Support literal \n characters for GitHub App RSA Key #1341
Description
Clarity on this section in the README.md:
Note that github_app.key_base64 needs to be the base64-encoded .pem file, i.e., the output of
base64 app.private-key.pem (not directly the content of app.private-key.pem).
From that description I assume the base64 string once decoded must include new lines? If so I'd like to raise a feature request to support RSA keys with literal \n characters instead.
The reason I am asking is because the GitHub Terraform provider is a provider that you may use with this project to automate the creation of external webhooks with each runner groups API Gateway endpoint as the endpoint for its corresponding webhook. It would be cool if the behaviour of the 2 projects synced up in terms of how the provided credentials are processed. The specific behaviour I'd like see synced up is being introduced in the GitHub provider in this PR integrations/terraform-provider-github#931. I'd like to be able to store my RSA key in a single line with literal \n characters, I'd like this for a few reasons:
- It would be nice to mirror how the auth is processed with the GitHub terraform provider as it is likely that this project and that provider will be used in the same terraform apply e.g. create the webhook after deploying the philips-labs module. Keeping how credentials are handled in sync between the 2 projects will make storing and using the same credentials much easier.
- GitHub does not handle adding masks (
add-mask) to multi-line variables very well. This has been refactored a few times but it still isn't great. - GitHub makes injecting multi-line secrets into the
$GITHUB_ENVa faff. It is far easier to inject single line variables into the$GITHUB_ENVand more generally work with compared to multi-line variables in GitHub Actions
EDIT I think the change is quite simple, I think we just need to do a find and replace here https://github.com/philips-labs/terraform-aws-github-runner/blob/develop/modules/runners/lambdas/runners/src/scale-runners/gh-auth.ts#L51 the same that has been done in the linked PR, then add a test case for both formats.