From a8a9c5b5379f6af972e6ab09ca0f3b84228ba915 Mon Sep 17 00:00:00 2001 From: Benjamin Coe Date: Thu, 5 Mar 2020 15:14:56 -0800 Subject: [PATCH 1/2] feat(samples): add sample demonstrating populating secrets for GitHub actions --- package.json | 2 ++ samples/create-secret.js | 76 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 78 insertions(+) create mode 100644 samples/create-secret.js diff --git a/package.json b/package.json index d3b04f9..21be559 100644 --- a/package.json +++ b/package.json @@ -23,7 +23,9 @@ "meow": "^6.0.0", "ora": "^4.0.2", "p-queue": "^6.0.2", + "text-encoding-shim": "^1.0.5", "tmp-promise": "^2.0.1", + "tweetsodium": "0.0.4", "update-notifier": "^4.0.0" }, "devDependencies": { diff --git a/samples/create-secret.js b/samples/create-secret.js new file mode 100644 index 0000000..88722af --- /dev/null +++ b/samples/create-secret.js @@ -0,0 +1,76 @@ +// Copyright 2018 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +/** + * @fileoverview Adds a collaborator to all repositories. + */ + +'use strict'; + +const {getConfig} = require('../build/src/lib/config'); +const {GitHub} = require('../build/src/lib/github.js'); +const sodium = require('tweetsodium'); +const meow = require('meow'); +const {TextEncoder} = require('text-encoding-shim'); + +/** Main function. + */ +async function main() { + const cli = meow( + ` + Usage + $ node ./samples/create-secret.js key secret + `, + {} + ); + + if (cli.input.length < 2) { + return cli.showHelp(-1); + } + const [key, secret] = cli.input; + const config = await getConfig(); + const github = new GitHub(config); + const repos = await github.getRepositories(); + let index = 0; + for (const repository of repos) { + const publicKey = ( + await github.client.get( + `/repos/${repository.repository.owner.login}/${repository.repository.name}/actions/secrets/public-key` + ) + ).data; + const encoder = new TextEncoder(); + const messageBytes = encoder.encode(secret); + const encoded = sodium.seal( + messageBytes, + Buffer.from(publicKey.key, 'base64') + ); + await github.client.put( + `/repos/${repository.repository.owner.login}/${repository.repository.name}/actions/secrets/${key}`, + { + encrypted_value: Buffer.from(encoded).toString('base64'), + key_id: publicKey.key_id, + } + ); + console.log( + `${repository.name}: [.] creating secret repository (${index} of ${repos.length} repositories completed)` + ); + ++index; + } + + console.log(`${repos.length} repositories completed`); +} + +main().catch(err => { + console.error(err.toString()); +}); From f15ec3311de99b7797e1c9ef46ab0433d4c13aea Mon Sep 17 00:00:00 2001 From: Benjamin Coe Date: Thu, 5 Mar 2020 15:17:19 -0800 Subject: [PATCH 2/2] chore: fix copyright --- samples/create-secret.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/samples/create-secret.js b/samples/create-secret.js index 88722af..741529a 100644 --- a/samples/create-secret.js +++ b/samples/create-secret.js @@ -1,4 +1,4 @@ -// Copyright 2018 Google LLC +// Copyright 2020 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License.