File tree 5 files changed +60
-14
lines changed
5 files changed +60
-14
lines changed Original file line number Diff line number Diff line change 3131
3232 - uses : aws-actions/configure-aws-credentials@v4
3333 with :
34- role-to-assume : arn:aws:iam::339712900631:role/OrganizationAccountAccessRole
35- aws-region : us-east-1
34+ role-to-assume : ${{ env.AWS_DEPLOY_ROLE}}
35+ aws-region : ${{ env.AWS_REGION}}
3636
3737 - run : yarn deploy --stage $NODE_ENV
38+ env :
39+ GH_APP_URL : ${{ env.GH_APP_URL }}
40+ GH_APP_ID : ${{ env.GH_APP_ID }}
41+ GH_CLIENT_ID : ${{ env.GH_CLIENT_ID }}
42+ GH_CLIENT_SECRET : ${{ secrets.GH_CLIENT_SECRET }}
43+ GH_PRIVATE_KEY : ${{ secrets.GH_PRIVATE_KEY }}
44+ GH_WEBHOOK_SECRET : ${{ secrets.GH_WEBHOOK_SECRET }}
Original file line number Diff line number Diff line change @@ -33,3 +33,35 @@ Trust Relationship:
3333 ]
3434}
3535```
36+
37+ ## GitHub App
38+
39+ 1 . Create a GitHub App
40+ 1 . Set Homepage URL
41+ 1 . Set Callback URL
42+ 1 . Enable Request user authorization (OAuth) during installation
43+ 1 . Enable Device Flow
44+ 1 . Set Webhook URL
45+ 1 . Set Webhook Secret
46+ 1 . Set Repository Permissions
47+ 1 . Repo Admin R/W?
48+ 1 . Webhooks R/W?
49+ 1 . Single File: saml-to.yml
50+ 1 . Set Organization Permissions
51+ 1 . Members R/O
52+ 1 . Set Member Permssions
53+ 1 . Email Addresses R/O
54+ 1 . Set Events
55+ 1 . Member
56+ 1 . Meta
57+ 1 . Membership
58+ 1 . Organization
59+ 1 . Repository
60+ 1 . Team
61+ 1 . Team Add
62+ 1 . Generate a Client Secret
63+ 1 . Copy into GitHub Secrets: NAME: TODO
64+ 1 . Generate a Private Key
65+ 1 . Base64 Encode: ` cat ~/Downloads/saml-to-self-hosted.2024-02-04.private-key.pem | base64 `
66+ 1 . Copy into GitHub Secrets: NAME: TODO
67+
Original file line number Diff line number Diff line change 1+ module . exports . GH_APP_URL = process . env [ `GH_APP_URL` ] ;
2+ module . exports . GH_APP_ID = process . env [ `GH_APP_ID` ] ;
3+ module . exports . GH_CLIENT_ID = process . env [ `GH_CLIENT_ID` ] ;
4+ module . exports . GH_APP_SECRETS = JSON . stringify ( {
5+ [ `GITHUB_${ process . env [ `GH_CLIENT_ID` ] } ] : process . env [ `GH_CLIENT_SECRET` ] ,
6+ [ `GITHUB_PRIVATE_KEY_${ process . env [ `GH_APP_ID` ] } ] : Buffer . from (
7+ process . env [ `GH_PRIVATE_KEY` ]
8+ ) . toString ( `base64` ) ,
9+ [ `GITHUB_WEBHOOK_SECRET_${ process . env [ `GH_APP_ID` ] } ] :
10+ process . env [ `GH_WEBHOOK_SECRET` ] ,
11+ } ) ;
Load Diff This file was deleted.
Original file line number Diff line number Diff line change @@ -33,6 +33,9 @@ provider:
3333 lambda : true
3434 environment :
3535 STAGE : ${self:provider.stage}
36+ GITHUB_APP_ID : ${file(github-app.cjs):GH_APP_ID}
37+ GITHUB_CLIENT_IDS : ${file(github-app.cjs):GH_CLIENT_ID}
38+ GITHUB_APP_URL : ${file(github-app.cjs):GH_APP_URL}
3639
3740functions :
3841 github :
@@ -78,11 +81,11 @@ functions:
7881
7982resources :
8083 Resources :
81- # Secret :
82- # Type: AWS::SecretsManager::Secret
83- # Properties:
84- # Name: ${self:service}-${self: provider.stage}
85- # SecretString: ${file(scripts/config.js):SECRETS }
84+ GithubSecret :
85+ Type : AWS::SecretsManager::Secret
86+ Properties :
87+ Name : lambda/ ${self:provider.stage}/github-sls-rest-api
88+ SecretString : ${file(github-app.cjs):GH_APP_SECRETS }
8689
8790 # Topic:
8891 # Type: AWS::SNS::Topic
You can’t perform that action at this time.
0 commit comments