avisenna-landing-page/scripts/update-github-secrets.sh

#!/bin/bash
set -euo pipefail

REPO="kebrahimpour/avisenna-landing-page"
GHCR_PAT="${GHCR_PAT:-}"
TOKEN_SOURCE=""

# Try env or fallback to file
if [[ -z "$GHCR_PAT" ]]; then
  TOKEN_PATH="$HOME/.secrets/g-token.txt"
  if [[ -f "$TOKEN_PATH" ]]; then
    GHCR_PAT=$(<"$TOKEN_PATH")
    TOKEN_SOURCE="file"
  fi
else
  TOKEN_SOURCE="env"
fi

if [[ -z "$GHCR_PAT" ]]; then
  echo "❌ GHCR_PAT not found. Set as env or in ~/.secrets/g-token.txt"
  exit 1
fi

echo "🔐 Using GHCR_PAT from $TOKEN_SOURCE"
gh secret set GHCR_PAT --repo "$REPO" --body "$GHCR_PAT"
echo "✅ GHCR_PAT updated"

KCFG="$HOME/.kube/github-kubeconfig.yaml"
if [[ ! -f "$KCFG" ]]; then
  echo "❌ Kubeconfig not found at $KCFG"
  exit 1
fi

ENCODED_KCFG=$(base64 -w 0 "$KCFG")
gh secret set KUBECONFIG_B64 --repo "$REPO" --body "$ENCODED_KCFG"
echo "✅ KUBECONFIG_B64 updated"