feat: consume pulumi environment (#99)

* feat: consume pulumi environment

* fix: don't nest

* feat: add environment to core-infra

* feat: get github token from environment instead of bjerk bot

* fix: refer to github config when retrieving values

* fix: import github token

* fix: update dead repository reference

* fix: remove basssene

* fix: revert bassene nuking

* fix: remove bassene

* feat: retrieve tokens for individual orgs

projects/bjerk-conf/Pulumi.prod.yaml

@@ -1 +1,3 @@
 config:
+environment:
+ - secrets

projects/bjerk-conf/resources/github/providers.ts

@@ -1,5 +1,6 @@
 import * as github from '@pulumi/github';
-import { bjerkBotGitHubToken as token } from '../stack-refs';
+import * as pulumi from '@pulumi/pulumi';
+import { getToken } from 'get-pulumi-secret';
 
 const githubProviders = new Map<string, github.Provider>();
 
@@ -9,7 +10,10 @@ export function getGithubProvider(owner: string): github.Provider {
  owner,
  new github.Provider(owner, {
  owner,
- token,
+ token: getToken({
+ name: `${owner}-token`,
+ namespace: 'github',
+ }),
  }),
  );
  }

projects/bjerk-io/Pulumi.prod.yaml

@@ -1,2 +1,4 @@
 config:
  gcp:project: bjerk-io
+environment:
+ - secrets

projects/bjerk-io/src/github.ts

@@ -1,7 +1,9 @@
 import * as github from '@pulumi/github';
-import { bjerkBotGitHubToken } from './stack-refs';
+import * as pulumi from '@pulumi/pulumi';
+
+const config = new pulumi.Config('github');
 
 export const githubProvider = new github.Provider('gh-provider', {
  owner: 'bjerkio',
- token: bjerkBotGitHubToken,
+ token: config.requireSecret('token'),
 });

projects/core-infra/Pulumi.prod.yaml

@@ -9,8 +9,6 @@ config:
  - group:gcp-organization-viewers@bjerk.io
  branches:developers:
  - group:developers@bjerk.io
- github:token:
- secure: AAABAFV2iNVa8uYxniCjg8903NVjQG4b9K6N4gcPlraAaszUTxUmkcft/IQm0j2NeqbTBGWH2Ei7xrtPpShS2hwaHHGE12rz
  intg-avfnor:slack-channel: C03KE9E4QEQ
  pulumi:token:
  secure: AAABALfUIspDSD6BHc//gBuigJQpEPekvfyM5HhY3UZdRov/qkl2Jams+B4BQmmaPUZeO4qWiyk/2ymYEiIOTmYvidWSLKKqM4ioUg==
@@ -20,3 +18,5 @@ config:
  slack:google-cloud-logger-slack-tag: latest
  timely-agent:slack-channel: C03BY6RB248
  tripletex-time-agent:slack-channel: C03J6TVRVFG
+environment:
+ - secrets

projects/core-infra/package.json

@@ -8,7 +8,8 @@
  "@pulumi/github": "^5.8.0",
  "@pulumi/pulumi": "^3.65.1",
  "date-fns": "^2.30.0",
- "gcl-slack": "^3.0.0"
+ "gcl-slack": "^3.0.0",
+ "get-pulumi-secret": "^2.0.0"
  },
  "devDependencies": {
  "@types/node": "^18.16.3",

projects/core-infra/src/config.ts

@@ -15,3 +15,6 @@ export const branchesDevelopers =
 export const developers = config.requireObject<string[]>('developers');
 export const internalViewers =
  config.requireObject<string[]>('internal-viewers');
+
+const githubConfig = new pulumi.Config('github');
+export const githubToken = githubConfig.requireSecret('token');

projects/core-infra/src/customers/index.ts

@@ -1,3 +1,2 @@
-import './bassene-web';
 import './flexisoft';
 import './abax-vwfs';

projects/core-infra/src/github-orgs.ts

@@ -1,16 +1,11 @@
 import * as github from '@pulumi/github';
-import { bjerkBotGitHubToken as token } from './stack-refs';
+import { githubToken as token } from './config';
 
 export const bjerkio = new github.Provider('bjerkio-provider', {
  owner: 'bjerkio',
  token,
 });
 
-export const basssene = new github.Provider('basssene-provider', {
- owner: 'basssene',
- token,
-});
-
 export const branches = new github.Provider('branches-provider', {
  owner: 'getbranches',
  token,

projects/core-infra/src/providers/github.ts

@@ -1,6 +1,6 @@
 import * as github from '@pulumi/github';
-import { bjerkBotGitHubToken } from '../stack-refs';
+import { githubToken } from '../config';
 
 export const provider = new github.Provider('github-provider', {
- token: bjerkBotGitHubToken,
+ token: githubToken,
 });