michaelschiemer/scripts/deployment/setup-secrets-interactive.sh

#!/bin/bash
# Interaktives Script zum Setzen der Gitea Secrets via API
# Fragt nach Token falls nicht vorhanden

set -euo pipefail

# Repository Info aus git remote
REPO_FULL=$(git remote get-url origin 2>/dev/null | sed -E 's/.*[:/]([^/]+)\/([^/]+)\.git$/\1\/\2/' || echo "michael/michaelschiemer")
REPO_OWNER=$(echo "$REPO_FULL" | cut -d'/' -f1)
REPO_NAME=$(echo "$REPO_FULL" | cut -d'/' -f2)

GITEA_URL="${GITEA_URL:-https://git.michaelschiemer.de}"
GITEA_TOKEN="${GITEA_TOKEN:-}"

# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'

echo -e "${BLUE}════════════════════════════════════════════════════════════${NC}"
echo -e "${BLUE}Gitea Repository Secrets Setup via API${NC}"
echo -e "${BLUE}════════════════════════════════════════════════════════════${NC}"
echo ""
echo -e "Repository: ${GREEN}${REPO_OWNER}/${REPO_NAME}${NC}"
echo -e "Gitea URL: ${GREEN}${GITEA_URL}${NC}"
echo ""

# Prüfe ob Token vorhanden
if [ -z "$GITEA_TOKEN" ]; then
    echo -e "${YELLOW}⚠️  GITEA_TOKEN nicht gefunden${NC}"
    echo ""
    echo -e "${BLUE}Du musst zuerst einen Gitea Access Token erstellen:${NC}"
    echo ""
    echo "1. Öffne im Browser:"
    echo -e "   ${GREEN}${GITEA_URL}/user/settings/applications${NC}"
    echo ""
    echo "2. Scrolle zu 'Generate New Token'"
    echo ""
    echo "3. Konfiguration:"
    echo "   - Name: z.B. 'CI/CD Secrets Setup'"
    echo "   - Scopes: ✅ write:repository (mindestens)"
    echo ""
    echo "4. Klicke 'Generate Token'"
    echo ""
    echo "5. Kopiere den Token (wird nur einmal angezeigt!)"
    echo ""
    echo -e "${YELLOW}Dann füge den Token hier ein (wird nicht angezeigt):${NC}"
    read -s -p "Gitea Token: " GITEA_TOKEN
    echo ""
    echo ""
fi

# Funktion zum Setzen eines Secrets
set_secret() {
    local secret_name=$1
    local secret_value=$2
    
    echo -n "Setting $secret_name... "
    
    local response=$(curl -s -w "\n%{http_code}" \
        -X PUT \
        -H "Authorization: token ${GITEA_TOKEN}" \
        -H "Content-Type: application/json" \
        "${GITEA_URL}/api/v1/repos/${REPO_OWNER}/${REPO_NAME}/actions/secrets/${secret_name}" \
        -d "{
            \"data\": \"${secret_value}\"
        }" 2>&1)
    
    local http_code=$(echo "$response" | tail -n1)
    local body=$(echo "$response" | sed '$d')
    
    if [ "$http_code" = "204" ] || [ "$http_code" = "201" ]; then
        echo -e "${GREEN}✅ OK${NC}"
        return 0
    elif [ "$http_code" = "404" ]; then
        echo -e "${RED}❌ Repository nicht gefunden (404)${NC}"
        echo "   Prüfe: REPO_OWNER=${REPO_OWNER}, REPO_NAME=${REPO_NAME}"
        return 1
    elif [ "$http_code" = "403" ]; then
        echo -e "${RED}❌ Keine Berechtigung (403)${NC}"
        echo "   Token benötigt 'write:repository' Scope"
        return 1
    elif [ "$http_code" = "401" ]; then
        echo -e "${RED}❌ Ungültiger Token (401)${NC}"
        return 1
    else
        echo -e "${RED}❌ FAILED (HTTP $http_code)${NC}"
        echo "Response: $body"
        return 1
    fi
}

# Prüfe Token-Gültigkeit
echo -e "${BLUE}Prüfe Token-Gültigkeit...${NC}"
TOKEN_CHECK=$(curl -s -o /dev/null -w "%{http_code}" \
    -H "Authorization: token ${GITEA_TOKEN}" \
    "${GITEA_URL}/api/v1/user" 2>&1)

if [ "$TOKEN_CHECK" != "200" ]; then
    echo -e "${RED}❌ Token ist ungültig oder hat keine ausreichenden Berechtigungen${NC}"
    echo "HTTP Status: $TOKEN_CHECK"
    exit 1
fi

echo -e "${GREEN}✅ Token ist gültig${NC}"
echo ""

# Registry Password
REGISTRY_PASSWORD="${REGISTRY_PASSWORD:-registry-secure-password-2025}"

# SSH Private Key
SSH_KEY_PATH="${SSH_KEY_PATH:-$HOME/.ssh/production}"
if [ -f "$SSH_KEY_PATH" ]; then
    SSH_PRIVATE_KEY=$(cat "$SSH_KEY_PATH")
    echo -e "${GREEN}✓ SSH private key gefunden: ${SSH_KEY_PATH}${NC}"
else
    echo -e "${YELLOW}⚠️  SSH private key nicht gefunden: ${SSH_KEY_PATH}${NC}"
    echo ""
    read -p "SSH Key Pfad (oder Enter für Skip): " custom_ssh_path
    if [ -n "$custom_ssh_path" ] && [ -f "$custom_ssh_path" ]; then
        SSH_PRIVATE_KEY=$(cat "$custom_ssh_path")
        echo -e "${GREEN}✓ SSH private key geladen${NC}"
    else
        echo -e "${YELLOW}⚠️  Überspringe SSH_PRIVATE_KEY${NC}"
        SSH_PRIVATE_KEY=""
    fi
fi

echo ""
echo -e "${BLUE}Setze Secrets für Repository: ${REPO_OWNER}/${REPO_NAME}${NC}"
echo ""

# Setze Secrets
ERRORS=0

echo -e "${BLUE}Secret 1/3: REGISTRY_USER${NC}"
if set_secret "REGISTRY_USER" "admin"; then
    echo ""
else
    ERRORS=$((ERRORS + 1))
fi

echo -e "${BLUE}Secret 2/3: REGISTRY_PASSWORD${NC}"
if set_secret "REGISTRY_PASSWORD" "$REGISTRY_PASSWORD"; then
    echo ""
else
    ERRORS=$((ERRORS + 1))
fi

if [ -n "$SSH_PRIVATE_KEY" ]; then
    echo -e "${BLUE}Secret 3/3: SSH_PRIVATE_KEY${NC}"
    # Escape JSON special characters
    SSH_PRIVATE_KEY_ESCAPED=$(echo "$SSH_PRIVATE_KEY" | sed 's/\\/\\\\/g' | sed 's/"/\\"/g' | sed ':a;N;$!ba;s/\n/\\n/g')
    if set_secret "SSH_PRIVATE_KEY" "$SSH_PRIVATE_KEY_ESCAPED"; then
        echo ""
    else
        ERRORS=$((ERRORS + 1))
    fi
else
    echo -e "${YELLOW}⚠️  Überspringe SSH_PRIVATE_KEY (nicht gefunden)${NC}"
    echo ""
fi

# Zusammenfassung
echo -e "${BLUE}════════════════════════════════════════════════════════════${NC}"
if [ $ERRORS -eq 0 ]; then
    echo -e "${GREEN}✅ Secrets Setup erfolgreich abgeschlossen!${NC}"
    echo ""
    echo -e "Verifizierung:"
    echo -e "  - Gehe zu: ${GREEN}${GITEA_URL}/${REPO_OWNER}/${REPO_NAME}/settings${NC}"
    echo -e "  - Oder teste den Workflow: ${GREEN}Repository → Actions → Test Registry Credentials${NC}"
    exit 0
else
    echo -e "${RED}❌ Fehler beim Setzen von $ERRORS Secret(s)${NC}"
    echo ""
    echo "Troubleshooting:"
    echo "  - Prüfe Token-Berechtigungen (benötigt: write:repository)"
    echo "  - Prüfe Repository-Name: ${REPO_OWNER}/${REPO_NAME}"
    echo "  - Prüfe ob Actions für das Repository aktiviert ist"
    exit 1
fi