This repository has been archived by the owner on Aug 26, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2
/
set.ts
121 lines (109 loc) · 3.31 KB
/
set.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
import {Command, flags} from '@oclif/command'
import {CLIError} from '@oclif/errors'
import {request} from '@octokit/request'
import cli from 'cli-ux'
import fs from 'fs-extra'
import sodium from 'tweetsodium'
import {configuration} from '../../utils/config'
export default class SecretsSet extends Command {
static description = 'Update/Create a secret'
static flags = {
help: flags.help({char: 'h'}),
personalAccessToken: flags.string({
char: 't',
description: 'Your GitHub Personal Access Token.',
required: false,
}),
org: flags.string({
char: 'o',
description: 'Organisation the repo belongs to.',
required: false,
}),
repo: flags.string({
char: 'r',
description: 'Name of the repo.',
required: false,
}),
file: flags.string({
char: 'f',
description: 'Location of a file to create a secret from.',
required: false,
}),
input: flags.string({
char: 'i',
description: 'String to create a secret from.',
required: false,
}),
secret: flags.string({
char: 's',
description: 'GitHub Secret to update/create.',
required: true,
}),
base64: flags.boolean({
char: 'b',
description: 'base64 the string before encoding.',
required: false,
default: false,
}),
}
async run() {
const {flags} = this.parse(SecretsSet)
try {
const conf = await configuration(this)
const requestWithAuth = request.defaults({
headers: {
authorization: `token ${
flags.personalAccessToken ?? conf.personalAccessToken
}`,
},
})
const {data: token} = await requestWithAuth(
'GET /repos/{owner}/{repo}/actions/secrets/public-key',
{
owner: flags.org ?? conf.org,
repo: flags.repo ?? conf.repo,
}
)
let messageString
if (flags.file)
messageString = fs.readFileSync(flags.file, {
encoding: flags.base64 ? 'base64' : null,
})
if (flags.input) {
messageString = flags.input
if (flags.base64) {
messageString = Buffer.from(messageString)
messageString = messageString.toString('base64')
}
}
if (!(flags.file || flags.input)) {
messageString = await cli.prompt('String to save as secret')
if (flags.base64) {
messageString = Buffer.from(messageString)
messageString = messageString.toString('base64')
}
}
const messageBytes = Buffer.from(messageString)
const keyBytes = Buffer.from(token.key, 'base64')
const encryptedBytes = sodium.seal(messageBytes, keyBytes)
const encrypted = Buffer.from(encryptedBytes).toString('base64')
try {
await requestWithAuth(
'PUT /repos/{owner}/{repo}/actions/secrets/{secret_name}',
{
owner: flags.org ?? conf.org,
repo: flags.repo ?? conf.repo,
secret_name: flags.secret,
encrypted_value: encrypted,
key_id: token.key_id,
}
)
this.log(`Updated secret: ${flags.secret}`)
} catch (error) {
this.error(`Unable to update secret: ${flags.secret} \n${error}`)
}
} catch (error) {
this.error(new CLIError(error), {exit: 1})
}
}
}