Git Product home page Git Product logo

Comments (11)

GuillaumeFalourd avatar GuillaumeFalourd commented on July 26, 2024 1

Ok, thank you for sharing the workflow 👍🏼

For what I observed looking at the Github API documentation for Creating Secrets and Getting a repository public key, the only things that changed since I implemented this code is the header referring to the Github API Version.

Solution:

I made it work here adding this Github API Version header to both requests 👍🏼

The workflow I used is quite similar to yours, and can be found here

Could you check it also works in your case @samyKhezandji ?

from formulas-github.

GuillaumeFalourd avatar GuillaumeFalourd commented on July 26, 2024 1

I asked the question on StackOverflow, let's see if someone has any idea how to solve this.

from formulas-github.

github-actions avatar github-actions commented on July 26, 2024

Thank you for opening this ISSUE. We'll give you a return ASAP 👍

from formulas-github.

GuillaumeFalourd avatar GuillaumeFalourd commented on July 26, 2024

Hi @samyKhezandji , how are you doing?

You're executing this formula: https://github.com/GuillaumeFalourd/formulas-github/tree/master/github/add/secret, right?

It may be related to the PAT scope permission you are using. Did you try updating it to check?

from formulas-github.

samyKhezandji avatar samyKhezandji commented on July 26, 2024

Hi @GuillaumeFalourd
I'm trying to do my best :D
That's right, this is the formula I tried to use.
I created a new PAT with a full access but it still working the same way : the secret name is created but not the secret value.
This is the Job that I use :

jobs:
  Test:
    name: Test
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v2
        
      - name: Pip Install
        shell: pwsh
        run : |
          pip install PyGithub
          python -m pip install requests
      - uses: jannekem/run-python-script-action@v1
        id: secret
        with:
          script: |
            #!/usr/bin/python3
            import requests
            import json
            from base64 import b64encode
            from nacl import encoding, public
            def run(token, owner, repository, secret_name, secret_value):
                url_public_key = f"https://api.github.com/repos/{owner}/{repository}/actions/secrets/public-key"
                authorization = f"token {token}"
                headers = {
                    "Accept": "application/vnd.github.v3+json",
                    "Authorization" : authorization,
                    }
                r = requests.get(
                    url = url_public_key,
                    headers = headers
                    )
                if r.status_code == 200:
                    key_datas = r.json()
                    url_secret = f"https://api.github.com/repos/{owner}/{repository}/actions/secrets/{secret_name}"
                    data = {}
                    data["encrypted_value"] = encrypt(key_datas["key"], secret_value)
                    data["key_id"] = key_datas["key_id"]
                    json_data = json.dumps(data)
                    r = requests.put(
                        url = url_secret,
                        data = json_data,
                        headers = headers
                        )
                    if r.status_code == 201 or r.status_code == 204:
                        print(f"✅ Secret \033[36m{secret_name}\033[0m successfully added to {owner}'s \033[36m{repository}\033[0m repository")
                    else:
                        print("❌ Couldn't add the secret to the repository")
                        print (r.status_code, r.reason)
                else:
                    print("❌ Couldn't get the repository public key")
                    print (r.status_code, r.reason)
            def encrypt(public_key: str, secret_value: str) -> str:
                """Encrypt a Unicode string using the public key."""
                public_key = public.PublicKey(public_key.encode("utf-8"), encoding.Base64Encoder())
                sealed_box = public.SealedBox(public_key)
                encrypted = sealed_box.encrypt(secret_value.encode("utf-8"))
                return b64encode(encrypted).decode("utf-8")
            
            run("examplePersonalAccessToken", "MyOrganization", "TestCreateSecretsAPI", "TEST", "MyNameIsGeovaniGeorgio")
     
      - name: TestShow
        shell: pwsh
        run : |
          echo "secret: ${{secrets.Test}}"

Normally, when the secret is created with it value the echo command show something like ***
but in my case it just show an empty space. I'm verry intrigued.

from formulas-github.

samyKhezandji avatar samyKhezandji commented on July 26, 2024

Hello @GuillaumeFalourd

Thank you for your answer and your proposed solution.
Believe me, it still doesn't work ! :(
Your code looks perfectly correct and I clearly saw that it worked for you, so I copied your code and created a PAT with a full access but it still doesn't work.

image

What kind of PAT token you used ?

Actually I tried with the classic one and the Beta version but the result is the same : not working :(

I'm trying to investigate more.

from formulas-github.

GuillaumeFalourd avatar GuillaumeFalourd commented on July 26, 2024

Is the repository public so I can have a look at it directly?

from formulas-github.

samyKhezandji avatar samyKhezandji commented on July 26, 2024

Hi @GuillaumeFalourd

I created a public repository in order to share it with you.

This is the link to the repository

from formulas-github.

GuillaumeFalourd avatar GuillaumeFalourd commented on July 26, 2024

I made a fork where I added a secret with all permissions, and it doesn't work indeed. I have no idea why 🤔

from formulas-github.

GuillaumeFalourd avatar GuillaumeFalourd commented on July 26, 2024

After testing a bit more here, it seems the workflow creates the secret with an empty value the first time, but fill the secret with the value as expected the second time it is executed. Could you check?

from formulas-github.

samyKhezandji avatar samyKhezandji commented on July 26, 2024

Yes I confirm that the second time it is executed the secret is create with its value. I don't understand why but I can eventualy execute the function two times each time I create a secret :/

from formulas-github.

Related Issues (15)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.