feat(deploy-action): add a OIDC possible push

BunnyWay · Sep 4, 2024 · d382bac · d382bac
1 parent 68e3ef2
commit d382bac
Show file tree

Hide file tree

Showing 5 changed files with 63 additions and 22 deletions.
diff --git a/.changeset/mighty-wombats-kneel.md b/.changeset/mighty-wombats-kneel.md
@@ -0,0 +1,5 @@
+---
+"deploy-script": minor
+---
+
+Add a OIDC Token
diff --git a/deploy-script/action.yml b/deploy-script/action.yml
@@ -2,6 +2,10 @@ name: Deploy Script to Bunny
 author: Bunny Devs
 description: Use this action to upload an EdgeScript to your Bunny Pullzone.
 
+permissions:
+  id-token: write
+  contents: read
+
 inputs:
   token:
     description: Github token.
@@ -13,7 +17,7 @@ inputs:
 
   deploy_key:
     description: The associated DeployKey for Bunny.
-    required: true
+    required: false
 
   file:
     description: The file path for the script.

diff --git a/deploy-script/src/action.test.ts b/deploy-script/src/action.test.ts
@@ -49,7 +49,7 @@ describe('action', () => {
 
     // Verify that inputs were fetched
     expect(core.getInput).toHaveBeenCalledWith('script_id', { required: true });
-    expect(core.getInput).toHaveBeenCalledWith('deploy_key', { required: true });
+    expect(core.getInput).toHaveBeenCalledWith('deploy_key', { required: false });
     expect(core.getInput).toHaveBeenCalledWith('file', { required: true });
     expect(core.getInput).toHaveBeenCalledWith('base', { required: false });
 

diff --git a/deploy-script/src/action.ts b/deploy-script/src/action.ts
@@ -1,17 +1,25 @@
-import * as core from '@actions/core';
-import * as fs from 'fs/promises';
-import * as Bunny from './bunny';
+import * as core from "@actions/core";
+import * as fs from "fs/promises";
+import * as Bunny from "./bunny";
 
 export async function run() {
   try {
     // const githubToken = core.getInput('token', { required: true });
-    const scriptId = core.getInput('script_id', { required: true });
-    const deployKey = core.getInput('deploy_key', { required: true });
-    const base = core.getInput('base', { required: false });
+    const scriptId = core.getInput("script_id", { required: true });
+    const deployKey = core.getInput("deploy_key", { required: false });
+    const base = core.getInput("base", { required: false });
 
-    const client = Bunny.createClient(base, deployKey);
+    let token: Bunny.Token;
 
-    const file_path = core.getInput('file', { required: true });
+    if (deployKey == "") {
+      token = Bunny.newOIDCToken(await core.getIDToken());
+    } else {
+      token = Bunny.newDeployKey(deployKey);
+    }
+
+    const client = Bunny.createClient(base, token);
+
+    const file_path = core.getInput("file", { required: true });
 
     const fileContent = await fs.readFile(file_path, { encoding: "utf-8" });
 

diff --git a/deploy-script/src/bunny.ts b/deploy-script/src/bunny.ts
@@ -1,19 +1,45 @@
 type BunnyClient = {
   base: string,
-  token: string,
+  token: DeployKey | OIDCToken,
 };
 
-const createClient = (base: string, token: string): BunnyClient => { return ({ base, token }) };
+export type DeployKey = {
+  _internal: "deploy",
+  token: string;
+}
+
+const newDeployKey = (token: string): DeployKey => ({ _internal: "deploy", token });
+
+export type OIDCToken = {
+  _internal: "oidc",
+  token: string;
+}
+
+export type Token = OIDCToken | DeployKey;
+
+const newOIDCToken = (token: string): OIDCToken => ({ _internal: "oidc", token });
+
+const createClient = (base: string, token: Token): BunnyClient => { return ({ base, token }) };
 
 const deployScript = (client: BunnyClient) => async (scriptId: string, code: string) => {
+  const headers = {
+    "Accept": "application/json",
+    "Content-Type": "application/json",
+  };
+
+  switch (client.token._internal) {
+    case "deploy":
+      headers["DeploymentKey"] = client.token.token;
+      break;
+    case "oidc":
+      headers["GithubToken"] = client.token.token;
+      break;
+  }
+
   const endpoint_save = `${client.base}/compute/script/${scriptId}/code`;
   const response = await fetch(endpoint_save, {
     method: "POST",
-    headers: {
-      "Accept": "application/json",
-      "Content-Type": "application/json",
-      "DeploymentKey": client.token,
-    },
+    headers,
     body: JSON.stringify({ Code: code }),
   });
 
@@ -27,11 +53,7 @@ const deployScript = (client: BunnyClient) => async (scriptId: string, code: str
 
   const responsePublish = await fetch(endpoint_publish, {
     method: "POST",
-    headers: {
-      "Accept": "application/json",
-      "Content-Type": "application/json",
-      "DeploymentKey": client.token,
-    },
+    headers,
   });
 
   if (!responsePublish.ok) {
@@ -47,4 +69,6 @@ export {
   BunnyClient,
   deployScript,
   createClient,
+  newDeployKey,
+  newOIDCToken,
 }