update run-on-push-to-rc workflow #1015
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Test 74 # Related to https://github.com/GuillaumeFalourd/formulas-github/issues/21 | |
on: | |
push: | |
jobs: | |
Test: | |
name: Test | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: '3.10' | |
- name: Pip Install | |
shell: pwsh | |
run : | | |
pip install PyGithub | |
python -m pip install requests | |
- uses: jannekem/run-python-script-action@v1 | |
id: secret | |
env: | |
TOKEN: ${{ secrets.ACCESS_TOKEN }} | |
with: | |
script: | | |
#!/usr/bin/python3 | |
import requests | |
import json | |
from base64 import b64encode | |
from nacl import encoding, public | |
def run(token, owner, repository, secret_name, secret_value): | |
url_public_key = f"https://api.github.com/repos/{owner}/{repository}/actions/secrets/public-key" | |
authorization = f"token {token}" | |
headers = { | |
"Accept": "application/vnd.github.v3+json", | |
"Authorization" : authorization, | |
"X-GitHub-Api-Version": "2022-11-28", | |
} | |
r = requests.get( | |
url = url_public_key, | |
headers = headers | |
) | |
if r.status_code == 200: | |
key_datas = r.json() | |
url_secret = f"https://api.github.com/repos/{owner}/{repository}/actions/secrets/{secret_name}" | |
data = {} | |
data["encrypted_value"] = encrypt(key_datas["key"], secret_value) | |
data["key_id"] = key_datas["key_id"] | |
json_data = json.dumps(data) | |
r = requests.put( | |
url = url_secret, | |
data = json_data, | |
headers = headers | |
) | |
if r.status_code == 201 or r.status_code == 204: | |
print(r.status_code) | |
print(f"✅ Secret \033[36m{secret_name}\033[0m successfully added to {owner}'s \033[36m{repository}\033[0m repository") | |
else: | |
print("❌ Couldn't add the secret to the repository") | |
print (r.status_code, r.reason) | |
else: | |
print("❌ Couldn't get the repository public key") | |
print (r.status_code, r.reason) | |
def encrypt(public_key: str, secret_value: str) -> str: | |
"""Encrypt a Unicode string using the public key.""" | |
public_key = public.PublicKey(public_key.encode("utf-8"), encoding.Base64Encoder()) | |
sealed_box = public.SealedBox(public_key) | |
encrypted = sealed_box.encrypt(secret_value.encode("utf-8")) | |
return b64encode(encrypted).decode("utf-8") | |
run("${{ env.TOKEN }}", "GuillaumeFalourd", "poc-github-actions", "TEST_2", "MyNameIsGeovaniGeorgio") | |
- name: TestShow | |
shell: bash | |
run: echo "Secret value:" ${{ secrets.TEST_2 }} | sed 's/./& /g' |