{"id":25399131,"url":"https://github.com/qalisa/github-actions-secrets-operator","last_synced_at":"2025-04-11T13:54:07.907Z","repository":{"id":276992663,"uuid":"917023318","full_name":"Qalisa/github-actions-secrets-operator","owner":"Qalisa","description":"Kubernetes operator that will automatically sync secrets and variables per repositories to be accessed from Github Action","archived":false,"fork":false,"pushed_at":"2025-02-15T08:00:36.000Z","size":184,"stargazers_count":0,"open_issues_count":3,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-15T08:23:53.195Z","etag":null,"topics":["actions","github-actions","helm","k8s","kubebuilder","kubernetes","operator","secret","secrets","variable","variables"],"latest_commit_sha":null,"homepage":"https://qalisa.github.io/push-github-secrets-operator/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Qalisa.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-01-15T07:54:22.000Z","updated_at":"2025-02-15T08:00:39.000Z","dependencies_parsed_at":"2025-02-15T08:34:01.237Z","dependency_job_id":null,"html_url":"https://github.com/Qalisa/github-actions-secrets-operator","commit_stats":null,"previous_names":["qalisa/push-github-secrets-operator","qalisa/github-actions-secrets-operator"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Qalisa%2Fgithub-actions-secrets-operator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Qalisa%2Fgithub-actions-secrets-operator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Qalisa%2Fgithub-actions-secrets-operator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Qalisa%2Fgithub-actions-secrets-operator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Qalisa","download_url":"https://codeload.github.com/Qalisa/github-actions-secrets-operator/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248412093,"owners_count":21099048,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["actions","github-actions","helm","k8s","kubebuilder","kubernetes","operator","secret","secrets","variable","variables"],"created_at":"2025-02-15T23:29:15.048Z","updated_at":"2025-04-11T13:54:07.892Z","avatar_url":"https://github.com/Qalisa.png","language":"Go","readme":"# GitHub Actions Secrets Operator\n\nA Kubernetes operator to synchronize secrets and variables to GitHub repositories, bypassing GitHub Free Plan restrictions on organization-level secrets.\n\n## Overview\n\nThis operator allows you to manage GitHub Actions secrets and variables at a repository level using Kubernetes resources. It's particularly useful for organizations using GitHub's Free Plan, which doesn't include organization-level secrets.\n\nKey features:\n- Sync Kubernetes Secrets to GitHub Actions secrets\n- Sync ConfigMap values to GitHub Actions variables\n- Cluster-scoped resources for organization-wide management\n- Automatic synchronization on changes\n- Rate limiting handling\n- Status conditions for monitoring\n\n## Installation\n\n### Prerequisites\n\n- Kubernetes cluster 1.19+\n- Helm 3.0+\n- GitHub App credentials (see setup below)\n\n### Using Helm\n\n1. Add the Helm repository:\n```bash\nhelm repo add qalisa https://qalisa.github.io/charts\nhelm repo update\n```\n\n2. Install the operator:\n```bash\nhelm install github-actions-secrets-operator qalisa/github-actions-secrets-operator \\\n  --set github.appId=\u003cyour-app-id\u003e \\\n  --set github.installationId=\u003cyour-installation-id\u003e \\\n  --set github.privateKey.explicit=\"$(cat path/to/private-key.pem)\"\n```\n\nOr using an existing secret:\n```bash\nhelm install github-actions-secrets-operator qalisa/github-actions-secrets-operator \\\n  --set github.appId=\u003cyour-app-id\u003e \\\n  --set github.installationId=\u003cyour-installation-id\u003e \\\n  --set github.privateKey.existingSecret=my-github-secret\n```\n\n## GitHub App Setup\n\n1. Create a new GitHub App:\n   - Go to your organization's settings\n   - Navigate to Developer Settings \u003e GitHub Apps\n   - Click \"New GitHub App\"\n\n2. Configure the app:\n   - Name: Choose a descriptive name (e.g., \"K8s Secrets Sync\")\n   - Homepage URL: Your organization URL\n   - Webhook: Disable (not needed)\n   - Permissions:\n     - Repository permissions:\n       - Actions secrets and variables: Read and write\n\n3. Generate and download the private key\n\n4. Install the app in your organization\n\n5. Note down:\n   - App ID (from the app's settings page)\n   - Installation ID (from the installation URL or API)\n   - Private key (downloaded in step 3)\n\n## Usage\n\n### 1. Define Secret/Variable Groups\n\nCreate a `GithubActionSecretsSync` resource to define which secrets and variables should be synchronized:\n\n```yaml\napiVersion: qalisa.github.io/v1alpha1\nkind: GithubActionSecretsSync\nmetadata:\n  name: prod-secrets\nspec:\n  secrets:\n    - secretRef: \n        name: db-credentials\n        namespace: special\n      key: DB_PASSWORD\n      # githubSecretName defaults to key if not set\n    - secretRef: \n        name: api-credentials\n        namespace: special\n      key: API_KEY\n      githubSecretName: CUSTOM_API_KEY\n  variables:\n    - configMapRef: \n        name: env-config\n        namespace: specific-app\n      key: ENVIRONMENT\n      # githubVariableName defaults to key if not set\n    - configMapRef: \n        name: region-config\n        namespace: specific-app\n      key: REGION\n      githubVariableName: CUSTOM_REGION\n```\n\n### 2. Bind Repositories\n\nCreate a `GithubSyncRepo` resource to specify which repositories should receive which secrets/variables:\n\n```yaml\napiVersion: qalisa.github.io/v1alpha1\nkind: GithubSyncRepo\nmetadata:\n  name: my-repo-sync\nspec:\n  repository: \"MyOrganization/my-repository\"\n  secretsSyncRefs:\n    - prod-secrets\n    - staging-secrets\n```\n\n### 3. Monitor Status\n\nCheck the status of your resources:\n\n```bash\nkubectl get githubactionsecretssyncs\nkubectl get githubsyncrepoes\n```\n\n## Development\n\nFor detailed instructions on setting up your development environment and debugging, please see our [Development Guide](docs/development.md).\n\n### Prerequisites\n\n- Docker\n- VSCode with Go extension\n- Homebrew (for macOS)\n\nAll other dependencies (Go, kubectl, kind, etc.) will be installed automatically through VSCode tasks.\n\n### Quick Start\n\n1. Clone the repository:\n```bash\ngit clone https://github.com/Qalisa/github-actions-secrets-operator.git\ncd github-actions-secrets-operator\n```\n\n## Contributing\n\nContributions are welcome! Please feel free to submit a Pull Request.\n\n## License\n\nApache License 2.0\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fqalisa%2Fgithub-actions-secrets-operator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fqalisa%2Fgithub-actions-secrets-operator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fqalisa%2Fgithub-actions-secrets-operator/lists"}