-
Notifications
You must be signed in to change notification settings - Fork 46
/
Copy pathcircle-ci-key-rotation.py
89 lines (76 loc) · 2.97 KB
/
circle-ci-key-rotation.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
from pprint import pprint
from typing import Dict
import requests
# Steps to undertake before running this script
# 1. Revoke access to circleci application by going to 'Authorized OAuth Apps'
# at https://github.com/settings/applications of your personal account, or
# https://github.com/octool. This will remove all ssh-keys from all repos.
# 2. Update the repo list below by going to circleci.com.
# 3. Create a circleci personal api token and update the variable below
# 4. Run the script
# 5. Delete the personal api toke you created in step 3.
# 6. Rerun the circleci jobs to ensure everything is ok.
# CircleCI Personal API Tokens. See the following link on how to create one
# https://circleci.com/docs/managing-api-tokens#creating-a-personal-api-token
circleci_token = ""
circleci_headers = {"Circle-Token": circleci_token}
repos = [
"asmoses",
"atomspace",
"attention",
"cogserver",
"cogutil",
"lg-atomese",
"miner",
"moses",
"opencog",
"pln",
"spacetime",
"ure",
]
org = "opencog"
class CircleCiProject:
"""See https://circleci.com/docs/api/v2/index.html#tag/Project for api
details"""
def __init__(self, org: str, repo: str):
self.project_slug = f"gh/{org}/{repo}"
self.api_prefix = "https://circleci.com/api/v2/project"
def deploy_keys(self) -> Dict:
url = f"{self.api_prefix}/{self.project_slug}/checkout-key"
response = requests.get(url, headers=circleci_headers)
return response.json()
def delete_deploy_keys(self):
keys = self.deploy_keys()["items"]
responses = []
for key in keys:
url = (
f"{self.api_prefix}/{self.project_slug}/checkout-key"
+ f"/{key['fingerprint']}"
)
response = requests.delete(url, headers=circleci_headers)
responses.extend(response.json())
return responses
def add_deploy_key(self):
url = f"{self.api_prefix}/{self.project_slug}/checkout-key"
response = requests.post(
url, headers=circleci_headers, data={"type": "deploy-key"}
)
return response.json()
for repo in repos:
print("---------------------------------------------------------")
print(f"Starting replacing deploy keys used for github.com/{org}/{repo}")
print("---------------------------------------------------------\n")
project = CircleCiProject(org, repo)
old_keys = project.deploy_keys()["items"]
print("Old keys: >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>")
pprint(old_keys)
# Delete old keys
project.delete_deploy_keys()
# Add new key
project.add_deploy_key()
new_key = project.deploy_keys()["items"]
print("\nNew keys: >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>")
pprint(new_key)
print("\n---------------------------------------------------------")
print(f"Finished replacing deploy keys used for github.com/{org}/{repo}")
print("---------------------------------------------------------\n\n")