diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 335a3ab..b34fb8a 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -17,4 +17,3 @@ jobs: APP_ID: ${{ secrets.APP_ID }} PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }} SECRET_NAME: APP_TOKEN - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/src/action.ts b/src/action.ts index c00cd8b..61e26aa 100644 --- a/src/action.ts +++ b/src/action.ts @@ -1,35 +1,11 @@ import * as core from '@actions/core' -import * as github from '@actions/github' -import { App } from '@octokit/app' -import isBase64 from 'is-base64' import { Util } from './util' export namespace Action { - let token: string - export async function run() { try { - const id = Number(core.getInput('APP_ID', { required: true })) - const privateKeyInput = core.getInput('PRIVATE_KEY', { required: true }) - const privateKey = isBase64(privateKeyInput) - ? Buffer.from(privateKeyInput, 'base64').toString('utf8') - : privateKeyInput - const app = new App({ id, privateKey }) - const jwt = app.getSignedJsonWebToken() - const octokit = github.getOctokit(jwt) - const { - data: { id: installationId }, - } = await octokit.apps.getRepoInstallation(github.context.repo) - - token = await app.getInstallationAccessToken({ - installationId, - }) - - const secretName = core.getInput('SECRET_NAME') - if (secretName) { - await Util.createOrUpdateRepoSecret(token, secretName, token) - } - + const token = await Util.getAppToken() + await Util.saveAppTokenToSecret(token) core.setSecret(token) core.setOutput('token', token) core.info('Token generated successfully!') @@ -41,10 +17,7 @@ export namespace Action { export async function cleanup() { try { - const secretName = core.getInput('SECRET_NAME') - if (secretName) { - await Util.deleteSecret(token, secretName) - } + await Util.removeAppTokenFromSecret() } catch (e) { core.error(e) core.setFailed(e.message) diff --git a/src/index.ts b/src/index.ts index a2ad563..9236227 100644 --- a/src/index.ts +++ b/src/index.ts @@ -2,6 +2,8 @@ import { Action } from './action' const isPost = !!process.env['STATE_isPost'] +console.log(JSON.stringify(process.env, null, 2)) + if (!isPost) { Action.run() } else { diff --git a/src/util.ts b/src/util.ts index 832593d..38d5905 100644 --- a/src/util.ts +++ b/src/util.ts @@ -1,9 +1,45 @@ -import { context } from '@actions/github' +import { context, getOctokit } from '@actions/github' import { Octokit } from '@octokit/core' +import { getInput } from '@actions/core' +import { App } from '@octokit/app' +import isBase64 from 'is-base64' import sodium from 'tweetsodium' export namespace Util { - async function createSecret(octokit: Octokit, value: string) { + export async function getAppToken() { + const id = Number(getInput('APP_ID', { required: true })) + const privateKeyInput = getInput('PRIVATE_KEY', { required: true }) + const privateKey = isBase64(privateKeyInput) + ? Buffer.from(privateKeyInput, 'base64').toString('utf8') + : privateKeyInput + const app = new App({ id, privateKey }) + const jwt = app.getSignedJsonWebToken() + const octokit = getOctokit(jwt) + const { + data: { id: installationId }, + } = await octokit.apps.getRepoInstallation(context.repo) + + return app.getInstallationAccessToken({ + installationId, + }) + } + + export async function saveAppTokenToSecret(token: string) { + const secretName = getInput('SECRET_NAME') + if (secretName) { + return createOrUpdateRepoSecret(token, secretName, token) + } + } + + export async function removeAppTokenFromSecret() { + const secretName = getInput('SECRET_NAME') + if (secretName) { + const token = await getAppToken() + return Util.deleteSecret(token, secretName) + } + } + + export async function createSecret(octokit: Octokit, value: string) { const repo = context.repo const res = await octokit.request( 'GET /repos/:owner/:repo/actions/secrets/public-key',