code
imports:
- case-traders/cms
values:
sync:
githubSecrets:
- name: CMS_GITHUB_TOKEN
value: ${CMS_GITHUB_TOKEN}
- name: CMS_REPO
value: ${CMS_REPO}
- name: CMS_REPO_OWNER
value: ${CMS_REPO_OWNER}
- name: CMS_USERNAME
value: ${CMS_USERNAME}
- name: CMS_PASSWORD
value: ${CMS_PASSWORD}pulumi up Copy code
Type Name Status Info
pulumi:pulumi:Stack esc-sync-github-secrets-dev **failed** 1 error
+ └─ pulumiservice:index:Environment env **creating failed** 1 error
Diagnostics:
pulumi:pulumi:Stack (esc-sync-github-secrets-dev):
error: update failed
pulumiservice:index:Environment (env):
error: failed to check environment due to error: [0]
Diags: unknown property "CMS_GITHUB_TOKEN"
unknown property "CMS_REPO"
unknown property "CMS_REPO_OWNER"
unknown property "CMS_USERNAME"
unknown property "CMS_PASSWORD"
[Pulumi Copilot] Would you like help with these diagnostics?
<https://app.pulumi.com/case-traders/esc-sync-github-secrets/dev/updates/2?explainFailure>
Resources:
2 unchanged
Duration: 3sr
red-match-15116
12/04/2024, 5:27 PMHey @adamant-solstice-35288 you'll have to edit the code a bit to fit your use case. Specifically, in the example code the env.yaml is defined as if there's only 1 secret to sync, i.e.
githubSecretsgithubSecretsa
adamant-solstice-35288
12/04/2024, 5:40 PMso I changed the code in the
target/index.tsimport * as pulumi from "@pulumi/pulumi"; Copy code
import * as github from "@pulumi/github";
import * as fs from "fs";
const config = new pulumi.Config();
const repository = config.require("repository");
const secretsFile = "sync.json";
const secretsConfig = JSON.parse(fs.readFileSync(secretsFile, "utf8"));
if (!Array.isArray(secretsConfig.githubSecrets)) {
throw new Error("Invalid secrets configuration. Expected a list of secrets under `githubSecrets`.");
}
const secrets = secretsConfig.githubSecrets.map((secret:Record<string, string>) => {
if (!secret.name || !secret.value) {
throw new Error(`Invalid secret entry: ${JSON.stringify(secret)}`);
}
return new github.ActionsSecret(`githubSecret-${secret.name}`, {
repository,
secretName: secret.name,
plaintextValue: secret.value,
});
});
export const secretNames = secrets.map((secret) => secret.secretName);r
red-match-15116
12/04/2024, 5:41 PMYou need to change the code in
index.tsgithubSecretsa
adamant-solstice-35288
12/04/2024, 5:42 PMafter inspecting the main
index.ts Copy code
operationContext: {
preRunCommands: [
"pulumi login",
pulumi
.interpolate`pulumi config env add ${projectName}/${env.name} -s ${fullyQualifiedStackName} --yes`,
pulumi
.interpolate`pulumi env open ${fullyQualifiedEnvName} sync.githubSecrets.value > sync.json`,
pulumi
.interpolate`pulumi config set -s ${fullyQualifiedStackName} secretName $(pulumi env open ${fullyQualifiedEnvName} sync.githubSecrets.name)`,
],
},adamant-solstice-35288
12/04/2024, 5:43 PMyes exactly
r
red-match-15116
12/04/2024, 5:43 PMYou could pass in the entire
githubSecretstarget/index.tsa
adamant-solstice-35288
12/04/2024, 5:43 PMI really don't understand what this line actually does, specifically after the word
open Copy code
pulumi
.interpolate`pulumi config set -s ${fullyQualifiedStackName} secretName $(pulumi env open ${fullyQualifiedEnvName} sync.githubSecrets.name)`,adamant-solstice-35288
12/04/2024, 5:44 PMyes but do I need to change this line `
Copy code
pulumi
.interpolate`pulumi config set -s ${fullyQualifiedStackName} secretName $(pulumi env open ${fullyQualifiedEnvName} sync.githubSecrets.name)`,r
red-match-15116
12/04/2024, 5:45 PMThat's just setting a configuration key
secretNamea
adamant-solstice-35288
12/04/2024, 5:47 PMok so passing the whole array by the following changes still gives the same error:
Copy code
pulumi
.interpolate`pulumi env open ${fullyQualifiedEnvName} sync.githubSecrets > sync.json`,adamant-solstice-35288
12/04/2024, 5:47 PM Copy code
error: update failed
pulumiservice:index:Environment (env):
error: failed to check environment due to error: [0]
Diags: unknown property "CMS_GITHUB_TOKEN"
unknown property "CMS_REPO"
unknown property "CMS_REPO_OWNER"
unknown property "CMS_USERNAME"
unknown property "CMS_PASSWORD"adamant-solstice-35288
12/04/2024, 5:48 PMI checked the diagnostics and it looks like this
adamant-solstice-35288
12/04/2024, 5:48 PM Copy code
name : "dev"
organization: "case-traders"
project : "case-traders"
yaml : (yaml) {
imports: [
[0]: "case-traders/cms"
]
values : {
sync: {
githubSecrets: [
[0]: {
name : "CMS_GITHUB_TOKEN"
value: "${CMS_GITHUB_TOKEN}"
}
[1]: {
name : "CMS_REPO"
value: "${CMS_REPO}"
}
[2]: {
name : "CMS_REPO_OWNER"
value: "${CMS_REPO_OWNER}"
}
[3]: {
name : "CMS_USERNAME"
value: "${CMS_USERNAME}"
}
[4]: {
name : "CMS_PASSWORD"
value: "${CMS_PASSWORD}"
}
]
}
}
}adamant-solstice-35288
12/04/2024, 5:49 PMIt says error: failed to check environment due to error: [0]
which is what githubSecrets first element looks like
r
red-match-15116
12/04/2024, 5:52 PMYeah, sorry, I'm a little pressed for time so I'm going to explain to you what the code does - but you're going to have to figure out how to change it on your own. It's not just a one line change.
Specifically, based on the example, this line:
Copy code
pulumi.interpolate`pulumi env open ${fullyQualifiedEnvName} sync.githubSecrets.value > sync.json`sync.json Copy code
pulumi.interpolate`pulumi config set -s ${fullyQualifiedStackName} secretName $(pulumi env open ${fullyQualifiedEnvName} sync.githubSecrets.name)`secretNamered-match-15116
12/04/2024, 5:52 PMGive me a second, I can try to come up with an alternative for you.
red-match-15116
12/04/2024, 5:53 PMChange
index.ts Copy code
preRunCommands: [
"pulumi login",
pulumi.interpolate`pulumi config env add ${projectName}/${env.name} -s ${fullyQualifiedStackName} --yes`,
pulumi.interpolate`pulumi env open ${fullyQualifiedEnvName} sync.githubSecrets > sync.json`,
],a
adamant-solstice-35288
12/04/2024, 5:54 PMI did what u did already but it still gives the same error
r
red-match-15116
12/04/2024, 5:54 PMone second, I'm still working on the changes to target/index.ts
a
adamant-solstice-35288
12/04/2024, 5:55 PMu mean the logic is flawed?
r
red-match-15116
12/04/2024, 5:58 PMYou are doing a different thing than what is defined in the example, and so you need to change your code. Sorry, I'm trying to help but this is a bit of a frustrating conversation because it seems like you just want someone else to do all the work and not understand the code yourself.
a
adamant-solstice-35288
12/04/2024, 5:59 PMI am really sorry for that, but I am trying really to wrap my head around it, but thanks anyway
r
red-match-15116
12/04/2024, 6:00 PMYou can edit
target/index.ts Copy code
import * as pulumi from "@pulumi/pulumi";
import * as github from "@pulumi/github";
import * as fs from "fs";
const config = new pulumi.Config();
const repository = config.require("repository");
const json = fs.readFileSync("sync.json", "utf8");
const secrets = JSON.parse(json);
for (const {name, value} of secrets) {
const secret = new github.ActionsSecret(`githubSecret-${name}`, {
repository,
secretName: name,
plaintextValue: value,
});
}red-match-15116
12/04/2024, 6:03 PMYou might still run into some errors, I haven't had the chance to test this code fully so this is my best attempt given the time I have. I'd encourage you to use github copilot or chatgpt to explain the code and make any other adjustments you might need. There may also be other folks here that may be able to help you out. Good luck!
a
adamant-solstice-35288
12/04/2024, 6:16 PMThank u alot, this has really helped, ironically the actual error was because of adding $ sign to the vars:
Copy code
sync:
githubSecrets:
- name: CMS_GITHUB_TOKEN
value: {CMS_GITHUB_TOKEN}
- name: CMS_REPO
value: {CMS_REPO}3 Views