in src/cli/commands/setup_cicd.py [0:0]
def create_or_update_secret(secret_id: str, secret_value: str, project_id: str) -> None:
"""Create or update a secret in Google Cloud Secret Manager.
Args:
secret_id: The ID of the secret to create/update
secret_value: The value to store in the secret
project_id: The Google Cloud project ID
Raises:
subprocess.CalledProcessError: If secret creation/update fails
"""
with tempfile.NamedTemporaryFile(mode="w") as temp_file:
temp_file.write(secret_value)
temp_file.flush()
# First try to add a new version to existing secret
try:
run_command(
[
"gcloud",
"secrets",
"versions",
"add",
secret_id,
"--data-file",
temp_file.name,
f"--project={project_id}",
]
)
console.print("✅ Updated existing GitHub PAT secret")
except subprocess.CalledProcessError:
# If adding version fails (secret doesn't exist), try to create it
try:
run_command(
[
"gcloud",
"secrets",
"create",
secret_id,
"--data-file",
temp_file.name,
f"--project={project_id}",
"--replication-policy",
"automatic",
]
)
console.print("✅ Created new GitHub PAT secret")
except subprocess.CalledProcessError as e:
console.print(
f"❌ Failed to create/update GitHub PAT secret: {e!s}",
style="bold red",
)
raise