-
Notifications
You must be signed in to change notification settings - Fork 2
/
index.js
121 lines (91 loc) · 3.3 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
import {Octokit} from 'octokit';
import sodium from 'libsodium-wrappers';
import core from '@actions/core'
import github from '@actions/github'
const updateGithubSecret = async () => {
const repoOwner = core.getInput('repo_owner_name') || github.context.repo.owner;
const repoName = core.getInput('repo_name') || github.context.repo.repo;
const githubToken = core.getInput('github_token');
const variable = core.getBooleanInput('variable');
if(!githubToken) {
throw new Error('No token provided');
}
const octokit = new Octokit({
auth: githubToken,
});
if(variable) {
const variableName = core.getInput('variable_name');
const variableValue = core.getInput('variable_value');
if(!variableName) {
throw new Error('variable_name cannot be empty');
}
const updateVariableRequest = await octokit.request(
`PATCH /repos/${repoOwner}/${repoName}/actions/variables/${variableName}`,
{
owner: repoOwner,
repo: repoName,
name: variableName,
value: variableValue,
headers: {
'X-GitHub-Api-Version': '2022-11-28',
},
},
);
if(updateVariableRequest.status && updateVariableRequest.status == 204) {
core.setOutput('result', '✅ Github Repository Variable Updated Successfully!');
} else {
core.setFailed('❌ Failed to update repository action variable!');
}
return;
}
// The secret key name you want to update
const secretName = core.getInput('secret_name');
// The secret value you want to encrypt and update in secrets
const secretValue = core.getInput('secret_value');
if(!secretName) {
throw new Error('secret_name cannot be empty');
}
const publicKeyRequest = await octokit.request(
`GET /repos/${repoOwner}/${repoName}/actions/secrets/public-key`,
{
owner: repoOwner,
repo: repoName,
headers: {
'X-GitHub-Api-Version': '2022-11-28',
},
},
);
if(publicKeyRequest.status && publicKeyRequest.status == 200) {
//Check if libsodium is ready and then proceed.
sodium.ready.then(async () => {
// Convert Secret & Base64 key to Uint8Array.
let binkey = sodium.from_base64(publicKeyRequest.data.key, sodium.base64_variants.ORIGINAL);
let binsec = sodium.from_string(secretValue);
//Encrypt the secret using LibSodium
let encBytes = sodium.crypto_box_seal(binsec, binkey);
// Convert encrypted Uint8Array to Base64
let output = sodium.to_base64(encBytes, sodium.base64_variants.ORIGINAL);
const updateSecretRequest = await octokit.request(
`PUT /repos/${repoOwner}/${repoName}/actions/secrets/${secretName}`,
{
owner: repoOwner,
repo: repoName,
secret_name: secretName,
encrypted_value: output,
key_id: publicKeyRequest.data.key_id,
headers: {
'X-GitHub-Api-Version': '2022-11-28',
},
},
);
if(updateSecretRequest.status && updateSecretRequest.status == 200) {
core.setOutput('result', '✅ Github Action Secret Updated Successfully!');
} else {
core.setFailed('❌ Failed to update repository action secret!');
}
});
} else {
core.setFailed('❌ Failed to get repository public key!');
}
};
updateGithubSecret();