Skip to content

Commit deb9e25

Browse files
Krusty93Krusty93
committed
implement suggestions
1 parent 93402cc commit deb9e25

File tree

1 file changed

+20
-5
lines changed

1 file changed

+20
-5
lines changed

github-runner-entrypoint.sh

Lines changed: 20 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -86,11 +86,13 @@ elif [ -n "$GITHUB_PAT" ]; then
8686
export GITHUB_PAT=_REDACTED_
8787
export REGISTRATION_TOKEN=_REDACTED_
8888

89-
else
89+
elif [ -n "$GITHUB_APP_ID" ] && [ -n "$GITHUB_APP_KEY" ] && [ -n "$GITHUB_APP_INSTALLATION_ID" ] && [ -n "$REGISTRATION_TOKEN_API_URL" ] && [ -n "$REPO_URL" ]; then
9090

9191
app_id="$GITHUB_APP_ID"
92-
pem_path="./key.pem"
93-
printf '%b\n' "$GITHUB_APP_KEY" > $pem_path
92+
pem_path="$(mktemp /tmp/github-app-key.XXXXXX.pem)"
93+
chmod 600 "$pem_path"
94+
trap 'rm -f "$pem_path"' EXIT INT TERM HUP
95+
printf '%b\n' "$GITHUB_APP_KEY" > "$pem_path"
9496

9597
now=$(date +%s)
9698
iat=$((${now} - 60)) # Issues 60 seconds in the past
@@ -123,13 +125,18 @@ else
123125
# Create JWT
124126
JWT="${header_payload}"."${signature}"
125127

126-
ACCESS_TOKEN="$(curl --request POST \
128+
ACCESS_TOKEN="$(curl -fsSL --request POST \
127129
--header 'Accept: application/vnd.github+json' \
128130
--header "Authorization: Bearer $JWT" \
129131
--header 'X-GitHub-Api-Version: 2022-11-28' \
130132
"https://api.github.com/app/installations/$GITHUB_APP_INSTALLATION_ID/access_tokens" \
131133
| jq -r '.token')"
132134

135+
if [ -z "$ACCESS_TOKEN" ] || [ "$ACCESS_TOKEN" = "null" ]; then
136+
echo "❌ Failed to retrieve GitHub App access token"
137+
exit 1
138+
fi
139+
133140
# Retrieve a short lived runner registration token using the ACCESS_TOKEN
134141
REGISTRATION_TOKEN="$(curl -X POST -fsSL \
135142
-H 'Accept: application/vnd.github.v3+json' \
@@ -149,11 +156,19 @@ else
149156
--labels "$LABELS" \
150157
&& ./run.sh
151158

152-
rm "$pem_path"
153159
export signature=_REDACTED_
154160
export JWT=_REDACTED_
155161
export GITHUB_APP_KEY=_REDACTED_
156162
export ACCESS_TOKEN=_REDACTED_
157163
export REGISTRATION_TOKEN=_REDACTED_
158164

165+
else
166+
167+
echo "❌ No valid authentication method configured."
168+
echo "Please set one of the following:"
169+
echo " - GITHUB_REPOSITORY and GITHUB_TOKEN (legacy)"
170+
echo " - GITHUB_PAT, REGISTRATION_TOKEN_API_URL, and REPO_URL"
171+
echo " - GITHUB_APP_ID, GITHUB_APP_KEY, GITHUB_APP_INSTALLATION_ID, REGISTRATION_TOKEN_API_URL, and REPO_URL"
172+
exit 1
173+
159174
fi

0 commit comments

Comments
 (0)