Switch to using sentry's app action

tgstation · Aug 21, 2024 · 106236a · 106236a
1 parent 661eef5
commit 106236a
Show file tree

Hide file tree

Showing 6 changed files with 112 additions and 176 deletions.
diff --git a/.github/workflows/dependabot-automerge.yml b/.github/workflows/dependabot-automerge.yml
@@ -17,21 +17,14 @@ jobs:
     runs-on: ubuntu-latest
     if: github.event.pull_request.user.id == 49699333
     steps:
-      - name: Tool Checkout
-        uses: actions/checkout@v4
-
-      - name: Build
-        run: |
-          cd tools/Tgstation.Server.DeploymentsTool
-          dotnet publish -c Release -o ${{ runner.temp }}/tool
-
       - name: Generate App Token
-        run: |
-          dotnet ${{ runner.temp }}/tool/Tgstation.Server.DeploymentsTool.dll ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_SERIALIZED }} token ${{ runner.temp }}/installation_secret.txt
-          echo "INSTALLATION_TOKEN=$(cat ${{ runner.temp }}/installation_secret.txt)" >> $GITHUB_ENV
-          rm ${{ runner.temp }}/installation_secret.txt
+        id: app-token-generation
+        uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc
+        with:
+          app_id: ${{ secrets.APP_ID }}
+          private_key: ${{ secrets.APP_PRIVATE_KEY }}
 
       - name: Enable Automerge
         uses: daneden/enable-automerge-action@f8558b65c5b8d8bfb592c4e74e3d491624a38fbd #v1.0.2-ish
         with:
-          github-token: ${{ env.INSTALLATION_TOKEN }}
+          github-token: ${{ steps.app-token-generation.outputs.token }}
diff --git a/.github/workflows/periodic_cleanup.yml b/.github/workflows/periodic_cleanup.yml
@@ -13,54 +13,49 @@ jobs:
     name: Clean up Unresponsive Installations
     runs-on: ubuntu-latest
     steps:
-    - name: Setup dotnet
-      uses: actions/setup-dotnet@v4
-      with:
-        dotnet-version: '8.0.x'
-
-    - name: Tool Checkout
-      uses: actions/checkout@v4
-      with:
-        path: temp_workspace
-
-    - name: Restore
-      run: |
-        cd temp_workspace
-        dotnet restore
-
-    - name: Build
-      run: |
-        cd temp_workspace/tools/Tgstation.Server.DeploymentsTool
-        dotnet publish -c Release -o ${{ runner.temp }}/tool
-
-    - name: Generate App Token
-      run: |
-        dotnet ${{ runner.temp }}/tool/Tgstation.Server.DeploymentsTool.dll ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_SERIALIZED }} token ${{ runner.temp }}/installation_secret.txt
-        echo "INSTALLATION_TOKEN=$(cat ${{ runner.temp }}/installation_secret.txt)" >> $GITHUB_ENV
-        rm ${{ runner.temp }}/installation_secret.txt
-
-    - name: Main Checkout
-      uses: actions/checkout@v4
-      with:
-        ref: data
-        token: ${{ env.INSTALLATION_TOKEN }}
-
-    - name: Update Deployments
-      run: dotnet ${{ runner.temp }}/tool/Tgstation.Server.DeploymentsTool.dll ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_SERIALIZED }} cleanup
-
-    - name: Git Config
-      run: |
-        git config user.name "tgstation-server-ci[bot]"
-        git config user.email "161980869+tgstation-server-ci[bot]@users.noreply.github.com"
-
-    - name: Git Stage
-      run: git add .
-
-    - name: Git Commit
-      run: |
-        git diff-index --quiet HEAD || git commit -m 'Cleanup Telemetry Entries' -m 'Job: ${{ github.run_id }}'
-
-    - name: Git Push
-      run: |
-        git push -u origin data
-
+      - name: Setup dotnet
+        uses: actions/setup-dotnet@v4
+        with:
+          dotnet-version: "8.0.x"
+
+      - name: Tool Checkout
+        uses: actions/checkout@v4
+        with:
+          path: temp_workspace
+
+      - name: Build
+        run: |
+          cd temp_workspace/tools/Tgstation.Server.DeploymentsTool
+          dotnet publish -c Release -o ${{ runner.temp }}/tool
+
+      - name: Generate App Token
+        id: app-token-generation
+        uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc
+        with:
+          app_id: ${{ secrets.APP_ID }}
+          private_key: ${{ secrets.APP_PRIVATE_KEY }}
+
+      - name: Main Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: data
+          token: ${{ steps.app-token-generation.outputs.token }}
+
+      - name: Update Deployments
+        run: dotnet ${{ runner.temp }}/tool/Tgstation.Server.DeploymentsTool.dll ${{ steps.app-token-generation.outputs.token }} cleanup
+
+      - name: Git Config
+        run: |
+          git config user.name "tgstation-server-ci[bot]"
+          git config user.email "161980869+tgstation-server-ci[bot]@users.noreply.github.com"
+
+      - name: Git Stage
+        run: git add .
+
+      - name: Git Commit
+        run: |
+          git diff-index --quiet HEAD || git commit -m 'Cleanup Telemetry Entries' -m 'Job: ${{ github.run_id }}'
+
+      - name: Git Push
+        run: |
+          git push -u origin data
diff --git a/.github/workflows/size-labelling.yml b/.github/workflows/size-labelling.yml
@@ -14,7 +14,14 @@ jobs:
       pull-requests: write
     runs-on: ubuntu-latest
     steps:
+      - name: Generate App Token
+        id: app-token-generation
+        uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc
+        with:
+          app_id: ${{ secrets.APP_ID }}
+          private_key: ${{ secrets.APP_PRIVATE_KEY }}
+
       - name: size-label
         uses: "pascalgn/size-label-action@bbbaa0d5ccce8e2e76254560df5c64b82dac2e12" # v0.5.2, consider upgrading after https://github.com/pascalgn/size-label-action/pull/54 is merged
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ steps.app-token-generation.outputs.token }}
diff --git a/.github/workflows/tgs_deployments_telemetry.yml b/.github/workflows/tgs_deployments_telemetry.yml
@@ -4,19 +4,19 @@ on:
   workflow_dispatch:
     inputs:
       telemetry_id:
-        description: 'Telemetry ID'
+        description: "Telemetry ID"
         required: true
         type: string
       tgs_semver:
-        description: 'TGS Version'
+        description: "TGS Version"
         required: true
         type: string
       shutdown:
-        description: 'Shutdown'
+        description: "Shutdown"
         required: true
         type: boolean
       server_friendly_name:
-        description: 'Server Friendly Name'
+        description: "Server Friendly Name"
         type: string
 
 concurrency:
@@ -27,59 +27,39 @@ jobs:
     name: Report TGS Version
     runs-on: ubuntu-latest
     steps:
-    - name: Setup dotnet
-      uses: actions/setup-dotnet@v4
-      with:
-        dotnet-version: '8.0.x'
+      - name: Generate App Token
+        id: app-token-generation
+        uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc
+        with:
+          app_id: ${{ secrets.APP_ID }}
+          private_key: ${{ secrets.APP_PRIVATE_KEY }}
 
-    - name: Tool Checkout
-      uses: actions/checkout@v4
-      with:
-        path: temp_workspace
+      - name: Main Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: data
+          token: ${{ steps.app-token-generation.outputs.token }}
 
-    - name: Restore
-      run: |
-        cd temp_workspace
-        dotnet restore
+      - name: Update Deployments
+        env:
+          TELEMETRY_ID: ${{ github.event.inputs.telemetry_id }}
+          TGS_SEMVER: ${{ github.event.inputs.tgs_semver }}
+          SHUTDOWN: ${{ github.event.inputs.shutdown }}
+          SERVER_FRIENDLY_NAME: ${{ github.event.inputs.server_friendly_name }}
+        run: dotnet ${{ runner.temp }}/tool/Tgstation.Server.DeploymentsTool.dll ${{ steps.app-token-generation.outputs.token }} telemetry
 
-    - name: Build
-      run: |
-        cd temp_workspace/tools/Tgstation.Server.DeploymentsTool
-        dotnet publish -c Release -o ${{ runner.temp }}/tool
+      - name: Git Config
+        run: |
+          git config user.name "tgstation-server-ci[bot]"
+          git config user.email "161980869+tgstation-server-ci[bot]@users.noreply.github.com"
 
-    - name: Generate App Token
-      run: |
-        dotnet ${{ runner.temp }}/tool/Tgstation.Server.DeploymentsTool.dll ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_SERIALIZED }} token ${{ runner.temp }}/installation_secret.txt
-        echo "INSTALLATION_TOKEN=$(cat ${{ runner.temp }}/installation_secret.txt)" >> $GITHUB_ENV
-        rm ${{ runner.temp }}/installation_secret.txt
+      - name: Git Stage
+        run: git add .
 
-    - name: Main Checkout
-      uses: actions/checkout@v4
-      with:
-        ref: data
-        token: ${{ env.INSTALLATION_TOKEN }}
-
-    - name: Update Deployments
-      env:
-        TELEMETRY_ID: ${{ github.event.inputs.telemetry_id }}
-        TGS_SEMVER: ${{ github.event.inputs.tgs_semver }}
-        SHUTDOWN: ${{ github.event.inputs.shutdown }}
-        SERVER_FRIENDLY_NAME: ${{ github.event.inputs.server_friendly_name }}
-      run: dotnet ${{ runner.temp }}/tool/Tgstation.Server.DeploymentsTool.dll ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_SERIALIZED }} telemetry
-
-    - name: Git Config
-      run: |
-        git config user.name "tgstation-server-ci[bot]"
-        git config user.email "161980869+tgstation-server-ci[bot]@users.noreply.github.com"
-
-    - name: Git Stage
-      run: git add .
-
-    - name: Git Commit
-      run: |
-        git diff-index --quiet HEAD || git commit -m 'Update Telemetry Entry' -m 'Job: ${{ github.run_id }}'
-
-    - name: Git Push
-      run: |
-        git push -u origin data
+      - name: Git Commit
+        run: |
+          git diff-index --quiet HEAD || git commit -m 'Update Telemetry Entry' -m 'Job: ${{ github.run_id }}'
 
+      - name: Git Push
+        run: |
+          git push -u origin data
diff --git a/.github/workflows/tool_build.yml b/.github/workflows/tool_build.yml
@@ -1,28 +1,28 @@
-name: 'Tool Build'
+name: Tool Build
 
 on:
   push:
     branches:
-    - main
+      - main
 
 jobs:
   tool-build:
     name: Build Deployments Tool
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        configuration: [ 'Debug', 'Release' ]
+        configuration: ["Debug", "Release"]
     steps:
-    - name: Setup dotnet
-      uses: actions/setup-dotnet@v4
-      with:
-        dotnet-version: '8.0.x'
+      - name: Setup dotnet
+        uses: actions/setup-dotnet@v4
+        with:
+          dotnet-version: "8.0.x"
 
-    - name: Checkout
-      uses: actions/checkout@v4
+      - name: Checkout
+        uses: actions/checkout@v4
 
-    - name: Restore
-      run: dotnet restore
+      - name: Restore
+        run: dotnet restore
 
-    - name: Build
-      run: dotnet build -c ${{ matrix.configuration }}
+      - name: Build
+        run: dotnet build -c ${{ matrix.configuration }}
diff --git a/tools/Tgstation.Server.DeploymentsTool/Program.cs b/tools/Tgstation.Server.DeploymentsTool/Program.cs
@@ -1,16 +1,11 @@
 using System;
 using System.Collections.Generic;
-using System.IdentityModel.Tokens.Jwt;
 using System.IO;
 using System.Linq;
-using System.Security.Cryptography;
-using System.Text;
 using System.Text.Json;
 using System.Text.RegularExpressions;
 using System.Threading.Tasks;
 
-using Microsoft.IdentityModel.Tokens;
-
 using Octokit;
 
 namespace Tgstation.Server.DeploymentsTool
@@ -29,17 +24,10 @@ static async Task<int> Main(string[] args)
         {
             try
             {
-                var githubAppSerializedKey = args[0];
+                var gitHubToken = args[0];
                 var mode = args[1];
 
                 var now = DateTimeOffset.UtcNow;
-                if (mode == "token")
-                {
-                    var tokenOutputPath = args[2];
-                    await File.WriteAllTextAsync(tokenOutputPath, (await CreateClientForRepo(DataCacheRepoId, githubAppSerializedKey)).Credentials.GetToken());
-                    return 0;
-                }
-
                 if (mode == "telemetry")
                 {
                     var telemetryIdStr = Environment.GetEnvironmentVariable("TELEMETRY_ID");
@@ -98,7 +86,7 @@ static async Task<int> Main(string[] args)
                         return 4;
                     }
 
-                    var telemetryClient = await CreateClientForRepo(DeploymentsRepoId, githubAppSerializedKey);
+                    var telemetryClient = CreateClientForRepo(gitHubToken);
                     long? deploymentId;
                     if (oldEntry?.ActiveDeploymentId.HasValue != true)
                     {
@@ -152,7 +140,7 @@ await telemetryClient.Repository.Deployment.Status.Create(
                     return 0;
                 }
 
-                var client = await CreateClientForRepo(DeploymentsRepoId, githubAppSerializedKey);
+                var client = CreateClientForRepo(gitHubToken);
                 var sendingJson = await File.ReadAllTextAsync(InstallationsFilePath);
                 var sendingData = JsonSerializer.Deserialize<DataCache>(sendingJson)!;
 
@@ -189,37 +177,10 @@ await client.Repository.Deployment.Status.Create(
             }
         }
 
-        static async ValueTask<GitHubClient> CreateClientForRepo(long repositoryId, string githubAppSerializedKey)
+        static GitHubClient CreateClientForRepo(string tokenArg)
         {
-            var splits = githubAppSerializedKey.Split(':');
-
-            var pemBytes = Convert.FromBase64String(splits[1]);
-            var pem = Encoding.UTF8.GetString(pemBytes);
-
-            var rsa = RSA.Create();
-            rsa.ImportFromPem(pem);
-
-            var signingCredentials = new SigningCredentials(new RsaSecurityKey(rsa), SecurityAlgorithms.RsaSha256);
-            var jwtSecurityTokenHandler = new JwtSecurityTokenHandler { SetDefaultTimesOnTokenCreation = false };
-
-            var now = DateTime.UtcNow;
-
-            var jwt = jwtSecurityTokenHandler.CreateToken(new SecurityTokenDescriptor
-            {
-                Issuer = splits[0],
-                Expires = now.AddMinutes(10),
-                IssuedAt = now,
-                SigningCredentials = signingCredentials
-            });
-            var jwtStr = jwtSecurityTokenHandler.WriteToken(jwt);
-
             var client = new GitHubClient(new ProductHeaderValue("tgs_deployments_tool"));
-            client.Credentials = new Credentials(jwtStr, AuthenticationType.Bearer);
-
-            var installation = await client.GitHubApps.GetRepositoryInstallationForCurrent(repositoryId);
-            var installToken = await client.GitHubApps.CreateInstallationToken(installation.Id);
-
-            client.Credentials = new Credentials(installToken.Token);
+            client.Credentials = new Credentials(tokenArg);
             return client;
         }
     }