0960b17eb2
v0.2 - Real Workspaces: - Project-specific claudebox StatefulSets (pantheon, aeries) - Init containers for git clone via SSH - Deploy key secrets template - Project ConfigMaps for CLAUDE.md v0.3 - Git Integration: - Dockerfile with rdev-bot git identity - openssh-client for SSH operations - Image version bump to v0.3.0 v0.4 - API Server: - Go REST API with chi router - Endpoints: /projects, /claude, /shell, /git, /events - SSE streaming for real-time output - OpenAPI docs via Scalar at /docs - Kubernetes RBAC for pod exec - Executor and project registry packages Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
82 lines
2.2 KiB
Bash
Executable File
82 lines
2.2 KiB
Bash
Executable File
#!/bin/bash
|
|
# Generate SSH deploy key for a GitHub repository
|
|
#
|
|
# Usage: ./generate-deploy-key.sh <project-name>
|
|
# Example: ./generate-deploy-key.sh pantheon
|
|
#
|
|
# This generates:
|
|
# - <project>-deploy-key (private key)
|
|
# - <project>-deploy-key.pub (public key - add to GitHub)
|
|
# - <project>-deploy-key.b64 (base64 encoded for K8s secret)
|
|
|
|
set -e
|
|
|
|
if [ -z "$1" ]; then
|
|
echo "Usage: $0 <project-name>"
|
|
echo "Example: $0 pantheon"
|
|
exit 1
|
|
fi
|
|
|
|
PROJECT="$1"
|
|
KEY_FILE="${PROJECT}-deploy-key"
|
|
|
|
echo "Generating deploy key for project: $PROJECT"
|
|
echo ""
|
|
|
|
# Check if key already exists
|
|
if [ -f "$KEY_FILE" ]; then
|
|
echo "WARNING: Key file $KEY_FILE already exists!"
|
|
read -p "Overwrite? (y/N) " -n 1 -r
|
|
echo
|
|
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
|
|
echo "Aborted."
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
# Generate ED25519 key (no passphrase for automated use)
|
|
ssh-keygen -t ed25519 -f "$KEY_FILE" -N "" -C "rdev-${PROJECT}@orchard9.ai"
|
|
|
|
# Create base64 encoded version for K8s secret
|
|
cat "$KEY_FILE" | base64 > "${KEY_FILE}.b64"
|
|
|
|
echo ""
|
|
echo "=== Generated Files ==="
|
|
echo ""
|
|
echo "Private key: $KEY_FILE"
|
|
echo "Public key: ${KEY_FILE}.pub"
|
|
echo "Base64: ${KEY_FILE}.b64"
|
|
echo ""
|
|
echo "=== Next Steps ==="
|
|
echo ""
|
|
echo "1. Add the PUBLIC key to GitHub:"
|
|
echo " - Go to: https://github.com/orchard9/${PROJECT}/settings/keys"
|
|
echo " - Click 'Add deploy key'"
|
|
echo " - Title: rdev-${PROJECT}"
|
|
echo " - Key: (paste contents of ${KEY_FILE}.pub)"
|
|
echo " - Check 'Allow write access' if you need push capability"
|
|
echo ""
|
|
echo " Public key to copy:"
|
|
echo " ---"
|
|
cat "${KEY_FILE}.pub"
|
|
echo " ---"
|
|
echo ""
|
|
echo "2. Update the Kubernetes secret:"
|
|
echo " - Edit deployments/k8s/base/secrets.yaml"
|
|
echo " - Replace REPLACE_WITH_BASE64_ENCODED_PRIVATE_KEY for ${PROJECT}"
|
|
echo " - With contents of: ${KEY_FILE}.b64"
|
|
echo ""
|
|
echo " Base64 encoded private key:"
|
|
echo " ---"
|
|
cat "${KEY_FILE}.b64"
|
|
echo " ---"
|
|
echo ""
|
|
echo "3. Apply the secret:"
|
|
echo " export KUBECONFIG=~/.kube/orchard9-k3sf.yaml"
|
|
echo " kubectl apply -f deployments/k8s/base/secrets.yaml"
|
|
echo ""
|
|
echo "4. IMPORTANT: Keep the private key files secure!"
|
|
echo " - Do NOT commit them to git"
|
|
echo " - Store them securely or delete after updating K8s secret"
|
|
echo ""
|