add app auth
This commit is contained in:
parent
21dc310f19
commit
c74de88bff
@ -105,6 +105,12 @@ Refer [here](https://github.com/actions/checkout/blob/v1/README.md) for previous
|
||||
#
|
||||
# Default: false
|
||||
submodules: ''
|
||||
|
||||
# GitHub app id
|
||||
app-id: ''
|
||||
|
||||
# GitHub app private key
|
||||
app-private-key: ''
|
||||
```
|
||||
<!-- end usage -->
|
||||
|
||||
|
@ -67,8 +67,8 @@ describe('input-helper tests', () => {
|
||||
jest.restoreAllMocks()
|
||||
})
|
||||
|
||||
it('sets defaults', () => {
|
||||
const settings: IGitSourceSettings = inputHelper.getInputs()
|
||||
it('sets defaults', async () => {
|
||||
const settings: IGitSourceSettings = await inputHelper.getInputs()
|
||||
expect(settings).toBeTruthy()
|
||||
expect(settings.authToken).toBeFalsy()
|
||||
expect(settings.clean).toBe(true)
|
||||
@ -82,11 +82,11 @@ describe('input-helper tests', () => {
|
||||
expect(settings.repositoryPath).toBe(gitHubWorkspace)
|
||||
})
|
||||
|
||||
it('qualifies ref', () => {
|
||||
it('qualifies ref', async () => {
|
||||
let originalRef = github.context.ref
|
||||
try {
|
||||
github.context.ref = 'some-unqualified-ref'
|
||||
const settings: IGitSourceSettings = inputHelper.getInputs()
|
||||
const settings: IGitSourceSettings = await inputHelper.getInputs()
|
||||
expect(settings).toBeTruthy()
|
||||
expect(settings.commit).toBe('1234567890123456789012345678901234567890')
|
||||
expect(settings.ref).toBe('refs/heads/some-unqualified-ref')
|
||||
@ -97,29 +97,30 @@ describe('input-helper tests', () => {
|
||||
|
||||
it('requires qualified repo', () => {
|
||||
inputs.repository = 'some-unqualified-repo'
|
||||
assert.throws(() => {
|
||||
inputHelper.getInputs()
|
||||
}, /Invalid repository 'some-unqualified-repo'/)
|
||||
assert.rejects(
|
||||
() => inputHelper.getInputs(),
|
||||
/Invalid repository 'some-unqualified-repo'/
|
||||
)
|
||||
})
|
||||
|
||||
it('roots path', () => {
|
||||
it('roots path', async () => {
|
||||
inputs.path = 'some-directory/some-subdirectory'
|
||||
const settings: IGitSourceSettings = inputHelper.getInputs()
|
||||
const settings: IGitSourceSettings = await inputHelper.getInputs()
|
||||
expect(settings.repositoryPath).toBe(
|
||||
path.join(gitHubWorkspace, 'some-directory', 'some-subdirectory')
|
||||
)
|
||||
})
|
||||
|
||||
it('sets ref to empty when explicit sha', () => {
|
||||
it('sets ref to empty when explicit sha', async () => {
|
||||
inputs.ref = '1111111111222222222233333333334444444444'
|
||||
const settings: IGitSourceSettings = inputHelper.getInputs()
|
||||
const settings: IGitSourceSettings = await inputHelper.getInputs()
|
||||
expect(settings.ref).toBeFalsy()
|
||||
expect(settings.commit).toBe('1111111111222222222233333333334444444444')
|
||||
})
|
||||
|
||||
it('sets sha to empty when explicit ref', () => {
|
||||
it('sets sha to empty when explicit ref', async () => {
|
||||
inputs.ref = 'refs/heads/some-other-ref'
|
||||
const settings: IGitSourceSettings = inputHelper.getInputs()
|
||||
const settings: IGitSourceSettings = await inputHelper.getInputs()
|
||||
expect(settings.ref).toBe('refs/heads/some-other-ref')
|
||||
expect(settings.commit).toBeFalsy()
|
||||
})
|
||||
|
@ -68,6 +68,12 @@ inputs:
|
||||
When the `ssh-key` input is not provided, SSH URLs beginning with `git@github.com:` are
|
||||
converted to HTTPS.
|
||||
default: false
|
||||
app-id:
|
||||
description: GitHub app id
|
||||
optional: true
|
||||
app-private-key:
|
||||
description: GitHub app private key
|
||||
optional: true
|
||||
runs:
|
||||
using: node12
|
||||
main: dist/index.js
|
||||
|
9739
dist/index.js
vendored
9739
dist/index.js
vendored
File diff suppressed because it is too large
Load Diff
99
package-lock.json
generated
99
package-lock.json
generated
@ -838,6 +838,15 @@
|
||||
"integrity": "sha512-Il2DtDVRGDcqjDtE+rF8iqg1CArehSK84HZJCT7AMITlyXRBpuPhqGLDQMowraqqu1coEaimg4ZOqggt6L6L+A==",
|
||||
"dev": true
|
||||
},
|
||||
"@types/jsonwebtoken": {
|
||||
"version": "8.5.0",
|
||||
"resolved": "https://registry.npmjs.org/@types/jsonwebtoken/-/jsonwebtoken-8.5.0.tgz",
|
||||
"integrity": "sha512-9bVao7LvyorRGZCw0VmH/dr7Og+NdjYSsKAxB43OQoComFbBgsEpoR9JW6+qSq/ogwVBg8GI2MfAlk4SYI4OLg==",
|
||||
"dev": true,
|
||||
"requires": {
|
||||
"@types/node": "*"
|
||||
}
|
||||
},
|
||||
"@types/node": {
|
||||
"version": "12.7.12",
|
||||
"resolved": "https://registry.npmjs.org/@types/node/-/node-12.7.12.tgz",
|
||||
@ -1467,6 +1476,11 @@
|
||||
"resolved": "https://registry.npmjs.org/btoa-lite/-/btoa-lite-1.0.0.tgz",
|
||||
"integrity": "sha1-M3dm2hWAEhD92VbCLpxokaudAzc="
|
||||
},
|
||||
"buffer-equal-constant-time": {
|
||||
"version": "1.0.1",
|
||||
"resolved": "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz",
|
||||
"integrity": "sha1-+OcRMvf/5uAaXJaXpMbz5I1cyBk="
|
||||
},
|
||||
"buffer-from": {
|
||||
"version": "1.1.1",
|
||||
"resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.1.tgz",
|
||||
@ -1919,6 +1933,14 @@
|
||||
"safer-buffer": "^2.1.0"
|
||||
}
|
||||
},
|
||||
"ecdsa-sig-formatter": {
|
||||
"version": "1.0.11",
|
||||
"resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz",
|
||||
"integrity": "sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==",
|
||||
"requires": {
|
||||
"safe-buffer": "^5.0.1"
|
||||
}
|
||||
},
|
||||
"emoji-regex": {
|
||||
"version": "7.0.3",
|
||||
"resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-7.0.3.tgz",
|
||||
@ -4777,6 +4799,23 @@
|
||||
}
|
||||
}
|
||||
},
|
||||
"jsonwebtoken": {
|
||||
"version": "8.5.1",
|
||||
"resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-8.5.1.tgz",
|
||||
"integrity": "sha512-XjwVfRS6jTMsqYs0EsuJ4LGxXV14zQybNd4L2r0UvbVnSF9Af8x7p5MzbJ90Ioz/9TI41/hTCvznF/loiSzn8w==",
|
||||
"requires": {
|
||||
"jws": "^3.2.2",
|
||||
"lodash.includes": "^4.3.0",
|
||||
"lodash.isboolean": "^3.0.3",
|
||||
"lodash.isinteger": "^4.0.4",
|
||||
"lodash.isnumber": "^3.0.3",
|
||||
"lodash.isplainobject": "^4.0.6",
|
||||
"lodash.isstring": "^4.0.1",
|
||||
"lodash.once": "^4.0.0",
|
||||
"ms": "^2.1.1",
|
||||
"semver": "^5.6.0"
|
||||
}
|
||||
},
|
||||
"jsprim": {
|
||||
"version": "1.4.1",
|
||||
"resolved": "https://registry.npmjs.org/jsprim/-/jsprim-1.4.1.tgz",
|
||||
@ -4799,6 +4838,25 @@
|
||||
"object.assign": "^4.1.0"
|
||||
}
|
||||
},
|
||||
"jwa": {
|
||||
"version": "1.4.1",
|
||||
"resolved": "https://registry.npmjs.org/jwa/-/jwa-1.4.1.tgz",
|
||||
"integrity": "sha512-qiLX/xhEEFKUAJ6FiBMbes3w9ATzyk5W7Hvzpa/SLYdxNtng+gcurvrI7TbACjIXlsJyr05/S1oUhZrc63evQA==",
|
||||
"requires": {
|
||||
"buffer-equal-constant-time": "1.0.1",
|
||||
"ecdsa-sig-formatter": "1.0.11",
|
||||
"safe-buffer": "^5.0.1"
|
||||
}
|
||||
},
|
||||
"jws": {
|
||||
"version": "3.2.2",
|
||||
"resolved": "https://registry.npmjs.org/jws/-/jws-3.2.2.tgz",
|
||||
"integrity": "sha512-YHlZCB6lMTllWDtSPHz/ZXTsi8S00usEV6v1tjq8tOUZzw7DpSDWVXjXDre6ed1w/pd495ODpHZYSdkRTsa0HA==",
|
||||
"requires": {
|
||||
"jwa": "^1.4.1",
|
||||
"safe-buffer": "^5.0.1"
|
||||
}
|
||||
},
|
||||
"kind-of": {
|
||||
"version": "6.0.2",
|
||||
"resolved": "https://registry.npmjs.org/kind-of/-/kind-of-6.0.2.tgz",
|
||||
@ -4866,12 +4924,47 @@
|
||||
"resolved": "https://registry.npmjs.org/lodash.get/-/lodash.get-4.4.2.tgz",
|
||||
"integrity": "sha1-LRd/ZS+jHpObRDjVNBSZ36OCXpk="
|
||||
},
|
||||
"lodash.includes": {
|
||||
"version": "4.3.0",
|
||||
"resolved": "https://registry.npmjs.org/lodash.includes/-/lodash.includes-4.3.0.tgz",
|
||||
"integrity": "sha1-YLuYqHy5I8aMoeUTJUgzFISfVT8="
|
||||
},
|
||||
"lodash.isboolean": {
|
||||
"version": "3.0.3",
|
||||
"resolved": "https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz",
|
||||
"integrity": "sha1-bC4XHbKiV82WgC/UOwGyDV9YcPY="
|
||||
},
|
||||
"lodash.isinteger": {
|
||||
"version": "4.0.4",
|
||||
"resolved": "https://registry.npmjs.org/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz",
|
||||
"integrity": "sha1-YZwK89A/iwTDH1iChAt3sRzWg0M="
|
||||
},
|
||||
"lodash.isnumber": {
|
||||
"version": "3.0.3",
|
||||
"resolved": "https://registry.npmjs.org/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz",
|
||||
"integrity": "sha1-POdoEMWSjQM1IwGsKHMX8RwLH/w="
|
||||
},
|
||||
"lodash.isplainobject": {
|
||||
"version": "4.0.6",
|
||||
"resolved": "https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz",
|
||||
"integrity": "sha1-fFJqUtibRcRcxpC4gWO+BJf1UMs="
|
||||
},
|
||||
"lodash.isstring": {
|
||||
"version": "4.0.1",
|
||||
"resolved": "https://registry.npmjs.org/lodash.isstring/-/lodash.isstring-4.0.1.tgz",
|
||||
"integrity": "sha1-1SfftUVuynzJu5XV2ur4i6VKVFE="
|
||||
},
|
||||
"lodash.memoize": {
|
||||
"version": "4.1.2",
|
||||
"resolved": "https://registry.npmjs.org/lodash.memoize/-/lodash.memoize-4.1.2.tgz",
|
||||
"integrity": "sha1-vMbEmkKihA7Zl/Mj6tpezRguC/4=",
|
||||
"dev": true
|
||||
},
|
||||
"lodash.once": {
|
||||
"version": "4.1.1",
|
||||
"resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz",
|
||||
"integrity": "sha1-DdOXEhPHxW34gJd9UEyI+0cal6w="
|
||||
},
|
||||
"lodash.set": {
|
||||
"version": "4.3.2",
|
||||
"resolved": "https://registry.npmjs.org/lodash.set/-/lodash.set-4.3.2.tgz",
|
||||
@ -5067,8 +5160,7 @@
|
||||
"ms": {
|
||||
"version": "2.1.2",
|
||||
"resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
|
||||
"integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==",
|
||||
"dev": true
|
||||
"integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w=="
|
||||
},
|
||||
"mute-stream": {
|
||||
"version": "0.0.7",
|
||||
@ -5978,8 +6070,7 @@
|
||||
"safe-buffer": {
|
||||
"version": "5.1.2",
|
||||
"resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
|
||||
"integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==",
|
||||
"dev": true
|
||||
"integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
|
||||
},
|
||||
"safe-regex": {
|
||||
"version": "1.1.0",
|
||||
|
@ -31,10 +31,12 @@
|
||||
"@actions/github": "^2.2.0",
|
||||
"@actions/io": "^1.0.1",
|
||||
"@actions/tool-cache": "^1.1.2",
|
||||
"jsonwebtoken": "^8.5.1",
|
||||
"uuid": "^3.3.3"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@types/jest": "^24.0.23",
|
||||
"@types/jsonwebtoken": "^8.3.9",
|
||||
"@types/node": "^12.7.12",
|
||||
"@types/uuid": "^3.4.6",
|
||||
"@typescript-eslint/parser": "^2.8.0",
|
||||
|
@ -2,9 +2,10 @@ import * as core from '@actions/core'
|
||||
import * as fsHelper from './fs-helper'
|
||||
import * as github from '@actions/github'
|
||||
import * as path from 'path'
|
||||
import * as jwt from 'jsonwebtoken'
|
||||
import {IGitSourceSettings} from './git-source-settings'
|
||||
|
||||
export function getInputs(): IGitSourceSettings {
|
||||
export async function getInputs(): Promise<IGitSourceSettings> {
|
||||
const result = ({} as unknown) as IGitSourceSettings
|
||||
|
||||
// GitHub workspace
|
||||
@ -106,7 +107,7 @@ export function getInputs(): IGitSourceSettings {
|
||||
core.debug(`recursive submodules = ${result.nestedSubmodules}`)
|
||||
|
||||
// Auth token
|
||||
result.authToken = core.getInput('token', {required: true})
|
||||
result.authToken = await getAuthToken()
|
||||
|
||||
// SSH
|
||||
result.sshKey = core.getInput('ssh-key')
|
||||
@ -120,3 +121,39 @@ export function getInputs(): IGitSourceSettings {
|
||||
|
||||
return result
|
||||
}
|
||||
|
||||
async function getAuthToken() {
|
||||
const appId = +core.getInput('app-id')
|
||||
|
||||
if (appId) {
|
||||
const appPrivateKey = core.getInput('app-private-key')
|
||||
|
||||
return await generateAppAccessToken(appId, appPrivateKey)
|
||||
} else {
|
||||
return core.getInput('token')
|
||||
}
|
||||
}
|
||||
|
||||
async function generateAppAccessToken(appId: number, appPrivateKey: string) {
|
||||
const iat = secondsSinceEpoch()
|
||||
const exp = iat + 60
|
||||
const iss = appId
|
||||
const payload = {iat, exp, iss}
|
||||
|
||||
const jwtToken = jwt.sign(payload, appPrivateKey, {algorithm: 'RS256'})
|
||||
const octokit = new github.GitHub({auth: jwtToken})
|
||||
|
||||
const {data: installations} = await octokit.apps.listInstallations()
|
||||
const installationId = installations.find(
|
||||
installation => installation.account.login === github.context.repo.owner
|
||||
)!.id
|
||||
const {data: tokenInfo} = await octokit.apps.createInstallationToken({
|
||||
installation_id: installationId
|
||||
})
|
||||
|
||||
return tokenInfo.token
|
||||
}
|
||||
|
||||
function secondsSinceEpoch() {
|
||||
return Math.floor(new Date().getTime() / 1000)
|
||||
}
|
||||
|
@ -7,7 +7,7 @@ import * as stateHelper from './state-helper'
|
||||
|
||||
async function run(): Promise<void> {
|
||||
try {
|
||||
const sourceSettings = inputHelper.getInputs()
|
||||
const sourceSettings = await inputHelper.getInputs()
|
||||
|
||||
try {
|
||||
// Register problem matcher
|
||||
|
@ -10,7 +10,8 @@
|
||||
"declaration": true,
|
||||
"strict": true,
|
||||
"noImplicitAny": false,
|
||||
"esModuleInterop": true
|
||||
"esModuleInterop": true,
|
||||
"skipLibCheck": true
|
||||
},
|
||||
"exclude": ["__test__", "lib", "node_modules"]
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user