-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.js
executable file
·66 lines (54 loc) · 1.67 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
#! /usr/bin/env node
const sodium = require("tweetsodium");
const { exec } = require("child_process");
const { owner, repo, envpath } = require("yargs/yargs")(process.argv.slice(2)).argv;
if (!owner) {
console.log("Repo Owner is required!");
process.exit(0);
} else if (!repo) {
console.log("Repo Name is required!");
process.exit(0);
} else if (!envpath) {
console.log("Env Path is not provided, using .env");
}
const env = require("dotenv").config({ path: envpath ?? ".env" });
const getPublicKey = `gh api \
-H "Accept: application/vnd.github.v3+json" \
/repos/${owner}/${repo}/actions/secrets/public-key `;
exec(getPublicKey, (error, stdout, stderr) => {
if (error) {
console.log(`error: ${error.message}`);
return;
} else if (stderr) {
console.log(`stderr: ${stderr}`);
return;
}
const res = JSON.parse(stdout);
const KEY = res.key_id;
const KEY_BYTES = Buffer.from(res.key, "base64");
const getCommand = (key, value) => `gh api \
--method PUT \
-H "Accept: application/vnd.github.v3+json" \
/repos/${owner}/${repo}/actions/secrets/${key} \
-f encrypted_value='${value}' \
-f key_id='${KEY}'`;
const encrypt = (value) => {
const messageBytes = Buffer.from(value);
const encryptedBytes = sodium.seal(messageBytes, KEY_BYTES);
return Buffer.from(encryptedBytes).toString("base64");
};
Object.keys(env.parsed).map((key) => {
const value = env.parsed[key];
console.log(key, value);
exec(getCommand(key, encrypt(value)), (error, _, stderr) => {
if (error) {
console.log(`error: ${error.message}`);
return;
} else if (stderr) {
console.log(`stderr: ${stderr}`);
return;
}
console.log(`Key ${key} set!`);
});
});
});