From 106236a01c1716ece506b26a7f1bea5699a4a298 Mon Sep 17 00:00:00 2001 From: Jordan Dominion Date: Wed, 21 Aug 2024 03:31:59 -0400 Subject: [PATCH] Switch to using sentry's app action --- .github/workflows/dependabot-automerge.yml | 19 ++-- .github/workflows/periodic_cleanup.yml | 97 +++++++++---------- .github/workflows/size-labelling.yml | 9 +- .../workflows/tgs_deployments_telemetry.yml | 88 +++++++---------- .github/workflows/tool_build.yml | 26 ++--- .../Program.cs | 49 +--------- 6 files changed, 112 insertions(+), 176 deletions(-) diff --git a/.github/workflows/dependabot-automerge.yml b/.github/workflows/dependabot-automerge.yml index 26bffc4..74cb976 100644 --- a/.github/workflows/dependabot-automerge.yml +++ b/.github/workflows/dependabot-automerge.yml @@ -17,21 +17,14 @@ jobs: runs-on: ubuntu-latest if: github.event.pull_request.user.id == 49699333 steps: - - name: Tool Checkout - uses: actions/checkout@v4 - - - name: Build - run: | - cd tools/Tgstation.Server.DeploymentsTool - dotnet publish -c Release -o ${{ runner.temp }}/tool - - name: Generate App Token - run: | - dotnet ${{ runner.temp }}/tool/Tgstation.Server.DeploymentsTool.dll ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_SERIALIZED }} token ${{ runner.temp }}/installation_secret.txt - echo "INSTALLATION_TOKEN=$(cat ${{ runner.temp }}/installation_secret.txt)" >> $GITHUB_ENV - rm ${{ runner.temp }}/installation_secret.txt + id: app-token-generation + uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc + with: + app_id: ${{ secrets.APP_ID }} + private_key: ${{ secrets.APP_PRIVATE_KEY }} - name: Enable Automerge uses: daneden/enable-automerge-action@f8558b65c5b8d8bfb592c4e74e3d491624a38fbd #v1.0.2-ish with: - github-token: ${{ env.INSTALLATION_TOKEN }} + github-token: ${{ steps.app-token-generation.outputs.token }} diff --git a/.github/workflows/periodic_cleanup.yml b/.github/workflows/periodic_cleanup.yml index c2740e2..449d8af 100644 --- a/.github/workflows/periodic_cleanup.yml +++ b/.github/workflows/periodic_cleanup.yml @@ -13,54 +13,49 @@ jobs: name: Clean up Unresponsive Installations runs-on: ubuntu-latest steps: - - name: Setup dotnet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: '8.0.x' - - - name: Tool Checkout - uses: actions/checkout@v4 - with: - path: temp_workspace - - - name: Restore - run: | - cd temp_workspace - dotnet restore - - - name: Build - run: | - cd temp_workspace/tools/Tgstation.Server.DeploymentsTool - dotnet publish -c Release -o ${{ runner.temp }}/tool - - - name: Generate App Token - run: | - dotnet ${{ runner.temp }}/tool/Tgstation.Server.DeploymentsTool.dll ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_SERIALIZED }} token ${{ runner.temp }}/installation_secret.txt - echo "INSTALLATION_TOKEN=$(cat ${{ runner.temp }}/installation_secret.txt)" >> $GITHUB_ENV - rm ${{ runner.temp }}/installation_secret.txt - - - name: Main Checkout - uses: actions/checkout@v4 - with: - ref: data - token: ${{ env.INSTALLATION_TOKEN }} - - - name: Update Deployments - run: dotnet ${{ runner.temp }}/tool/Tgstation.Server.DeploymentsTool.dll ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_SERIALIZED }} cleanup - - - name: Git Config - run: | - git config user.name "tgstation-server-ci[bot]" - git config user.email "161980869+tgstation-server-ci[bot]@users.noreply.github.com" - - - name: Git Stage - run: git add . - - - name: Git Commit - run: | - git diff-index --quiet HEAD || git commit -m 'Cleanup Telemetry Entries' -m 'Job: ${{ github.run_id }}' - - - name: Git Push - run: | - git push -u origin data - + - name: Setup dotnet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: "8.0.x" + + - name: Tool Checkout + uses: actions/checkout@v4 + with: + path: temp_workspace + + - name: Build + run: | + cd temp_workspace/tools/Tgstation.Server.DeploymentsTool + dotnet publish -c Release -o ${{ runner.temp }}/tool + + - name: Generate App Token + id: app-token-generation + uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc + with: + app_id: ${{ secrets.APP_ID }} + private_key: ${{ secrets.APP_PRIVATE_KEY }} + + - name: Main Checkout + uses: actions/checkout@v4 + with: + ref: data + token: ${{ steps.app-token-generation.outputs.token }} + + - name: Update Deployments + run: dotnet ${{ runner.temp }}/tool/Tgstation.Server.DeploymentsTool.dll ${{ steps.app-token-generation.outputs.token }} cleanup + + - name: Git Config + run: | + git config user.name "tgstation-server-ci[bot]" + git config user.email "161980869+tgstation-server-ci[bot]@users.noreply.github.com" + + - name: Git Stage + run: git add . + + - name: Git Commit + run: | + git diff-index --quiet HEAD || git commit -m 'Cleanup Telemetry Entries' -m 'Job: ${{ github.run_id }}' + + - name: Git Push + run: | + git push -u origin data diff --git a/.github/workflows/size-labelling.yml b/.github/workflows/size-labelling.yml index 0d0e503..8bf58c9 100644 --- a/.github/workflows/size-labelling.yml +++ b/.github/workflows/size-labelling.yml @@ -14,7 +14,14 @@ jobs: pull-requests: write runs-on: ubuntu-latest steps: + - name: Generate App Token + id: app-token-generation + uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc + with: + app_id: ${{ secrets.APP_ID }} + private_key: ${{ secrets.APP_PRIVATE_KEY }} + - name: size-label uses: "pascalgn/size-label-action@bbbaa0d5ccce8e2e76254560df5c64b82dac2e12" # v0.5.2, consider upgrading after https://github.com/pascalgn/size-label-action/pull/54 is merged env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ steps.app-token-generation.outputs.token }} diff --git a/.github/workflows/tgs_deployments_telemetry.yml b/.github/workflows/tgs_deployments_telemetry.yml index 70b6fdb..9a27e77 100644 --- a/.github/workflows/tgs_deployments_telemetry.yml +++ b/.github/workflows/tgs_deployments_telemetry.yml @@ -4,19 +4,19 @@ on: workflow_dispatch: inputs: telemetry_id: - description: 'Telemetry ID' + description: "Telemetry ID" required: true type: string tgs_semver: - description: 'TGS Version' + description: "TGS Version" required: true type: string shutdown: - description: 'Shutdown' + description: "Shutdown" required: true type: boolean server_friendly_name: - description: 'Server Friendly Name' + description: "Server Friendly Name" type: string concurrency: @@ -27,59 +27,39 @@ jobs: name: Report TGS Version runs-on: ubuntu-latest steps: - - name: Setup dotnet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: '8.0.x' + - name: Generate App Token + id: app-token-generation + uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc + with: + app_id: ${{ secrets.APP_ID }} + private_key: ${{ secrets.APP_PRIVATE_KEY }} - - name: Tool Checkout - uses: actions/checkout@v4 - with: - path: temp_workspace + - name: Main Checkout + uses: actions/checkout@v4 + with: + ref: data + token: ${{ steps.app-token-generation.outputs.token }} - - name: Restore - run: | - cd temp_workspace - dotnet restore + - name: Update Deployments + env: + TELEMETRY_ID: ${{ github.event.inputs.telemetry_id }} + TGS_SEMVER: ${{ github.event.inputs.tgs_semver }} + SHUTDOWN: ${{ github.event.inputs.shutdown }} + SERVER_FRIENDLY_NAME: ${{ github.event.inputs.server_friendly_name }} + run: dotnet ${{ runner.temp }}/tool/Tgstation.Server.DeploymentsTool.dll ${{ steps.app-token-generation.outputs.token }} telemetry - - name: Build - run: | - cd temp_workspace/tools/Tgstation.Server.DeploymentsTool - dotnet publish -c Release -o ${{ runner.temp }}/tool + - name: Git Config + run: | + git config user.name "tgstation-server-ci[bot]" + git config user.email "161980869+tgstation-server-ci[bot]@users.noreply.github.com" - - name: Generate App Token - run: | - dotnet ${{ runner.temp }}/tool/Tgstation.Server.DeploymentsTool.dll ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_SERIALIZED }} token ${{ runner.temp }}/installation_secret.txt - echo "INSTALLATION_TOKEN=$(cat ${{ runner.temp }}/installation_secret.txt)" >> $GITHUB_ENV - rm ${{ runner.temp }}/installation_secret.txt + - name: Git Stage + run: git add . - - name: Main Checkout - uses: actions/checkout@v4 - with: - ref: data - token: ${{ env.INSTALLATION_TOKEN }} - - - name: Update Deployments - env: - TELEMETRY_ID: ${{ github.event.inputs.telemetry_id }} - TGS_SEMVER: ${{ github.event.inputs.tgs_semver }} - SHUTDOWN: ${{ github.event.inputs.shutdown }} - SERVER_FRIENDLY_NAME: ${{ github.event.inputs.server_friendly_name }} - run: dotnet ${{ runner.temp }}/tool/Tgstation.Server.DeploymentsTool.dll ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_SERIALIZED }} telemetry - - - name: Git Config - run: | - git config user.name "tgstation-server-ci[bot]" - git config user.email "161980869+tgstation-server-ci[bot]@users.noreply.github.com" - - - name: Git Stage - run: git add . - - - name: Git Commit - run: | - git diff-index --quiet HEAD || git commit -m 'Update Telemetry Entry' -m 'Job: ${{ github.run_id }}' - - - name: Git Push - run: | - git push -u origin data + - name: Git Commit + run: | + git diff-index --quiet HEAD || git commit -m 'Update Telemetry Entry' -m 'Job: ${{ github.run_id }}' + - name: Git Push + run: | + git push -u origin data diff --git a/.github/workflows/tool_build.yml b/.github/workflows/tool_build.yml index 6fc2569..56bd75c 100644 --- a/.github/workflows/tool_build.yml +++ b/.github/workflows/tool_build.yml @@ -1,9 +1,9 @@ -name: 'Tool Build' +name: Tool Build on: push: branches: - - main + - main jobs: tool-build: @@ -11,18 +11,18 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - configuration: [ 'Debug', 'Release' ] + configuration: ["Debug", "Release"] steps: - - name: Setup dotnet - uses: actions/setup-dotnet@v4 - with: - dotnet-version: '8.0.x' + - name: Setup dotnet + uses: actions/setup-dotnet@v4 + with: + dotnet-version: "8.0.x" - - name: Checkout - uses: actions/checkout@v4 + - name: Checkout + uses: actions/checkout@v4 - - name: Restore - run: dotnet restore + - name: Restore + run: dotnet restore - - name: Build - run: dotnet build -c ${{ matrix.configuration }} + - name: Build + run: dotnet build -c ${{ matrix.configuration }} diff --git a/tools/Tgstation.Server.DeploymentsTool/Program.cs b/tools/Tgstation.Server.DeploymentsTool/Program.cs index 2cb5e02..45a0bd7 100644 --- a/tools/Tgstation.Server.DeploymentsTool/Program.cs +++ b/tools/Tgstation.Server.DeploymentsTool/Program.cs @@ -1,16 +1,11 @@ using System; using System.Collections.Generic; -using System.IdentityModel.Tokens.Jwt; using System.IO; using System.Linq; -using System.Security.Cryptography; -using System.Text; using System.Text.Json; using System.Text.RegularExpressions; using System.Threading.Tasks; -using Microsoft.IdentityModel.Tokens; - using Octokit; namespace Tgstation.Server.DeploymentsTool @@ -29,17 +24,10 @@ static async Task Main(string[] args) { try { - var githubAppSerializedKey = args[0]; + var gitHubToken = args[0]; var mode = args[1]; var now = DateTimeOffset.UtcNow; - if (mode == "token") - { - var tokenOutputPath = args[2]; - await File.WriteAllTextAsync(tokenOutputPath, (await CreateClientForRepo(DataCacheRepoId, githubAppSerializedKey)).Credentials.GetToken()); - return 0; - } - if (mode == "telemetry") { var telemetryIdStr = Environment.GetEnvironmentVariable("TELEMETRY_ID"); @@ -98,7 +86,7 @@ static async Task Main(string[] args) return 4; } - var telemetryClient = await CreateClientForRepo(DeploymentsRepoId, githubAppSerializedKey); + var telemetryClient = CreateClientForRepo(gitHubToken); long? deploymentId; if (oldEntry?.ActiveDeploymentId.HasValue != true) { @@ -152,7 +140,7 @@ await telemetryClient.Repository.Deployment.Status.Create( return 0; } - var client = await CreateClientForRepo(DeploymentsRepoId, githubAppSerializedKey); + var client = CreateClientForRepo(gitHubToken); var sendingJson = await File.ReadAllTextAsync(InstallationsFilePath); var sendingData = JsonSerializer.Deserialize(sendingJson)!; @@ -189,37 +177,10 @@ await client.Repository.Deployment.Status.Create( } } - static async ValueTask CreateClientForRepo(long repositoryId, string githubAppSerializedKey) + static GitHubClient CreateClientForRepo(string tokenArg) { - var splits = githubAppSerializedKey.Split(':'); - - var pemBytes = Convert.FromBase64String(splits[1]); - var pem = Encoding.UTF8.GetString(pemBytes); - - var rsa = RSA.Create(); - rsa.ImportFromPem(pem); - - var signingCredentials = new SigningCredentials(new RsaSecurityKey(rsa), SecurityAlgorithms.RsaSha256); - var jwtSecurityTokenHandler = new JwtSecurityTokenHandler { SetDefaultTimesOnTokenCreation = false }; - - var now = DateTime.UtcNow; - - var jwt = jwtSecurityTokenHandler.CreateToken(new SecurityTokenDescriptor - { - Issuer = splits[0], - Expires = now.AddMinutes(10), - IssuedAt = now, - SigningCredentials = signingCredentials - }); - var jwtStr = jwtSecurityTokenHandler.WriteToken(jwt); - var client = new GitHubClient(new ProductHeaderValue("tgs_deployments_tool")); - client.Credentials = new Credentials(jwtStr, AuthenticationType.Bearer); - - var installation = await client.GitHubApps.GetRepositoryInstallationForCurrent(repositoryId); - var installToken = await client.GitHubApps.CreateInstallationToken(installation.Id); - - client.Credentials = new Credentials(installToken.Token); + client.Credentials = new Credentials(tokenArg); return client; } }