Always include GITHUB_TOKEN in the secrets
This commit is contained in:
@@ -18,13 +18,14 @@ export function contextProviders(
|
||||
auth: sessionToken
|
||||
});
|
||||
|
||||
const getContext = async (name: string) => {
|
||||
const getContext = async (name: string, defaultContext: data.Dictionary | undefined) => {
|
||||
switch (name) {
|
||||
case "secrets":
|
||||
const secrets = await getSecrets(octokit, cache, repo.owner, repo.name);
|
||||
const secretContext = new data.Dictionary();
|
||||
secrets.forEach(secret => secretContext.add(secret.value, secret));
|
||||
return secretContext;
|
||||
|
||||
defaultContext = defaultContext || new data.Dictionary();
|
||||
secrets.forEach(secret => defaultContext!.add(secret.value, new data.StringData("***")));
|
||||
return defaultContext;
|
||||
}
|
||||
};
|
||||
|
||||
|
||||
@@ -2,8 +2,15 @@ import {StringData} from "@github/actions-expressions/data/string";
|
||||
import {Octokit} from "@octokit/rest";
|
||||
import {TTLCache} from "../utils/cache";
|
||||
|
||||
export function getSecrets(octokit: Octokit, cache: TTLCache, owner: string, name: string): Promise<StringData[]> {
|
||||
return cache.get(`${owner}/${name}/secrets`, undefined, () => fetchSecrets(octokit, owner, name));
|
||||
export async function getSecrets(
|
||||
octokit: Octokit,
|
||||
cache: TTLCache,
|
||||
owner: string,
|
||||
name: string
|
||||
): Promise<StringData[]> {
|
||||
const repoSecrets = await cache.get(`${owner}/${name}/secrets`, undefined, () => fetchSecrets(octokit, owner, name));
|
||||
|
||||
return repoSecrets;
|
||||
}
|
||||
|
||||
async function fetchSecrets(octokit: Octokit, owner: string, name: string): Promise<StringData[]> {
|
||||
|
||||
@@ -11,11 +11,6 @@ const contextProviderConfig: ContextProviderConfig = {
|
||||
key: "event",
|
||||
value: new data.StringData("push")
|
||||
});
|
||||
case "secrets":
|
||||
return new data.Dictionary({
|
||||
key: "DEPLOY_KEY",
|
||||
value: new data.StringData("DEPLOY_KEY")
|
||||
});
|
||||
}
|
||||
|
||||
return undefined;
|
||||
@@ -146,7 +141,7 @@ jobs:
|
||||
`;
|
||||
const result = await complete(...getPositionFromCursor(input), undefined, contextProviderConfig);
|
||||
|
||||
expect(result.map(x => x.label)).toEqual(["DEPLOY_KEY"]);
|
||||
expect(result.map(x => x.label)).toEqual(["GITHUB_TOKEN"]);
|
||||
});
|
||||
|
||||
it("needs context only includes referenced jobs", async () => {
|
||||
|
||||
@@ -3,7 +3,7 @@ import {Dictionary} from "@github/actions-expressions/data/dictionary";
|
||||
import {ExpressionData, Pair} from "@github/actions-expressions/data/expressiondata";
|
||||
|
||||
export type ContextProviderConfig = {
|
||||
getContext: (name: string) => Promise<data.Dictionary | undefined>;
|
||||
getContext: (name: string, defaultContext: data.Dictionary | undefined) => Promise<data.Dictionary | undefined>;
|
||||
};
|
||||
|
||||
/**
|
||||
|
||||
@@ -15,17 +15,9 @@ export async function getContext(
|
||||
|
||||
const filteredNames = filterContextNames(names, workflowContext);
|
||||
for (const contextName of filteredNames) {
|
||||
let value: data.Dictionary | undefined;
|
||||
let value = (await getDefaultContext(contextName, workflowContext)) || new data.Dictionary();
|
||||
|
||||
value = await getDefaultContext(contextName, workflowContext);
|
||||
|
||||
if (!value) {
|
||||
value = await config?.getContext(contextName);
|
||||
}
|
||||
|
||||
if (!value) {
|
||||
value = new data.Dictionary();
|
||||
}
|
||||
value = (await config?.getContext(contextName, value)) || value;
|
||||
|
||||
context.add(contextName, value);
|
||||
}
|
||||
@@ -50,6 +42,9 @@ async function getDefaultContext(name: string, workflowContext: WorkflowContext)
|
||||
case "inputs":
|
||||
return getInputsContext(workflowContext);
|
||||
|
||||
case "secrets":
|
||||
return objectToDictionary({GITHUB_TOKEN: "***"});
|
||||
|
||||
case "steps":
|
||||
return getStepsContext(workflowContext);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user