scripts: forge-login.sh + forge-create-token.sh
forge-create-token.sh mints an access token for an existing user (prints to stdout — forgejo only shows it once). forge-login.sh configures the operator's shell: git config --global user.name / user.email, ~/.netrc entry for HTTP clones, and `tea login add` when tea is on PATH. takes the token interactively (hidden input) so it doesn't land in shell history.
This commit is contained in:
müde
parent
d8b05a9eb9
commit
a1c4d37bc9
2 changed files with 107 additions and 0 deletions
35
scripts/forge-create-token.sh
Executable file
35
scripts/forge-create-token.sh
Executable file
|
|
@ -0,0 +1,35 @@
|
|||
#!/usr/bin/env bash
|
||||
# Mint a Forgejo access token for an existing user.
|
||||
#
|
||||
# Usage: forge-create-token.sh <username> [--name <label>] [--scopes <csv>]
|
||||
#
|
||||
# Defaults:
|
||||
# --name = local-<timestamp>
|
||||
# --scopes = all
|
||||
#
|
||||
# Prints the token to stdout — feed it to `forge-login.sh` or paste
|
||||
# into tea / .netrc. Forgejo only shows the token once, so capture it.
|
||||
set -euo pipefail
|
||||
|
||||
if [ $# -lt 1 ]; then
|
||||
echo "usage: $0 <username> [--name <label>] [--scopes <csv>]" >&2
|
||||
exit 2
|
||||
fi
|
||||
|
||||
username="$1"; shift
|
||||
name="local-$(date +%s)"
|
||||
scopes="all"
|
||||
|
||||
while [ $# -gt 0 ]; do
|
||||
case "$1" in
|
||||
--name) name="$2"; shift 2 ;;
|
||||
--scopes) scopes="$2"; shift 2 ;;
|
||||
*) echo "unknown arg: $1" >&2; exit 2 ;;
|
||||
esac
|
||||
done
|
||||
|
||||
sudo nixos-container run hive-forge -- runuser -u forgejo -- \
|
||||
forgejo --work-path /var/lib/forgejo admin user generate-access-token \
|
||||
--username "$username" \
|
||||
--token-name "$name" \
|
||||
--scopes "$scopes"
|
||||
Loading…
Add table
Add a link
Reference in a new issue