-
Notifications
You must be signed in to change notification settings - Fork 102
76 lines (72 loc) · 3.17 KB
/
workflow-tester74.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
name: Test 74 # Related to https://github.com/GuillaumeFalourd/formulas-github/issues/21
on:
push:
jobs:
Test:
name: Test
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: '3.10'
- name: Pip Install
shell: pwsh
run : |
pip install PyGithub
python -m pip install requests
- uses: jannekem/run-python-script-action@v1
id: secret
env:
TOKEN: ${{ secrets.ACCESS_TOKEN }}
with:
script: |
#!/usr/bin/python3
import requests
import json
from base64 import b64encode
from nacl import encoding, public
def run(token, owner, repository, secret_name, secret_value):
url_public_key = f"https://api.github.com/repos/{owner}/{repository}/actions/secrets/public-key"
authorization = f"token {token}"
headers = {
"Accept": "application/vnd.github.v3+json",
"Authorization" : authorization,
"X-GitHub-Api-Version": "2022-11-28",
}
r = requests.get(
url = url_public_key,
headers = headers
)
if r.status_code == 200:
key_datas = r.json()
url_secret = f"https://api.github.com/repos/{owner}/{repository}/actions/secrets/{secret_name}"
data = {}
data["encrypted_value"] = encrypt(key_datas["key"], secret_value)
data["key_id"] = key_datas["key_id"]
json_data = json.dumps(data)
r = requests.put(
url = url_secret,
data = json_data,
headers = headers
)
if r.status_code == 201 or r.status_code == 204:
print(r.status_code)
print(f"✅ Secret \033[36m{secret_name}\033[0m successfully added to {owner}'s \033[36m{repository}\033[0m repository")
else:
print("❌ Couldn't add the secret to the repository")
print (r.status_code, r.reason)
else:
print("❌ Couldn't get the repository public key")
print (r.status_code, r.reason)
def encrypt(public_key: str, secret_value: str) -> str:
"""Encrypt a Unicode string using the public key."""
public_key = public.PublicKey(public_key.encode("utf-8"), encoding.Base64Encoder())
sealed_box = public.SealedBox(public_key)
encrypted = sealed_box.encrypt(secret_value.encode("utf-8"))
return b64encode(encrypted).decode("utf-8")
run("${{ env.TOKEN }}", "GuillaumeFalourd", "poc-github-actions", "TEST_2", "MyNameIsGeovaniGeorgio")
- name: TestShow
shell: bash
run: echo "Secret value:" ${{ secrets.TEST_2 }} | sed 's/./& /g'