UNPKG

@ycmd/creds

Version:

LSK.js CLI Creds is the easiest way to manage GitHub / Gitlab secrets and credentials

github.com/lskjs/cli

lskjs/libs

125 lines (123 loc) 3.56 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
import { Service } from './chunk-7HIOIWZN.js'; import { __name } from './chunk-U2DZE3DI.js'; import { Err } from '@lsk4/err'; import { createLogger } from '@lsk4/log'; import axios from 'axios'; import _sodium from 'libsodium-wrappers'; var GithubService = class extends Service { static { __name(this, "GithubService"); } projectName; projectPath; projectCredsUrl; projectCredsOwner; token; server; log = createLogger(this.constructor.name); constructor(options) { super(options); this.assign(options); this.checkConfig(); this.client = this.createClient(options.clientOptions); } checkConfig() { if (!this.projectName) throw new Err("!projectName"); if (!this.projectPath) throw new Err("!projectPath"); if (!this.projectCredsUrl) throw new Err("!projectCredsUrl"); if (!this.projectCredsOwner) throw new Err("!projectCredsOwner"); if (!this.token) throw new Err("!token"); } createClient(options = {}) { const server = this.server || "api.github.com"; const baseURL = `https://${server}/repos/${this.getProjectPath()}`; return axios.create({ baseURL, headers: { Accept: "application/vnd.github+json", Authorization: `Bearer ${this.token}`, "X-GitHub-Api-Version": "2022-11-28" }, ...options }); } getServiceHostname() { return "github.com"; } getProjectPath() { return this.projectPath; } getProjectUrl() { return `https://${this.getServiceHostname()}/${this.getProjectPath()}`; } getProjectCICDSettingURL() { return `${this.getProjectUrl()}/settings/secrets/actions`; } async uploadSecret(name, variable) { const { data: publicKeyData } = await this.client({ method: "get", url: `/actions/secrets/public-key` }).catch((err) => { throw new Err(err.message, { data: err?.response?.data }); }); const content = typeof variable === "string" ? variable : variable.value; if (!publicKeyData?.key) throw new Err("!publicKey"); if (!publicKeyData?.key_id) throw new Err("!publicKeyId"); await _sodium.ready; const sodium = _sodium; const binkey = sodium.from_base64(publicKeyData.key, sodium.base64_variants.ORIGINAL); const binsec = sodium.from_string(content); const encBytes = sodium.crypto_box_seal(binsec, binkey); const output = sodium.to_base64(encBytes, sodium.base64_variants.ORIGINAL); await this.client({ method: "put", url: `/actions/secrets/${name}`, data: { encrypted_value: output, key_id: publicKeyData.key_id } }); } async uploadVariable(name, variable) { const value = typeof variable === "string" ? variable : variable.value; const { data: varData, status } = await this.client({ method: "get", url: `/actions/variables/${name}` }).catch((err) => err?.response); if (status === 404) { await this.client({ method: "post", url: `/actions/variables`, data: { name, value } }); } if (status === 200 && varData.name.toLowerCase() === name.toLowerCase()) { await this.client({ method: "patch", url: `/actions/variables/${name}`, data: { name, value } }); } } uploadHook() { throw new Err("Github hooks not supported yet"); } }; export { GithubService }; //# sourceMappingURL=out.js.map //# sourceMappingURL=chunk-NWVSN6VI.js.map