@veecode-platform/safira-cli
Version:
Generate a microservice project from your spec.
145 lines (144 loc) • 6.76 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.GithubSecretStatus = exports.GithubRepositoryService = void 0;
const tslib_1 = require("tslib");
const sodium = tslib_1.__importStar(require("@devtomio/sodium"));
const properties = tslib_1.__importStar(require("../../properties.json"));
const https = tslib_1.__importStar(require("https"));
const url_1 = require("url");
const string_utils_1 = require("../../utils/string-utils");
const git_exception_1 = require("../../exception/git-exception");
const json_utils_1 = require("../../utils/json-utils");
class GithubRepositoryService {
constructor() { }
async getActionsPublicKey(credential, ownerAndRepository) {
return new Promise((resolve, reject) => {
const url = new url_1.URL(`${properties.github["api-host"]}/repos/${ownerAndRepository}/actions/secrets/public-key`);
const options = {
hostname: url.hostname,
port: 443,
path: url.pathname,
method: "GET",
headers: {
Authorization: `token ${credential.token}`,
Accept: "application/vnd.github.v3+json",
"User-Agent": string_utils_1.StringUtils.getUserAgent(),
},
};
const req = https.request(options, res => {
res.setEncoding("utf8");
let body = "";
res.on("data", d => {
body += d;
});
res.on("end", () => {
const bodyMap = JSON.parse(json_utils_1.JsonUtils.isJsonString(body) ? body : "{}");
switch (res.statusCode) {
case 200:
resolve(bodyMap);
break;
case 404:
reject(new git_exception_1.GitPublicKeyNotFoundException(bodyMap?.message || res.statusMessage));
break;
case 401:
reject(new git_exception_1.GitAccessDeniedException(bodyMap?.message || res.statusMessage));
break;
default:
reject(new git_exception_1.GitException(`${res.statusCode}-${bodyMap?.message || res.statusMessage}`));
break;
}
});
});
req.on("error", error => {
reject(error);
});
req.end();
});
}
async createSecret(credential, ownerAndRepository, secretName, secretValue, publicKey) {
return new Promise((resolve, reject) => {
if (!publicKey) {
resolve(this.getActionsPublicKey(credential, ownerAndRepository));
}
if (publicKey) {
resolve(publicKey);
}
}).then(publicKey => {
return new Promise((resolve, reject) => {
const url = new url_1.URL(`${properties.github["api-host"]}/repos/${ownerAndRepository}/actions/secrets/${secretName}`);
const encryptedValue = this._encrypt(secretValue, publicKey.key);
const requestBody = JSON.stringify({ encrypted_value: encryptedValue, key_id: publicKey.key_id });
const options = {
hostname: url.hostname,
port: 443,
path: url.pathname,
method: "PUT",
headers: {
Authorization: `token ${credential.token}`,
Accept: "application/vnd.github.v3+json",
"User-Agent": string_utils_1.StringUtils.getUserAgent(),
"Content-Type": "application/json",
"Content-Length": Buffer.byteLength(requestBody),
},
};
const req = https.request(options, res => {
res.setEncoding("utf8");
let body = "";
res.on("data", d => {
body += d;
});
res.on("end", () => {
const bodyMap = JSON.parse(json_utils_1.JsonUtils.isJsonString(body) ? body : "{}");
switch (res.statusCode) {
case 201:
resolve({ key: secretName, status: GithubSecretStatus.CREATED });
break;
case 204:
resolve({ key: secretName, status: GithubSecretStatus.UPDATED });
break;
case 404:
reject(new git_exception_1.GitPublicKeyNotFoundException(bodyMap?.message || res.statusMessage));
break;
case 401:
reject(new git_exception_1.GitAccessDeniedException(bodyMap?.message || res.statusMessage));
break;
default:
reject(new git_exception_1.GitException(`${res.statusCode}-${bodyMap?.message || res.statusMessage}`));
break;
}
});
});
req.on("error", error => {
reject(error);
});
req.write(requestBody);
req.end();
});
});
}
async createSecretList(credential, ownerAndRepository, secrets, publicKey) {
const promises = new Array();
for (const [key, value] of secrets.entries())
promises.push(this.createSecret(credential, ownerAndRepository, key, value, publicKey));
return Promise.all(promises);
}
_encrypt(value, publicKey) {
const messageBytes = Buffer.from(value);
const keyBytes = Buffer.from(publicKey, "base64");
const encryptedBytes = sodium.crypto_box_seal(messageBytes, keyBytes);
return Buffer.from(encryptedBytes).toString("base64");
}
static get instance() {
if (!this._instance) {
this._instance = new this();
}
return this._instance;
}
}
exports.GithubRepositoryService = GithubRepositoryService;
var GithubSecretStatus;
(function (GithubSecretStatus) {
GithubSecretStatus["CREATED"] = "CREATED";
GithubSecretStatus["UPDATED"] = "UPDATED";
GithubSecretStatus["ERROR"] = "ERROR";
})(GithubSecretStatus = exports.GithubSecretStatus || (exports.GithubSecretStatus = {}));