-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathindex.js
More file actions
126 lines (90 loc) · 2.88 KB
/
index.js
File metadata and controls
126 lines (90 loc) · 2.88 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
const core = require("@actions/core");
const github = require("@actions/github");
const sodium = require("libsodium-wrappers");
const token = core.getInput("token");
const octokit = github.getOctokit(token);
const name = input("name", "");
const value = core.getInput("value");
const push_to_org = (input("org", "") !== "");
const visibility = input("visibility", "all");
const owner = input("owner", github.context.payload.repository.owner.login);
const repository = input("repository", github.context.payload.repository.name);
function path_() {
if (push_to_org) return "/orgs/" + owner;
if (repository.includes("/")) return "/repos/" + repository;
return "/repos/" + owner + "/" + repository;
}
function input(name, def) {
let inp = core.getInput(name).trim();
if (inp === "" || inp.toLowerCase() === "false") return def;
return inp;
}
const getPublicKey = async () => {
let url = "GET " + path_();
url += "/actions/secrets/public-key";
let { data } = await octokit.request(url);
return data;
};
const createSecret = async (key_id, key, secret) => {
// Check if libsodium is ready and then proceed.
return sodium.ready.then(() => {
// Convert the secret and key to a Uint8Array.
let binkey = sodium.from_base64(key, sodium.base64_variants.ORIGINAL);
let binsec = sodium.from_string(secret);
// Encrypt the secret using libsodium
let encBytes = sodium.crypto_box_seal(binsec, binkey);
// Convert the encrypted Uint8Array to Base64
let encryptedValue = sodium.to_base64(encBytes, sodium.base64_variants.ORIGINAL);
return {
encrypted_value: encryptedValue,
key_id
};
}).catch(error => {
throw new Error(`Failed to create secret: ${error.message}`);
});
};
const setSecret = (data) => {
let url = "PUT " + path_();
url += "/actions/secrets/" + name;
return octokit.request(url, {
data,
});
};
const bootstrap = async () => {
try {
if (name === "") {
throw new Error("No name was specified!");
}
const { key_id, key } = await getPublicKey();
let data = await createSecret(key_id, key, value);
if (push_to_org) data["visibility"] = visibility;
const response = await setSecret(data);
if (response.status === 201) {
return "Successfully created secret " + name + ".";
}
if (response.status === 204) {
return "Successfully updated secret " + name + " to new value.";
}
throw new Error("ERROR: Wrong status was returned: " + response.status);
} catch (e) {
core.setFailed(path_() + ": " + e.message);
console.error(e);
}
};
bootstrap()
.then(
(result) => {
// eslint-disable-next-line no-console
if (result != null) {
console.log(result);
}
},
(err) => {
// eslint-disable-next-line no-console
core.setFailed(err.message);
console.error(err);
},
)
.then(() => {
process.exit();
});