Merge pull request #3 from taizo/multi_repos

kneemaa · web-flow · commit 50f0cac202f3 · 2020-08-26T20:07:57.000-07:00
Multi repos support
diff --git a/README.md b/README.md
@@ -23,7 +23,7 @@
 
 #### OWNER_REPOSITORY
 - Required: ***True***
-- Description: The owner and repository name. For example, octocat/Hello-World. If being ran in the repo being updated, you can use `${{github.repository}}`
+- Description: The owner and repository name. For example, octocat/Hello-World. If being ran in the repo being updated, you can use `${{github.repository}}`. Multiple repositories can be specified by a comma-separated list (e.g. `OWNER_REPOSITORY: ${{ github.repository }},MyGitHubOrgOrUser/MyGitHubRepo`). 
 
 #### GITHUB_ACCESS_KEY_NAME
 - Required: ***False***
diff --git a/rotate_keys.py b/rotate_keys.py
@@ -42,16 +42,17 @@ def main_function():
     #generate new credentials
     (new_access_key, new_secret_key) = create_new_keys(iam_username)
 
-    #get repo pub key info
-    (public_key, pub_key_id) = get_pub_key(owner_repository, github_token)
+    for repos in [x.strip() for x in owner_repository.split(',')]:
+        #get repo pub key info
+        (public_key, pub_key_id) = get_pub_key(repos, github_token)
 
-    #encrypt the secrets
-    encrypted_access_key = encrypt(public_key,new_access_key)
-    encrypted_secret_key = encrypt(public_key,new_secret_key)
+        #encrypt the secrets
+        encrypted_access_key = encrypt(public_key,new_access_key)
+        encrypted_secret_key = encrypt(public_key,new_secret_key)
 
-    #upload secrets
-    upload_secret(owner_repository,access_key_name,encrypted_access_key,pub_key_id,github_token)
-    upload_secret(owner_repository,secret_key_name,encrypted_secret_key,pub_key_id,github_token)
+        #upload secrets
+        upload_secret(repos,access_key_name,encrypted_access_key,pub_key_id,github_token)
+        upload_secret(repos,secret_key_name,encrypted_secret_key,pub_key_id,github_token)
 
     #delete old keys
     delete_old_keys(iam_username, current_access_id)
@@ -131,8 +132,9 @@ def upload_secret(owner_repo,key_name,encrypted_value,pub_key_id,github_token):
     good_status_codes = [204,201]
 
     if updated_secret.status_code not in good_status_codes:
-        print(f'Got status code: {updated_secret.status_code} on updating {key_name}')
+        print(f'Got status code: {updated_secret.status_code} on updating {key_name} in {owner_repo}')
         sys.exit(1)
+    print(f'Updated {key_name} in {owner_repo}')
 
 # run everything
 main_function()
