Merge pull request #220 from simplybusiness/SILVER-270-add-github-app…

…-support SILVER-270 - Add support for GitHub Apps
simplybusiness · Sep 24, 2024 · 061a539 · 061a539
2 parents 2ff73a6 + e273a39
commit 061a539
Show file tree

Hide file tree

Showing 17 changed files with 1,097 additions and 1,329 deletions.
diff --git a/Gemfile b/Gemfile
@@ -14,3 +14,5 @@ group :development, :test do
 end
 
 gem "faraday-retry", "~> 2.2"
+
+gem "jwt", "~> 2.9"
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -38,6 +38,8 @@ GEM
     i18n (1.14.6)
       concurrent-ruby (~> 1.0)
     json (2.7.2)
+    jwt (2.9.0)
+      base64
     language_server-protocol (3.17.0.3)
     logger (1.6.1)
     minitest (5.25.1)
@@ -131,6 +133,7 @@ DEPENDENCIES
   airbrake-ruby
   faraday
   faraday-retry (~> 2.2)
+  jwt (~> 2.9)
   octokit
   rspec
   simplycop

diff --git a/README.md b/README.md
@@ -38,10 +38,11 @@ specific PR.
            with:
              bundler-cache: true # runs 'bundle install' and caches installed gems automatically                       
          - name: Deploy Status Action
-           uses: simplybusiness/deploy-status-action@v0.4.1
+           uses: simplybusiness/deploy-status-action@v2
            env:
-             ISSUE_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
-             AIRBRAKE_KEY: ${{secrets.GH_AIRBRAKE_KEY}}
+             CLIENT_ID: ${{ secrets.CLIENT_ID }}
+             PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }}
+             AIRBRAKE_KEY: ${{ secrets.GH_AIRBRAKE_KEY }}
     ```
    **NOTE:** We recommend you use `pull_request_target` event as mentioned in example as it will work when you create
    PRs from a forked repository with provided permission. You can also use `pull_request` event but that will work only

diff --git a/lib/config/github_api_config.rb b/lib/config/github_api_config.rb
@@ -2,15 +2,38 @@
 
 require 'octokit'
 require 'json'
+require 'openssl'
+require 'jwt'
+
+TEN_MINUTES = 600 # seconds
 
 # Sets the github client and event payload
 class GithubApiConfig
   def initialize
-    @client = Octokit::Client.new(access_token: ENV.fetch('ISSUE_TOKEN'))
     @app_repo = Octokit::Repository.new(ENV.fetch('GITHUB_REPOSITORY'))
     @event_payload = JSON.parse(File.read(ENV.fetch('GITHUB_EVENT_PATH')))
     @event_name = ENV.fetch('GITHUB_EVENT_NAME')
     @event_branch = ENV.fetch('GITHUB_REF')
+    @client = Octokit::Client.new(access_token: access_token)
   end
   attr_reader :client, :app_repo, :event_payload, :event_name, :event_branch
+
+  def access_token
+    bearer_client = Octokit::Client.new(bearer_token: bearer_token)
+    installation = bearer_client.find_repository_installation(event_payload['repository']['full_name'])
+    response = bearer_client.create_app_installation_access_token(installation[:id])
+    response[:token]
+  end
+
+  def bearer_token
+    payload = {
+      iat: Time.now.to_i,
+      exp: Time.now.to_i + TEN_MINUTES,
+      iss: ENV.fetch('CLIENT_ID')
+    }
+
+    private_key = OpenSSL::PKey::RSA.new(ENV.fetch('PRIVATE_KEY'))
+
+    JWT.encode(payload, private_key, 'RS256')
+  end
 end
diff --git a/spec/base_deploy_check_spec.rb b/spec/base_deploy_check_spec.rb
@@ -4,21 +4,23 @@
 require_relative '../lib/config/github_api_config'
 require_relative '../lib/functionality/base_deploy_check'
 require_relative '../lib/functionality/pr_deploy_check'
+require 'jwt'
 
 RSpec.describe 'BaseDeployCheck' do
   before do
     ENV['GITHUB_REPOSITORY'] = 'simplybusiness/important-app'
-    ENV['ISSUE_TOKEN'] = 'fake_token'
+    ENV['CLIENT_ID'] = 'client_id'
+    ENV['PRIVATE_KEY'] = JWT::JWK.new(OpenSSL::PKey::RSA.new(2048)).keypair.to_pem
   end
 
   let(:config) { GithubApiConfig.new }
 
   context 'when there are no blocked deploy issues' do
     it 'returns a success for the deploy check' do
       ENV['GITHUB_EVENT_PATH'] = Pathname.new(SPEC_FIXTURES_PATH).join('open_pr_payload.json').to_s
-      ENV['GITHUB_REF'] = 'ref/my/base/branch'
+      ENV['GITHUB_REF'] = 'ref/heads/test-branch'
       ENV['GITHUB_EVENT_NAME'] = 'pull_request'
-      sha = '63f739d5586b2c6b718045893789d620e0d0aee9'
+      sha = '03743b2ec1b201cec2de04ebebbac6e74afab281'
 
       VCR.use_cassette('no blocked deploy update success') do
         response = PrDeployCheck.base_check(config, 'issues', sha)
@@ -30,9 +32,9 @@
   context 'when there are blocked deploy issues' do
     it 'returns a failure for the deploy check' do
       ENV['GITHUB_EVENT_PATH'] = Pathname.new(SPEC_FIXTURES_PATH).join('open_pr_payload.json').to_s
-      ENV['GITHUB_REF'] = 'ref/my/base/branch'
+      ENV['GITHUB_REF'] = 'ref/heads/test-branch'
       ENV['GITHUB_EVENT_NAME'] = 'pull_request'
-      sha = '63f739d5586b2c6b718045893789d620e0d0aee9'
+      sha = '03743b2ec1b201cec2de04ebebbac6e74afab281'
 
       VCR.use_cassette('blocked deploy update failure') do
         response = PrDeployCheck.base_check(config, 'issues', sha)

diff --git a/spec/fixtures/labeled_pr_payload.json b/spec/fixtures/labeled_pr_payload.json
@@ -8,7 +8,7 @@
       "node_id":"MDU6TGFiZWwxNjM4NzIwMDI3",
       "url":"https://api.github.com/repos/simplybusiness/important-app/labels/emergency_deploy"
    },
-   "number":13030,
+   "number":159,
    "organization":{
       "avatar_url":"https://avatars3.githubusercontent.com/u/465825?v=4",
       "description":"something",
@@ -26,25 +26,25 @@
    "pull_request":{
       "_links":{
          "comments":{
-            "href":"https://api.github.com/repos/simplybusiness/important-app/issues/13030/comments"
+            "href":"https://api.github.com/repos/simplybusiness/important-app/issues/159/comments"
          },
          "commits":{
-            "href":"https://api.github.com/repos/simplybusiness/important-app/pulls/13030/commits"
+            "href":"https://api.github.com/repos/simplybusiness/important-app/pulls/159/commits"
          },
          "html":{
-            "href":"https://github.com/simplybusiness/important-app/pull/13030"
+            "href":"https://github.com/simplybusiness/important-app/pull/159"
          },
          "issue":{
-            "href":"https://api.github.com/repos/simplybusiness/important-app/issues/13030"
+            "href":"https://api.github.com/repos/simplybusiness/important-app/issues/159"
          },
          "review_comment":{
             "href":"https://api.github.com/repos/simplybusiness/important-app/pulls/comments{/number}"
          },
          "review_comments":{
-            "href":"https://api.github.com/repos/simplybusiness/important-app/pulls/13030/comments"
+            "href":"https://api.github.com/repos/simplybusiness/important-app/pulls/159/comments"
          },
          "self":{
-            "href":"https://api.github.com/repos/simplybusiness/important-app/pulls/13030"
+            "href":"https://api.github.com/repos/simplybusiness/important-app/pulls/159"
          },
          "statuses":{
             "href":"https://api.github.com/repos/simplybusiness/important-app/statuses/63f739d5586b2c6b718045893789d620e0d0aee9"
@@ -153,7 +153,7 @@
             "watchers":8,
             "watchers_count":8
          },
-         "sha":"aae73eef44fd8ee0ba2a71ba46e56c9062209cfb",
+         "sha":"03743b2ec1b201cec2de04ebebbac6e74afab281",
          "user":{
             "avatar_url":"https://avatars3.githubusercontent.com/u/465825?v=4",
             "events_url":"https://api.github.com/users/simplybusiness/events{/privacy}",
@@ -179,12 +179,12 @@
       "changed_files":10,
       "closed_at":null,
       "comments":0,
-      "comments_url":"https://api.github.com/repos/simplybusiness/important-app/issues/13030/comments",
+      "comments_url":"https://api.github.com/repos/simplybusiness/important-app/issues/159/comments",
       "commits":9,
-      "commits_url":"https://api.github.com/repos/simplybusiness/important-app/pulls/13030/commits",
+      "commits_url":"https://api.github.com/repos/simplybusiness/important-app/pulls/159/commits",
       "created_at":"2019-10-25T17:52:25Z",
       "deletions":0,
-      "diff_url":"https://github.com/simplybusiness/important-app/pull/13030.diff",
+      "diff_url":"https://github.com/simplybusiness/important-app/pull/159.diff",
       "draft":false,
       "head":{
          "label":"simplybusiness:github-actions-test",
@@ -282,7 +282,7 @@
             "watchers":8,
             "watchers_count":8
          },
-         "sha":"63f739d5586b2c6b718045893789d620e0d0aee9",
+         "sha":"03743b2ec1b201cec2de04ebebbac6e74afab281",
          "user":{
             "avatar_url":"https://avatars3.githubusercontent.com/u/465825?v=4",
             "events_url":"https://api.github.com/users/simplybusiness/events{/privacy}",
@@ -304,9 +304,9 @@
             "url":"https://api.github.com/users/simplybusiness"
          }
       },
-      "html_url":"https://github.com/simplybusiness/important-app/pull/13030",
+      "html_url":"https://github.com/simplybusiness/important-app/pull/159",
       "id":332615244,
-      "issue_url":"https://api.github.com/repos/simplybusiness/important-app/issues/13030",
+      "issue_url":"https://api.github.com/repos/simplybusiness/important-app/issues/159",
       "labels":[
          {
             "color":"065bcc",
@@ -319,19 +319,19 @@
       ],
       "locked":false,
       "maintainer_can_modify":false,
-      "merge_commit_sha":"4b9e8add0d70d788cc0396ddab36d04be113e9bd",
+      "merge_commit_sha":"03743b2ec1b201cec2de04ebebbac6e74afab281",
       "locked":false,
       "maintainer_can_modify":false,
-      "merge_commit_sha":"4b9e8add0d70d788cc0396ddab36d04be113e9bd",
+      "merge_commit_sha":"03743b2ec1b201cec2de04ebebbac6e74afab281",
       "mergeable":true,
       "mergeable_state":"unstable",
       "merged":false,
       "merged_at":null,
       "merged_by":null,
       "milestone":null,
       "node_id":"MDExOlB1bGxSZXF1ZXN0MzMyNjE1MjQ0",
-      "number":13030,
-      "patch_url":"https://github.com/simplybusiness/important-app/pull/13030.patch",
+      "number":159,
+      "patch_url":"https://github.com/simplybusiness/important-app/pull/159.patch",
       "rebaseable":true,
       "requested_reviewers":[
 
@@ -341,12 +341,12 @@
       ],
       "review_comment_url":"https://api.github.com/repos/simplybusiness/important-app/pulls/comments{/number}",
       "review_comments":0,
-      "review_comments_url":"https://api.github.com/repos/simplybusiness/important-app/pulls/13030/comments",
+      "review_comments_url":"https://api.github.com/repos/simplybusiness/important-app/pulls/159/comments",
       "state":"open",
       "statuses_url":"https://api.github.com/repos/simplybusiness/important-app/statuses/63f739d5586b2c6b718045893789d620e0d0aee9",
       "title":"GitHub actions test",
       "updated_at":"2019-10-25T18:23:42Z",
-      "url":"https://api.github.com/repos/simplybusiness/important-app/pulls/13030",
+      "url":"https://api.github.com/repos/simplybusiness/important-app/pulls/159",
       "user":{
          "avatar_url":"https://avatars1.githubusercontent.com/u/44407969?v=4",
          "events_url":"https://api.github.com/users/sb-silversmiths-bot/events{/privacy}",
Original file line number	Diff line number	Diff line change
Expand Up		@@ -14,3 +14,5 @@ group :development, :test do
		end

		gem "faraday-retry", "~> 2.2"

		gem "jwt", "~> 2.9"