bakery-ia/infrastructure/scripts/setup/setup-ghcr-secrets.sh

#!/bin/bash

# Setup GitHub Container Registry (GHCR) image pull secrets for all namespaces
# This script creates docker-registry secrets for pulling images from GHCR

set -e

# GitHub Container Registry credentials
# Note: Use a GitHub Personal Access Token with 'read:packages' scope
GHCR_SERVER="ghcr.io"
GHCR_USERNAME="uals"  # GitHub username
GHCR_PASSWORD="ghp_zzEY5Q58x1S0puraIoKEtbpue3A"  # GitHub Personal Access Token
GHCR_EMAIL="ualfaro@gmail.com"
SECRET_NAME="ghcr-creds"

# List of namespaces used in the project
NAMESPACES=(
  "bakery-ia"
  "bakery-ia-dev"
  "bakery-ia-prod"
  "default"
)

echo "Setting up GitHub Container Registry image pull secrets..."
echo "=========================================================="
echo ""

for namespace in "${NAMESPACES[@]}"; do
  echo "Processing namespace: $namespace"

  # Create namespace if it doesn't exist
  if ! kubectl get namespace "$namespace" >/dev/null 2>&1; then
    echo "  Creating namespace: $namespace"
    kubectl create namespace "$namespace"
  fi

  # Delete existing secret if it exists
  if kubectl get secret "$SECRET_NAME" -n "$namespace" >/dev/null 2>&1; then
    echo "  Deleting existing secret in namespace: $namespace"
    kubectl delete secret "$SECRET_NAME" -n "$namespace"
  fi

  # Create the docker-registry secret for GHCR
  echo "  Creating GHCR secret in namespace: $namespace"
  kubectl create secret docker-registry "$SECRET_NAME" \
    --docker-server="$GHCR_SERVER" \
    --docker-username="$GHCR_USERNAME" \
    --docker-password="$GHCR_PASSWORD" \
    --docker-email="$GHCR_EMAIL" \
    -n "$namespace"

  echo "  ✓ Secret created successfully in namespace: $namespace"
  echo ""
done

echo "=========================================================="
echo "GitHub Container Registry secrets setup completed!"
echo ""
echo "The secret '$SECRET_NAME' has been created in all namespaces:"
for namespace in "${NAMESPACES[@]}"; do
  echo "  - $namespace"
done
echo ""
echo "Next steps:"
echo "1. Update your Kubernetes manifests to include the GHCR imagePullSecrets"
echo "2. Verify pods can pull images from GHCR: kubectl get pods -A"
echo "3. Consider updating your CI/CD pipelines to push images to GHCR"
Add new infra architecture 2026-01-19 11:55:17 +01:00			`#!/bin/bash`

			`# Setup GitHub Container Registry (GHCR) image pull secrets for all namespaces`
			`# This script creates docker-registry secrets for pulling images from GHCR`

			`set -e`

			`# GitHub Container Registry credentials`
			`# Note: Use a GitHub Personal Access Token with 'read:packages' scope`
			`GHCR_SERVER="ghcr.io"`
			`GHCR_USERNAME="uals" # GitHub username`
			`GHCR_PASSWORD="ghp_zzEY5Q58x1S0puraIoKEtbpue3A" # GitHub Personal Access Token`
			`GHCR_EMAIL="ualfaro@gmail.com"`
			`SECRET_NAME="ghcr-creds"`

			`# List of namespaces used in the project`
			`NAMESPACES=(`
			`"bakery-ia"`
			`"bakery-ia-dev"`
			`"bakery-ia-prod"`
			`"default"`
			`)`

			`echo "Setting up GitHub Container Registry image pull secrets..."`
			`echo "=========================================================="`
			`echo ""`

			`for namespace in "${NAMESPACES[@]}"; do`
			`echo "Processing namespace: $namespace"`

			`# Create namespace if it doesn't exist`
			`if ! kubectl get namespace "$namespace" >/dev/null 2>&1; then`
			`echo " Creating namespace: $namespace"`
			`kubectl create namespace "$namespace"`
			`fi`

			`# Delete existing secret if it exists`
			`if kubectl get secret "$SECRET_NAME" -n "$namespace" >/dev/null 2>&1; then`
			`echo " Deleting existing secret in namespace: $namespace"`
			`kubectl delete secret "$SECRET_NAME" -n "$namespace"`
			`fi`

			`# Create the docker-registry secret for GHCR`
			`echo " Creating GHCR secret in namespace: $namespace"`
			`kubectl create secret docker-registry "$SECRET_NAME" \`
			`--docker-server="$GHCR_SERVER" \`
			`--docker-username="$GHCR_USERNAME" \`
			`--docker-password="$GHCR_PASSWORD" \`
			`--docker-email="$GHCR_EMAIL" \`
			`-n "$namespace"`

			`echo " ✓ Secret created successfully in namespace: $namespace"`
			`echo ""`
			`done`

			`echo "=========================================================="`
			`echo "GitHub Container Registry secrets setup completed!"`
			`echo ""`
			`echo "The secret '$SECRET_NAME' has been created in all namespaces:"`
			`for namespace in "${NAMESPACES[@]}"; do`
			`echo " - $namespace"`
			`done`
			`echo ""`
			`echo "Next steps:"`
			`echo "1. Update your Kubernetes manifests to include the GHCR imagePullSecrets"`
			`echo "2. Verify pods can pull images from GHCR: kubectl get pods -A"`
			`echo "3. Consider updating your CI/CD pipelines to push images to GHCR"`