Merge pull request #25 from greenkeeperio/feat/gke-3

feat: use GKE3 endpoint, hmac and all
greenkeeperio · Aug 17, 2018 · 99f128c · 99f128c
2 parents 114129a + 1cf2d1d
commit 99f128c
Show file tree

Hide file tree

Showing 2 changed files with 54 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -12,10 +12,19 @@ npm install greenkeeper-postpublish --save-dev
 Then add it to your `scripts` in your `package.json`:
 ```json
   "scripts": {
-    "postpublish": "greenkeeper-postpublish"
+    "postpublish": "greenkeeper-postpublish --secret=$GK_NPMHOOK_SECRET --installation=$GK_INSTALLATION_ID"
   }
 ```
 
+You can also set the `secret` and `installation` values in your publish environment:
+
+```
+gk_secret=$GK_NPMHOOK_SECRET
+gh_installation=$GK_INSTALLATION_ID
+```
+
+Where the `GK_NPMHOOK_SECRET` is set in your Greenkeeper Enterprise Admin Dashboard at https://gke.your-company.com:8800 and `GK_INSTALLATION_ID` can be found in your GitHub Enterprise setup on the organisation for your modules: https://ghe.your-company.com/organizations/$organisation_name/settings/installations -> Greenkeeper -> the integer number in the URL.
+
 When set up like this, every time your release the package (with `npm publish`),
 it will let Greenkeeper know that there is a new version available.
 
@@ -33,7 +42,7 @@ parse it and use its `name` and `version`.
 You can also specify the `--pkgname` and `--pkgversion` parameters instead:
 
 ```
-greenkeeper-postpublish --pkgname mypackage --pkgversion 4.2.0
+greenkeeper-postpublish --pkgname mypackage --pkgversion 4.2.0 --secret=abcd --installation=54321
 ```
 
 🌴

diff --git a/index.js b/index.js
@@ -2,6 +2,7 @@
 
 var fs = require('fs')
 var path = require('path')
+var crypto = require('crypto')
 
 var emoji = require('node-emoji')
 var flags = require('@greenkeeper/flags')
@@ -23,6 +24,20 @@ if (flags.version) {
 
 var packageName = flags.pkgname || process.env['npm_package_name']
 var packageVersion = flags.pkgversion || process.env['npm_package_version']
+var installation = flags.installation || process.env['gh_installation']
+var gkSecret = flags.secret || process.env['gk_secret']
+
+if (!installation) {
+  log.error('postpublish', 'environment variable `gh_installation` or argument --installation missing')
+}
+
+if (!gkSecret) {
+  log.error('postpublish', 'environment variable `gk_secret` or argument --secret missing')
+}
+
+if (!installation || !gkSecret) {
+  process.exit(1)
+}
 
 if (!packageName || !packageVersion) {
   var currentPackage
@@ -37,25 +52,47 @@ if (!packageName || !packageVersion) {
     log.error('postpublish', 'Like so: "scripts": [{"postpublish": "greenkeeper-postpublish"}]')
     log.error('postpublish', 'Make sure it is listed in the devDependencies as well.')
     log.error('postpublish', 'Alternatively specify the --pkgname and --pkgversion flags.')
-    process.exit(1)
+    process.exit(2)
   }
   packageName = currentPackage.name
   packageVersion = currentPackage.version
 }
+
 log.info('postpublish', 'Use ' + packageName + '@' + packageVersion)
 log.http('postpublish', 'Sending request')
+
+const versions = {}
+versions[packageVersion] = {}
+const body = {
+  payload: {
+    name: packageName,
+    'dist-tags': {
+      latest: packageVersion
+    },
+    versions: versions
+  }
+}
+
+const secret = crypto.createHmac('sha256', gkSecret)
+  .update(installation)
+  .digest('hex')
+
+const hmacPayload = crypto.createHmac('sha256', secret)
+  .update(JSON.stringify(body))
+  .digest('hex')
+
 request({
   method: 'POST',
-  url: flags.api + 'webhooks/npm',
+  url: `${flags.api}npm/${installation}`,
   json: true,
-  body: {
-    name: packageName,
-    version: packageVersion
+  body: body,
+  headers: {
+    'x-npm-signature': `sha256=${hmacPayload}`
   }
 }, function (err, res, data) {
   if (err) {
     log.error('postpublish', err.message)
-    process.exit(2)
+    process.exit(3)
   }
 
   if (data && data.ok) {