blob: 49a9b92f890e4460f7f334b2a31233f4fb497cdf [file] [log] [blame]
# A script to automate some parts of new certificate deployment.
# See http://go/skia-ssl-cert for a longer description and the command you need
# to run before running this script.
# This script adds a new cert to gcloud, and makes a local change to the
# skia-ingress.yaml file. Applying the change to kubernetes, pushing the change
# in git, and deleting old certs are left as manual steps to allow for manual
# inspection of the change.
DATE=$(date +%Y-%m-%d)
gcloud compute ssl-certificates create skia-org-$DATE \
--private-key=$HOME/ssl-cert-requests/$DATE/ \
--certificate=$HOME/ssl-cert-requests/$DATE/ \
git clone
sed --in-place*\ skia-org-$DATE# ./skia-public-config/skia-ingress.yaml
printf "\n\nConfirm that the change to skia-ingress.yaml makes sense:\n\n"
cd skia-public-config; git diff
printf "\n\nThen apply the modified yaml file after checking that you are working in skia-public:\n\n"
printf " kubectl apply -f ./skia-public-config/skia-ingress.yaml\n\n"
printf "And commit and push the updated config file.\n\n"
printf " cd skia-public-config; git add --all; git commit -m 'Update certs on $DATE'; git push\n\n"
printf "Also remove unused certs: \n\n"
gcloud compute ssl-certificates list --project=skia-public --format=json | jq '.[].name' | grep --invert-match skia-org-$DATE | xargs -L1 echo " " gcloud compute ssl-certificates delete --project=skia-public