@backstage/plugin-scaffolder-backend-module-github 0.5.1-next.0 → 0.5.1-next.2

package/dist/actions/githubBranchProtection.cjs.js

@@ -0,0 +1,97 @@
+'use strict';
+
+var errors = require('@backstage/errors');
+var pluginScaffolderNode = require('@backstage/plugin-scaffolder-node');
+var githubBranchProtection_examples = require('./githubBranchProtection.examples.cjs.js');
+var inputProperties = require('./inputProperties.cjs.js');
+var helpers = require('./helpers.cjs.js');
+var octokit = require('octokit');
+var gitHelpers = require('./gitHelpers.cjs.js');
+
+function createGithubBranchProtectionAction(options) {
+  const { integrations } = options;
+  return pluginScaffolderNode.createTemplateAction({
+    id: "github:branch-protection:create",
+    description: "Configures Branch Protection",
+    examples: githubBranchProtection_examples.examples,
+    schema: {
+      input: {
+        type: "object",
+        required: ["repoUrl"],
+        properties: {
+          repoUrl: inputProperties.repoUrl,
+          branch: {
+            title: "Branch name",
+            description: `The branch to protect. Defaults to the repository's default branch`,
+            type: "string"
+          },
+          enforceAdmins: inputProperties.protectEnforceAdmins,
+          requiredApprovingReviewCount: inputProperties.requiredApprovingReviewCount,
+          requireCodeOwnerReviews: inputProperties.requireCodeOwnerReviews,
+          dismissStaleReviews: inputProperties.dismissStaleReviews,
+          bypassPullRequestAllowances: inputProperties.bypassPullRequestAllowances,
+          restrictions: inputProperties.restrictions,
+          requiredStatusCheckContexts: inputProperties.requiredStatusCheckContexts,
+          requireBranchesToBeUpToDate: inputProperties.requireBranchesToBeUpToDate,
+          requiredConversationResolution: inputProperties.requiredConversationResolution,
+          requireLastPushApproval: inputProperties.requireLastPushApproval,
+          requiredCommitSigning: inputProperties.requiredCommitSigning,
+          token: inputProperties.token
+        }
+      }
+    },
+    async handler(ctx) {
+      const {
+        repoUrl,
+        branch,
+        enforceAdmins = true,
+        requiredApprovingReviewCount = 1,
+        requireCodeOwnerReviews = false,
+        dismissStaleReviews = false,
+        bypassPullRequestAllowances,
+        restrictions,
+        requiredStatusCheckContexts = [],
+        requireBranchesToBeUpToDate = true,
+        requiredConversationResolution = false,
+        requireLastPushApproval = false,
+        requiredCommitSigning = false,
+        token: providedToken
+      } = ctx.input;
+      const octokitOptions = await helpers.getOctokitOptions({
+        integrations,
+        token: providedToken,
+        repoUrl
+      });
+      const client = new octokit.Octokit(octokitOptions);
+      const { owner, repo } = pluginScaffolderNode.parseRepoUrl(repoUrl, integrations);
+      if (!owner) {
+        throw new errors.InputError(`No owner provided for repo ${repoUrl}`);
+      }
+      const repository = await client.rest.repos.get({
+        owner,
+        repo
+      });
+      await gitHelpers.enableBranchProtectionOnDefaultRepoBranch({
+        repoName: repo,
+        client,
+        owner,
+        logger: ctx.logger,
+        requireCodeOwnerReviews,
+        bypassPullRequestAllowances,
+        requiredApprovingReviewCount,
+        restrictions,
+        requiredStatusCheckContexts,
+        requireBranchesToBeUpToDate,
+        requiredConversationResolution,
+        requireLastPushApproval,
+        defaultBranch: branch ?? repository.data.default_branch,
+        enforceAdmins,
+        dismissStaleReviews,
+        requiredCommitSigning
+      });
+    }
+  });
+}
+
+exports.createGithubBranchProtectionAction = createGithubBranchProtectionAction;
+//# sourceMappingURL=githubBranchProtection.cjs.js.map

package/dist/actions/githubBranchProtection.cjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"githubBranchProtection.cjs.js","sources":["../../src/actions/githubBranchProtection.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { InputError } from '@backstage/errors';\nimport {\n  createTemplateAction,\n  parseRepoUrl,\n} from '@backstage/plugin-scaffolder-node';\nimport { ScmIntegrationRegistry } from '@backstage/integration';\nimport { examples } from './githubBranchProtection.examples';\nimport * as inputProps from './inputProperties';\nimport { getOctokitOptions } from './helpers';\nimport { Octokit } from 'octokit';\nimport { enableBranchProtectionOnDefaultRepoBranch } from './gitHelpers';\n\n/**\n * Creates an `github:branch-protection:create` Scaffolder action that configured Branch Protection in a Github Repository.\n *\n * @public\n */\nexport function createGithubBranchProtectionAction(options: {\n  integrations: ScmIntegrationRegistry;\n}) {\n  const { integrations } = options;\n\n  return createTemplateAction<{\n    repoUrl: string;\n    branch?: string;\n    enforceAdmins?: boolean;\n    requiredApprovingReviewCount?: number;\n    requireCodeOwnerReviews?: boolean;\n    dismissStaleReviews?: boolean;\n    bypassPullRequestAllowances?:\n      | {\n          users?: string[];\n          teams?: string[];\n          apps?: string[];\n        }\n      | undefined;\n    restrictions?:\n      | {\n          users: string[];\n          teams: string[];\n          apps?: string[];\n        }\n      | undefined;\n    requiredStatusCheckContexts?: string[];\n    requireBranchesToBeUpToDate?: boolean;\n    requiredConversationResolution?: boolean;\n    requireLastPushApproval?: boolean;\n    requiredCommitSigning?: boolean;\n    token?: string;\n  }>({\n    id: 'github:branch-protection:create',\n    description: 'Configures Branch Protection',\n    examples,\n    schema: {\n      input: {\n        type: 'object',\n        required: ['repoUrl'],\n        properties: {\n          repoUrl: inputProps.repoUrl,\n          branch: {\n            title: 'Branch name',\n            description: `The branch to protect. Defaults to the repository's default branch`,\n            type: 'string',\n          },\n          enforceAdmins: inputProps.protectEnforceAdmins,\n          requiredApprovingReviewCount: inputProps.requiredApprovingReviewCount,\n          requireCodeOwnerReviews: inputProps.requireCodeOwnerReviews,\n          dismissStaleReviews: inputProps.dismissStaleReviews,\n          bypassPullRequestAllowances: inputProps.bypassPullRequestAllowances,\n          restrictions: inputProps.restrictions,\n          requiredStatusCheckContexts: inputProps.requiredStatusCheckContexts,\n          requireBranchesToBeUpToDate: inputProps.requireBranchesToBeUpToDate,\n          requiredConversationResolution:\n            inputProps.requiredConversationResolution,\n          requireLastPushApproval: inputProps.requireLastPushApproval,\n          requiredCommitSigning: inputProps.requiredCommitSigning,\n          token: inputProps.token,\n        },\n      },\n    },\n    async handler(ctx) {\n      const {\n        repoUrl,\n        branch,\n        enforceAdmins = true,\n        requiredApprovingReviewCount = 1,\n        requireCodeOwnerReviews = false,\n        dismissStaleReviews = false,\n        bypassPullRequestAllowances,\n        restrictions,\n        requiredStatusCheckContexts = [],\n        requireBranchesToBeUpToDate = true,\n        requiredConversationResolution = false,\n        requireLastPushApproval = false,\n        requiredCommitSigning = false,\n        token: providedToken,\n      } = ctx.input;\n\n      const octokitOptions = await getOctokitOptions({\n        integrations,\n        token: providedToken,\n        repoUrl: repoUrl,\n      });\n      const client = new Octokit(octokitOptions);\n\n      const { owner, repo } = parseRepoUrl(repoUrl, integrations);\n\n      if (!owner) {\n        throw new InputError(`No owner provided for repo ${repoUrl}`);\n      }\n\n      const repository = await client.rest.repos.get({\n        owner: owner,\n        repo: repo,\n      });\n\n      await enableBranchProtectionOnDefaultRepoBranch({\n        repoName: repo,\n        client,\n        owner,\n        logger: ctx.logger,\n        requireCodeOwnerReviews,\n        bypassPullRequestAllowances,\n        requiredApprovingReviewCount,\n        restrictions,\n        requiredStatusCheckContexts,\n        requireBranchesToBeUpToDate,\n        requiredConversationResolution,\n        requireLastPushApproval,\n        defaultBranch: branch ?? repository.data.default_branch,\n        enforceAdmins,\n        dismissStaleReviews,\n        requiredCommitSigning,\n      });\n    },\n  });\n}\n"],"names":["createTemplateAction","examples","inputProps.repoUrl","inputProps.protectEnforceAdmins","inputProps.requiredApprovingReviewCount","inputProps.requireCodeOwnerReviews","inputProps.dismissStaleReviews","inputProps.bypassPullRequestAllowances","inputProps.restrictions","inputProps.requiredStatusCheckContexts","inputProps.requireBranchesToBeUpToDate","inputProps.requiredConversationResolution","inputProps.requireLastPushApproval","inputProps.requiredCommitSigning","inputProps.token","getOctokitOptions","Octokit","parseRepoUrl","InputError","enableBranchProtectionOnDefaultRepoBranch"],"mappings":";;;;;;;;;;AAiCO,SAAS,mCAAmC,OAEhD,EAAA;AACD,EAAM,MAAA,EAAE,cAAiB,GAAA,OAAA,CAAA;AAEzB,EAAA,OAAOA,yCA2BJ,CAAA;AAAA,IACD,EAAI,EAAA,iCAAA;AAAA,IACJ,WAAa,EAAA,8BAAA;AAAA,cACbC,wCAAA;AAAA,IACA,MAAQ,EAAA;AAAA,MACN,KAAO,EAAA;AAAA,QACL,IAAM,EAAA,QAAA;AAAA,QACN,QAAA,EAAU,CAAC,SAAS,CAAA;AAAA,QACpB,UAAY,EAAA;AAAA,UACV,SAASC,uBAAW;AAAA,UACpB,MAAQ,EAAA;AAAA,YACN,KAAO,EAAA,aAAA;AAAA,YACP,WAAa,EAAA,CAAA,kEAAA,CAAA;AAAA,YACb,IAAM,EAAA,QAAA;AAAA,WACR;AAAA,UACA,eAAeC,oCAAW;AAAA,UAC1B,8BAA8BC,4CAAW;AAAA,UACzC,yBAAyBC,uCAAW;AAAA,UACpC,qBAAqBC,mCAAW;AAAA,UAChC,6BAA6BC,2CAAW;AAAA,UACxC,cAAcC,4BAAW;AAAA,UACzB,6BAA6BC,2CAAW;AAAA,UACxC,6BAA6BC,2CAAW;AAAA,UACxC,gCACEC,8CAAW;AAAA,UACb,yBAAyBC,uCAAW;AAAA,UACpC,uBAAuBC,qCAAW;AAAA,UAClC,OAAOC,qBAAW;AAAA,SACpB;AAAA,OACF;AAAA,KACF;AAAA,IACA,MAAM,QAAQ,GAAK,EAAA;AACjB,MAAM,MAAA;AAAA,QACJ,OAAA;AAAA,QACA,MAAA;AAAA,QACA,aAAgB,GAAA,IAAA;AAAA,QAChB,4BAA+B,GAAA,CAAA;AAAA,QAC/B,uBAA0B,GAAA,KAAA;AAAA,QAC1B,mBAAsB,GAAA,KAAA;AAAA,QACtB,2BAAA;AAAA,QACA,YAAA;AAAA,QACA,8BAA8B,EAAC;AAAA,QAC/B,2BAA8B,GAAA,IAAA;AAAA,QAC9B,8BAAiC,GAAA,KAAA;AAAA,QACjC,uBAA0B,GAAA,KAAA;AAAA,QAC1B,qBAAwB,GAAA,KAAA;AAAA,QACxB,KAAO,EAAA,aAAA;AAAA,UACL,GAAI,CAAA,KAAA,CAAA;AAER,MAAM,MAAA,cAAA,GAAiB,MAAMC,yBAAkB,CAAA;AAAA,QAC7C,YAAA;AAAA,QACA,KAAO,EAAA,aAAA;AAAA,QACP,OAAA;AAAA,OACD,CAAA,CAAA;AACD,MAAM,MAAA,MAAA,GAAS,IAAIC,eAAA,CAAQ,cAAc,CAAA,CAAA;AAEzC,MAAA,MAAM,EAAE,KAAO,EAAA,IAAA,EAAS,GAAAC,iCAAA,CAAa,SAAS,YAAY,CAAA,CAAA;AAE1D,MAAA,IAAI,CAAC,KAAO,EAAA;AACV,QAAA,MAAM,IAAIC,iBAAA,CAAW,CAA8B,2BAAA,EAAA,OAAO,CAAE,CAAA,CAAA,CAAA;AAAA,OAC9D;AAEA,MAAA,MAAM,UAAa,GAAA,MAAM,MAAO,CAAA,IAAA,CAAK,MAAM,GAAI,CAAA;AAAA,QAC7C,KAAA;AAAA,QACA,IAAA;AAAA,OACD,CAAA,CAAA;AAED,MAAA,MAAMC,oDAA0C,CAAA;AAAA,QAC9C,QAAU,EAAA,IAAA;AAAA,QACV,MAAA;AAAA,QACA,KAAA;AAAA,QACA,QAAQ,GAAI,CAAA,MAAA;AAAA,QACZ,uBAAA;AAAA,QACA,2BAAA;AAAA,QACA,4BAAA;AAAA,QACA,YAAA;AAAA,QACA,2BAAA;AAAA,QACA,2BAAA;AAAA,QACA,8BAAA;AAAA,QACA,uBAAA;AAAA,QACA,aAAA,EAAe,MAAU,IAAA,UAAA,CAAW,IAAK,CAAA,cAAA;AAAA,QACzC,aAAA;AAAA,QACA,mBAAA;AAAA,QACA,qBAAA;AAAA,OACD,CAAA,CAAA;AAAA,KACH;AAAA,GACD,CAAA,CAAA;AACH;;;;"}

package/dist/actions/githubBranchProtection.examples.cjs.js

@@ -0,0 +1,62 @@
+'use strict';
+
+var yaml = require('yaml');
+
+function _interopDefaultCompat (e) { return e && typeof e === 'object' && 'default' in e ? e : { default: e }; }
+
+var yaml__default = /*#__PURE__*/_interopDefaultCompat(yaml);
+
+const examples = [
+  {
+    description: `GitHub Branch Protection for repository's default branch.`,
+    example: yaml__default.default.stringify({
+      steps: [
+        {
+          action: "github:branch-protection:create",
+          name: "Setup Branch Protection",
+          input: {
+            repoUrl: "github.com?repo=repo&owner=owner"
+          }
+        }
+      ]
+    })
+  },
+  {
+    description: `GitHub Branch Protection for a specific branch.`,
+    example: yaml__default.default.stringify({
+      steps: [
+        {
+          action: "github:branch-protection:create",
+          name: "Setup Branch Protection",
+          input: {
+            repoUrl: "github.com?repo=repo&owner=owner",
+            branch: "my-awesome-branch"
+          }
+        }
+      ]
+    })
+  },
+  {
+    description: `GitHub Branch Protection and required commit signing on default branch.`,
+    example: yaml__default.default.stringify({
+      steps: [
+        {
+          action: "github:branch-protection:create",
+          name: "Setup Branch Protection",
+          input: {
+            repoUrl: "github.com?repo=repo&owner=owner",
+            requireCodeOwnerReviews: true,
+            requiredStatusCheckContexts: ["test"],
+            dismissStaleReviews: true,
+            requireLastPushApproval: true,
+            requiredConversationResolution: true,
+            requiredCommitSigning: true
+          }
+        }
+      ]
+    })
+  }
+];
+
+exports.examples = examples;
+//# sourceMappingURL=githubBranchProtection.examples.cjs.js.map

package/dist/actions/githubBranchProtection.examples.cjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"githubBranchProtection.examples.cjs.js","sources":["../../src/actions/githubBranchProtection.examples.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { TemplateExample } from '@backstage/plugin-scaffolder-node';\nimport yaml from 'yaml';\n\nexport const examples: TemplateExample[] = [\n  {\n    description: `GitHub Branch Protection for repository's default branch.`,\n    example: yaml.stringify({\n      steps: [\n        {\n          action: 'github:branch-protection:create',\n          name: 'Setup Branch Protection',\n          input: {\n            repoUrl: 'github.com?repo=repo&owner=owner',\n          },\n        },\n      ],\n    }),\n  },\n  {\n    description: `GitHub Branch Protection for a specific branch.`,\n    example: yaml.stringify({\n      steps: [\n        {\n          action: 'github:branch-protection:create',\n          name: 'Setup Branch Protection',\n          input: {\n            repoUrl: 'github.com?repo=repo&owner=owner',\n            branch: 'my-awesome-branch',\n          },\n        },\n      ],\n    }),\n  },\n  {\n    description: `GitHub Branch Protection and required commit signing on default branch.`,\n    example: yaml.stringify({\n      steps: [\n        {\n          action: 'github:branch-protection:create',\n          name: 'Setup Branch Protection',\n          input: {\n            repoUrl: 'github.com?repo=repo&owner=owner',\n            requireCodeOwnerReviews: true,\n            requiredStatusCheckContexts: ['test'],\n            dismissStaleReviews: true,\n            requireLastPushApproval: true,\n            requiredConversationResolution: true,\n            requiredCommitSigning: true,\n          },\n        },\n      ],\n    }),\n  },\n];\n"],"names":["yaml"],"mappings":";;;;;;;;AAmBO,MAAM,QAA8B,GAAA;AAAA,EACzC;AAAA,IACE,WAAa,EAAA,CAAA,yDAAA,CAAA;AAAA,IACb,OAAA,EAASA,sBAAK,SAAU,CAAA;AAAA,MACtB,KAAO,EAAA;AAAA,QACL;AAAA,UACE,MAAQ,EAAA,iCAAA;AAAA,UACR,IAAM,EAAA,yBAAA;AAAA,UACN,KAAO,EAAA;AAAA,YACL,OAAS,EAAA,kCAAA;AAAA,WACX;AAAA,SACF;AAAA,OACF;AAAA,KACD,CAAA;AAAA,GACH;AAAA,EACA;AAAA,IACE,WAAa,EAAA,CAAA,+CAAA,CAAA;AAAA,IACb,OAAA,EAASA,sBAAK,SAAU,CAAA;AAAA,MACtB,KAAO,EAAA;AAAA,QACL;AAAA,UACE,MAAQ,EAAA,iCAAA;AAAA,UACR,IAAM,EAAA,yBAAA;AAAA,UACN,KAAO,EAAA;AAAA,YACL,OAAS,EAAA,kCAAA;AAAA,YACT,MAAQ,EAAA,mBAAA;AAAA,WACV;AAAA,SACF;AAAA,OACF;AAAA,KACD,CAAA;AAAA,GACH;AAAA,EACA;AAAA,IACE,WAAa,EAAA,CAAA,uEAAA,CAAA;AAAA,IACb,OAAA,EAASA,sBAAK,SAAU,CAAA;AAAA,MACtB,KAAO,EAAA;AAAA,QACL;AAAA,UACE,MAAQ,EAAA,iCAAA;AAAA,UACR,IAAM,EAAA,yBAAA;AAAA,UACN,KAAO,EAAA;AAAA,YACL,OAAS,EAAA,kCAAA;AAAA,YACT,uBAAyB,EAAA,IAAA;AAAA,YACzB,2BAAA,EAA6B,CAAC,MAAM,CAAA;AAAA,YACpC,mBAAqB,EAAA,IAAA;AAAA,YACrB,uBAAyB,EAAA,IAAA;AAAA,YACzB,8BAAgC,EAAA,IAAA;AAAA,YAChC,qBAAuB,EAAA,IAAA;AAAA,WACzB;AAAA,SACF;AAAA,OACF;AAAA,KACD,CAAA;AAAA,GACH;AACF;;;;"}

package/dist/actions/githubDeployKey.cjs.js

@@ -0,0 +1,123 @@
+'use strict';
+
+var errors = require('@backstage/errors');
+var pluginScaffolderNode = require('@backstage/plugin-scaffolder-node');
+var helpers = require('./helpers.cjs.js');
+var octokit = require('octokit');
+var Sodium = require('libsodium-wrappers');
+var githubDeployKey_examples = require('./githubDeployKey.examples.cjs.js');
+
+function _interopDefaultCompat (e) { return e && typeof e === 'object' && 'default' in e ? e : { default: e }; }
+
+var Sodium__default = /*#__PURE__*/_interopDefaultCompat(Sodium);
+
+function createGithubDeployKeyAction(options) {
+  const { integrations } = options;
+  return pluginScaffolderNode.createTemplateAction({
+    id: "github:deployKey:create",
+    description: "Creates and stores Deploy Keys",
+    examples: githubDeployKey_examples.examples,
+    schema: {
+      input: {
+        type: "object",
+        required: ["repoUrl", "publicKey", "privateKey", "deployKeyName"],
+        properties: {
+          repoUrl: {
+            title: "Repository Location",
+            description: `Accepts the format 'github.com?repo=reponame&owner=owner' where 'reponame' is the new repository name and 'owner' is an organization or username`,
+            type: "string"
+          },
+          publicKey: {
+            title: "SSH Public Key",
+            description: `Generated from ssh-keygen.  Begins with 'ssh-rsa', 'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', 'ecdsa-sha2-nistp521', 'ssh-ed25519', 'sk-ecdsa-sha2-nistp256@openssh.com', or 'sk-ssh-ed25519@openssh.com'.`,
+            type: "string"
+          },
+          privateKey: {
+            title: "SSH Private Key",
+            description: `SSH Private Key generated from ssh-keygen`,
+            type: "string"
+          },
+          deployKeyName: {
+            title: "Deploy Key Name",
+            description: `Name of the Deploy Key`,
+            type: "string"
+          },
+          privateKeySecretName: {
+            title: "Private Key GitHub Secret Name",
+            description: `Name of the GitHub Secret to store the private key related to the Deploy Key.  Defaults to: 'KEY_NAME_PRIVATE_KEY' where 'KEY_NAME' is the name of the Deploy Key`,
+            type: "string"
+          },
+          token: {
+            title: "Authentication Token",
+            type: "string",
+            description: "The token to use for authorization to GitHub"
+          }
+        }
+      },
+      output: {
+        type: "object",
+        properties: {
+          privateKeySecretName: {
+            title: "The GitHub Action Repo Secret Name for the Private Key",
+            type: "string"
+          }
+        }
+      }
+    },
+    async handler(ctx) {
+      const {
+        repoUrl,
+        publicKey,
+        privateKey,
+        deployKeyName,
+        privateKeySecretName = `${deployKeyName.split(" ").join("_").toLocaleUpperCase("en-US")}_PRIVATE_KEY`,
+        token: providedToken
+      } = ctx.input;
+      const octokitOptions = await helpers.getOctokitOptions({
+        integrations,
+        token: providedToken,
+        repoUrl
+      });
+      const { owner, repo } = pluginScaffolderNode.parseRepoUrl(repoUrl, integrations);
+      if (!owner) {
+        throw new errors.InputError(`No owner provided for repo ${repoUrl}`);
+      }
+      const client = new octokit.Octokit(octokitOptions);
+      await client.rest.repos.createDeployKey({
+        owner,
+        repo,
+        title: deployKeyName,
+        key: publicKey
+      });
+      const publicKeyResponse = await client.rest.actions.getRepoPublicKey({
+        owner,
+        repo
+      });
+      await Sodium__default.default.ready;
+      const binaryKey = Sodium__default.default.from_base64(
+        publicKeyResponse.data.key,
+        Sodium__default.default.base64_variants.ORIGINAL
+      );
+      const binarySecret = Sodium__default.default.from_string(privateKey);
+      const encryptedBinarySecret = Sodium__default.default.crypto_box_seal(
+        binarySecret,
+        binaryKey
+      );
+      const encryptedBase64Secret = Sodium__default.default.to_base64(
+        encryptedBinarySecret,
+        Sodium__default.default.base64_variants.ORIGINAL
+      );
+      await client.rest.actions.createOrUpdateRepoSecret({
+        owner,
+        repo,
+        secret_name: privateKeySecretName,
+        encrypted_value: encryptedBase64Secret,
+        key_id: publicKeyResponse.data.key_id
+      });
+      ctx.output("privateKeySecretName", privateKeySecretName);
+    }
+  });
+}
+
+exports.createGithubDeployKeyAction = createGithubDeployKeyAction;
+//# sourceMappingURL=githubDeployKey.cjs.js.map

package/dist/actions/githubDeployKey.cjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"githubDeployKey.cjs.js","sources":["../../src/actions/githubDeployKey.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { InputError } from '@backstage/errors';\nimport {\n  createTemplateAction,\n  parseRepoUrl,\n} from '@backstage/plugin-scaffolder-node';\nimport { ScmIntegrationRegistry } from '@backstage/integration';\nimport { getOctokitOptions } from './helpers';\nimport { Octokit } from 'octokit';\nimport Sodium from 'libsodium-wrappers';\nimport { examples } from './githubDeployKey.examples';\n\n/**\n * Creates an `github:deployKey:create` Scaffolder action that creates a Deploy Key\n *\n * @public\n */\nexport function createGithubDeployKeyAction(options: {\n  integrations: ScmIntegrationRegistry;\n}) {\n  const { integrations } = options;\n  // For more information on how to define custom actions, see\n  //   https://backstage.io/docs/features/software-templates/writing-custom-actions\n  return createTemplateAction<{\n    repoUrl: string;\n    publicKey: string;\n    privateKey: string;\n    deployKeyName: string;\n    privateKeySecretName?: string;\n    token?: string;\n  }>({\n    id: 'github:deployKey:create',\n    description: 'Creates and stores Deploy Keys',\n    examples,\n    schema: {\n      input: {\n        type: 'object',\n        required: ['repoUrl', 'publicKey', 'privateKey', 'deployKeyName'],\n        properties: {\n          repoUrl: {\n            title: 'Repository Location',\n            description: `Accepts the format 'github.com?repo=reponame&owner=owner' where 'reponame' is the new repository name and 'owner' is an organization or username`,\n            type: 'string',\n          },\n          publicKey: {\n            title: 'SSH Public Key',\n            description: `Generated from ssh-keygen.  Begins with 'ssh-rsa', 'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', 'ecdsa-sha2-nistp521', 'ssh-ed25519', 'sk-ecdsa-sha2-nistp256@openssh.com', or 'sk-ssh-ed25519@openssh.com'.`,\n            type: 'string',\n          },\n          privateKey: {\n            title: 'SSH Private Key',\n            description: `SSH Private Key generated from ssh-keygen`,\n            type: 'string',\n          },\n          deployKeyName: {\n            title: 'Deploy Key Name',\n            description: `Name of the Deploy Key`,\n            type: 'string',\n          },\n          privateKeySecretName: {\n            title: 'Private Key GitHub Secret Name',\n            description: `Name of the GitHub Secret to store the private key related to the Deploy Key.  Defaults to: 'KEY_NAME_PRIVATE_KEY' where 'KEY_NAME' is the name of the Deploy Key`,\n            type: 'string',\n          },\n          token: {\n            title: 'Authentication Token',\n            type: 'string',\n            description: 'The token to use for authorization to GitHub',\n          },\n        },\n      },\n      output: {\n        type: 'object',\n        properties: {\n          privateKeySecretName: {\n            title: 'The GitHub Action Repo Secret Name for the Private Key',\n            type: 'string',\n          },\n        },\n      },\n    },\n    async handler(ctx) {\n      const {\n        repoUrl,\n        publicKey,\n        privateKey,\n        deployKeyName,\n        privateKeySecretName = `${deployKeyName\n          .split(' ')\n          .join('_')\n          .toLocaleUpperCase('en-US')}_PRIVATE_KEY`,\n        token: providedToken,\n      } = ctx.input;\n\n      const octokitOptions = await getOctokitOptions({\n        integrations,\n        token: providedToken,\n        repoUrl: repoUrl,\n      });\n\n      const { owner, repo } = parseRepoUrl(repoUrl, integrations);\n\n      if (!owner) {\n        throw new InputError(`No owner provided for repo ${repoUrl}`);\n      }\n\n      const client = new Octokit(octokitOptions);\n\n      await client.rest.repos.createDeployKey({\n        owner: owner,\n        repo: repo,\n        title: deployKeyName,\n        key: publicKey,\n      });\n      const publicKeyResponse = await client.rest.actions.getRepoPublicKey({\n        owner: owner,\n        repo: repo,\n      });\n\n      await Sodium.ready;\n      const binaryKey = Sodium.from_base64(\n        publicKeyResponse.data.key,\n        Sodium.base64_variants.ORIGINAL,\n      );\n      const binarySecret = Sodium.from_string(privateKey);\n      const encryptedBinarySecret = Sodium.crypto_box_seal(\n        binarySecret,\n        binaryKey,\n      );\n      const encryptedBase64Secret = Sodium.to_base64(\n        encryptedBinarySecret,\n        Sodium.base64_variants.ORIGINAL,\n      );\n\n      await client.rest.actions.createOrUpdateRepoSecret({\n        owner: owner,\n        repo: repo,\n        secret_name: privateKeySecretName,\n        encrypted_value: encryptedBase64Secret,\n        key_id: publicKeyResponse.data.key_id,\n      });\n\n      ctx.output('privateKeySecretName', privateKeySecretName);\n    },\n  });\n}\n"],"names":["createTemplateAction","examples","getOctokitOptions","parseRepoUrl","InputError","Octokit","Sodium"],"mappings":";;;;;;;;;;;;;AAgCO,SAAS,4BAA4B,OAEzC,EAAA;AACD,EAAM,MAAA,EAAE,cAAiB,GAAA,OAAA,CAAA;AAGzB,EAAA,OAAOA,yCAOJ,CAAA;AAAA,IACD,EAAI,EAAA,yBAAA;AAAA,IACJ,WAAa,EAAA,gCAAA;AAAA,cACbC,iCAAA;AAAA,IACA,MAAQ,EAAA;AAAA,MACN,KAAO,EAAA;AAAA,QACL,IAAM,EAAA,QAAA;AAAA,QACN,QAAU,EAAA,CAAC,SAAW,EAAA,WAAA,EAAa,cAAc,eAAe,CAAA;AAAA,QAChE,UAAY,EAAA;AAAA,UACV,OAAS,EAAA;AAAA,YACP,KAAO,EAAA,qBAAA;AAAA,YACP,WAAa,EAAA,CAAA,gJAAA,CAAA;AAAA,YACb,IAAM,EAAA,QAAA;AAAA,WACR;AAAA,UACA,SAAW,EAAA;AAAA,YACT,KAAO,EAAA,gBAAA;AAAA,YACP,WAAa,EAAA,CAAA,6MAAA,CAAA;AAAA,YACb,IAAM,EAAA,QAAA;AAAA,WACR;AAAA,UACA,UAAY,EAAA;AAAA,YACV,KAAO,EAAA,iBAAA;AAAA,YACP,WAAa,EAAA,CAAA,yCAAA,CAAA;AAAA,YACb,IAAM,EAAA,QAAA;AAAA,WACR;AAAA,UACA,aAAe,EAAA;AAAA,YACb,KAAO,EAAA,iBAAA;AAAA,YACP,WAAa,EAAA,CAAA,sBAAA,CAAA;AAAA,YACb,IAAM,EAAA,QAAA;AAAA,WACR;AAAA,UACA,oBAAsB,EAAA;AAAA,YACpB,KAAO,EAAA,gCAAA;AAAA,YACP,WAAa,EAAA,CAAA,iKAAA,CAAA;AAAA,YACb,IAAM,EAAA,QAAA;AAAA,WACR;AAAA,UACA,KAAO,EAAA;AAAA,YACL,KAAO,EAAA,sBAAA;AAAA,YACP,IAAM,EAAA,QAAA;AAAA,YACN,WAAa,EAAA,8CAAA;AAAA,WACf;AAAA,SACF;AAAA,OACF;AAAA,MACA,MAAQ,EAAA;AAAA,QACN,IAAM,EAAA,QAAA;AAAA,QACN,UAAY,EAAA;AAAA,UACV,oBAAsB,EAAA;AAAA,YACpB,KAAO,EAAA,wDAAA;AAAA,YACP,IAAM,EAAA,QAAA;AAAA,WACR;AAAA,SACF;AAAA,OACF;AAAA,KACF;AAAA,IACA,MAAM,QAAQ,GAAK,EAAA;AACjB,MAAM,MAAA;AAAA,QACJ,OAAA;AAAA,QACA,SAAA;AAAA,QACA,UAAA;AAAA,QACA,aAAA;AAAA,QACA,oBAAA,GAAuB,CAAG,EAAA,aAAA,CACvB,KAAM,CAAA,GAAG,CACT,CAAA,IAAA,CAAK,GAAG,CAAA,CACR,iBAAkB,CAAA,OAAO,CAAC,CAAA,YAAA,CAAA;AAAA,QAC7B,KAAO,EAAA,aAAA;AAAA,UACL,GAAI,CAAA,KAAA,CAAA;AAER,MAAM,MAAA,cAAA,GAAiB,MAAMC,yBAAkB,CAAA;AAAA,QAC7C,YAAA;AAAA,QACA,KAAO,EAAA,aAAA;AAAA,QACP,OAAA;AAAA,OACD,CAAA,CAAA;AAED,MAAA,MAAM,EAAE,KAAO,EAAA,IAAA,EAAS,GAAAC,iCAAA,CAAa,SAAS,YAAY,CAAA,CAAA;AAE1D,MAAA,IAAI,CAAC,KAAO,EAAA;AACV,QAAA,MAAM,IAAIC,iBAAA,CAAW,CAA8B,2BAAA,EAAA,OAAO,CAAE,CAAA,CAAA,CAAA;AAAA,OAC9D;AAEA,MAAM,MAAA,MAAA,GAAS,IAAIC,eAAA,CAAQ,cAAc,CAAA,CAAA;AAEzC,MAAM,MAAA,MAAA,CAAO,IAAK,CAAA,KAAA,CAAM,eAAgB,CAAA;AAAA,QACtC,KAAA;AAAA,QACA,IAAA;AAAA,QACA,KAAO,EAAA,aAAA;AAAA,QACP,GAAK,EAAA,SAAA;AAAA,OACN,CAAA,CAAA;AACD,MAAA,MAAM,iBAAoB,GAAA,MAAM,MAAO,CAAA,IAAA,CAAK,QAAQ,gBAAiB,CAAA;AAAA,QACnE,KAAA;AAAA,QACA,IAAA;AAAA,OACD,CAAA,CAAA;AAED,MAAA,MAAMC,uBAAO,CAAA,KAAA,CAAA;AACb,MAAA,MAAM,YAAYA,uBAAO,CAAA,WAAA;AAAA,QACvB,kBAAkB,IAAK,CAAA,GAAA;AAAA,QACvBA,wBAAO,eAAgB,CAAA,QAAA;AAAA,OACzB,CAAA;AACA,MAAM,MAAA,YAAA,GAAeA,uBAAO,CAAA,WAAA,CAAY,UAAU,CAAA,CAAA;AAClD,MAAA,MAAM,wBAAwBA,uBAAO,CAAA,eAAA;AAAA,QACnC,YAAA;AAAA,QACA,SAAA;AAAA,OACF,CAAA;AACA,MAAA,MAAM,wBAAwBA,uBAAO,CAAA,SAAA;AAAA,QACnC,qBAAA;AAAA,QACAA,wBAAO,eAAgB,CAAA,QAAA;AAAA,OACzB,CAAA;AAEA,MAAM,MAAA,MAAA,CAAO,IAAK,CAAA,OAAA,CAAQ,wBAAyB,CAAA;AAAA,QACjD,KAAA;AAAA,QACA,IAAA;AAAA,QACA,WAAa,EAAA,oBAAA;AAAA,QACb,eAAiB,EAAA,qBAAA;AAAA,QACjB,MAAA,EAAQ,kBAAkB,IAAK,CAAA,MAAA;AAAA,OAChC,CAAA,CAAA;AAED,MAAI,GAAA,CAAA,MAAA,CAAO,wBAAwB,oBAAoB,CAAA,CAAA;AAAA,KACzD;AAAA,GACD,CAAA,CAAA;AACH;;;;"}

package/dist/actions/githubDeployKey.examples.cjs.js

@@ -0,0 +1,30 @@
+'use strict';
+
+var yaml = require('yaml');
+
+function _interopDefaultCompat (e) { return e && typeof e === 'object' && 'default' in e ? e : { default: e }; }
+
+var yaml__default = /*#__PURE__*/_interopDefaultCompat(yaml);
+
+const examples = [
+  {
+    description: "Example 1: Create and store a Deploy Key",
+    example: yaml__default.default.stringify({
+      steps: [
+        {
+          action: "github:deployKey:create",
+          name: "Create and store a Deploy Key",
+          input: {
+            repoUrl: "github.com?repo=repository&owner=owner",
+            publicKey: "pubkey",
+            privateKey: "privkey",
+            deployKeyName: "Push Tags"
+          }
+        }
+      ]
+    })
+  }
+];
+
+exports.examples = examples;
+//# sourceMappingURL=githubDeployKey.examples.cjs.js.map

package/dist/actions/githubDeployKey.examples.cjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"githubDeployKey.examples.cjs.js","sources":["../../src/actions/githubDeployKey.examples.ts"],"sourcesContent":["/*\n * Copyright 2023 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { TemplateExample } from '@backstage/plugin-scaffolder-node';\nimport yaml from 'yaml';\n\nexport const examples: TemplateExample[] = [\n  {\n    description: 'Example 1: Create and store a Deploy Key',\n    example: yaml.stringify({\n      steps: [\n        {\n          action: 'github:deployKey:create',\n          name: 'Create and store a Deploy Key',\n          input: {\n            repoUrl: 'github.com?repo=repository&owner=owner',\n            publicKey: 'pubkey',\n            privateKey: 'privkey',\n            deployKeyName: 'Push Tags',\n          },\n        },\n      ],\n    }),\n  },\n];\n"],"names":["yaml"],"mappings":";;;;;;;;AAkBO,MAAM,QAA8B,GAAA;AAAA,EACzC;AAAA,IACE,WAAa,EAAA,0CAAA;AAAA,IACb,OAAA,EAASA,sBAAK,SAAU,CAAA;AAAA,MACtB,KAAO,EAAA;AAAA,QACL;AAAA,UACE,MAAQ,EAAA,yBAAA;AAAA,UACR,IAAM,EAAA,+BAAA;AAAA,UACN,KAAO,EAAA;AAAA,YACL,OAAS,EAAA,wCAAA;AAAA,YACT,SAAW,EAAA,QAAA;AAAA,YACX,UAAY,EAAA,SAAA;AAAA,YACZ,aAAe,EAAA,WAAA;AAAA,WACjB;AAAA,SACF;AAAA,OACF;AAAA,KACD,CAAA;AAAA,GACH;AACF;;;;"}

package/dist/actions/githubEnvironment.cjs.js

@@ -0,0 +1,255 @@
+'use strict';
+
+var errors = require('@backstage/errors');
+var pluginScaffolderNode = require('@backstage/plugin-scaffolder-node');
+var helpers = require('./helpers.cjs.js');
+var octokit = require('octokit');
+var Sodium = require('libsodium-wrappers');
+var gitHubEnvironment_examples = require('./gitHubEnvironment.examples.cjs.js');
+
+function _interopDefaultCompat (e) { return e && typeof e === 'object' && 'default' in e ? e : { default: e }; }
+
+var Sodium__default = /*#__PURE__*/_interopDefaultCompat(Sodium);
+
+function createGithubEnvironmentAction(options) {
+  const { integrations, catalogClient } = options;
+  return pluginScaffolderNode.createTemplateAction({
+    id: "github:environment:create",
+    description: "Creates Deployment Environments",
+    examples: gitHubEnvironment_examples.examples,
+    schema: {
+      input: {
+        type: "object",
+        required: ["repoUrl", "name"],
+        properties: {
+          repoUrl: {
+            title: "Repository Location",
+            description: `Accepts the format 'github.com?repo=reponame&owner=owner' where 'reponame' is the new repository name and 'owner' is an organization or username`,
+            type: "string"
+          },
+          name: {
+            title: "Environment Name",
+            description: `Name of the deployment environment to create`,
+            type: "string"
+          },
+          deploymentBranchPolicy: {
+            title: "Deployment Branch Policy",
+            description: `The type of deployment branch policy for this environment. To allow all branches to deploy, set to null.`,
+            type: "object",
+            required: ["protected_branches", "custom_branch_policies"],
+            properties: {
+              protected_branches: {
+                title: "Protected Branches",
+                description: `Whether only branches with branch protection rules can deploy to this environment. If protected_branches is true, custom_branch_policies must be false; if protected_branches is false, custom_branch_policies must be true.`,
+                type: "boolean"
+              },
+              custom_branch_policies: {
+                title: "Custom Branch Policies",
+                description: `Whether only branches that match the specified name patterns can deploy to this environment. If custom_branch_policies is true, protected_branches must be false; if custom_branch_policies is false, protected_branches must be true.`,
+                type: "boolean"
+              }
+            }
+          },
+          customBranchPolicyNames: {
+            title: "Custom Branch Policy Name",
+            description: `The name pattern that branches must match in order to deploy to the environment.
+
+            Wildcard characters will not match /. For example, to match branches that begin with release/ and contain an additional single slash, use release/*/*. For more information about pattern matching syntax, see the Ruby File.fnmatch documentation.`,
+            type: "array",
+            items: {
+              type: "string"
+            }
+          },
+          customTagPolicyNames: {
+            title: "Custom Tag Policy Name",
+            description: `The name pattern that tags must match in order to deploy to the environment.
+
+            Wildcard characters will not match /. For example, to match tags that begin with release/ and contain an additional single slash, use release/*/*. For more information about pattern matching syntax, see the Ruby File.fnmatch documentation.`,
+            type: "array",
+            items: {
+              type: "string"
+            }
+          },
+          environmentVariables: {
+            title: "Environment Variables",
+            description: `Environment variables attached to the deployment environment`,
+            type: "object"
+          },
+          secrets: {
+            title: "Deployment Secrets",
+            description: `Secrets attached to the deployment environment`,
+            type: "object"
+          },
+          token: {
+            title: "Authentication Token",
+            type: "string",
+            description: "The token to use for authorization to GitHub"
+          },
+          waitTimer: {
+            title: "Wait Timer",
+            type: "integer",
+            description: "The time to wait before creating or updating the environment (in milliseconds)"
+          },
+          preventSelfReview: {
+            title: "Prevent Self Review",
+            type: "boolean",
+            description: "Whether to prevent self-review for this environment"
+          },
+          reviewers: {
+            title: "Reviewers",
+            type: "array",
+            description: "Reviewers for this environment",
+            items: {
+              type: "string"
+            }
+          }
+        }
+      }
+    },
+    async handler(ctx) {
+      const {
+        repoUrl,
+        name,
+        deploymentBranchPolicy,
+        customBranchPolicyNames,
+        customTagPolicyNames,
+        environmentVariables,
+        secrets,
+        token: providedToken,
+        waitTimer,
+        preventSelfReview,
+        reviewers
+      } = ctx.input;
+      await new Promise((resolve) => setTimeout(resolve, 2e3));
+      const octokitOptions = await helpers.getOctokitOptions({
+        integrations,
+        token: providedToken,
+        repoUrl
+      });
+      const { owner, repo } = pluginScaffolderNode.parseRepoUrl(repoUrl, integrations);
+      if (!owner) {
+        throw new errors.InputError(`No owner provided for repo ${repoUrl}`);
+      }
+      const client = new octokit.Octokit(octokitOptions);
+      const repository = await client.rest.repos.get({
+        owner,
+        repo
+      });
+      const githubReviewers = [];
+      if (reviewers) {
+        let reviewersEntityRefs = [];
+        const catalogResponse = await catalogClient?.getEntitiesByRefs({
+          entityRefs: reviewers
+        });
+        if (catalogResponse?.items?.length) {
+          reviewersEntityRefs = catalogResponse.items;
+        }
+        for (const reviewerEntityRef of reviewersEntityRefs) {
+          if (reviewerEntityRef?.kind === "User") {
+            try {
+              const user = await client.rest.users.getByUsername({
+                username: reviewerEntityRef.metadata.name
+              });
+              githubReviewers.push({
+                type: "User",
+                id: user.data.id
+              });
+            } catch (error) {
+              ctx.logger.error("User not found:", error);
+            }
+          } else if (reviewerEntityRef?.kind === "Group") {
+            try {
+              const team = await client.rest.teams.getByName({
+                org: owner,
+                team_slug: reviewerEntityRef.metadata.name
+              });
+              githubReviewers.push({
+                type: "Team",
+                id: team.data.id
+              });
+            } catch (error) {
+              ctx.logger.error("Team not found:", error);
+            }
+          }
+        }
+      }
+      await client.rest.repos.createOrUpdateEnvironment({
+        owner,
+        repo,
+        environment_name: name,
+        deployment_branch_policy: deploymentBranchPolicy ?? null,
+        wait_timer: waitTimer ?? 0,
+        prevent_self_review: preventSelfReview ?? false,
+        reviewers: githubReviewers.length ? githubReviewers : null
+      });
+      if (customBranchPolicyNames) {
+        for (const item of customBranchPolicyNames) {
+          await client.rest.repos.createDeploymentBranchPolicy({
+            owner,
+            repo,
+            type: "branch",
+            environment_name: name,
+            name: item
+          });
+        }
+      }
+      if (customTagPolicyNames) {
+        for (const item of customTagPolicyNames) {
+          await client.rest.repos.createDeploymentBranchPolicy({
+            owner,
+            repo,
+            type: "tag",
+            environment_name: name,
+            name: item
+          });
+        }
+      }
+      for (const [key, value] of Object.entries(environmentVariables ?? {})) {
+        await client.rest.actions.createEnvironmentVariable({
+          repository_id: repository.data.id,
+          owner,
+          repo,
+          environment_name: name,
+          name: key,
+          value
+        });
+      }
+      if (secrets) {
+        const publicKeyResponse = await client.rest.actions.getEnvironmentPublicKey({
+          repository_id: repository.data.id,
+          owner,
+          repo,
+          environment_name: name
+        });
+        await Sodium__default.default.ready;
+        const binaryKey = Sodium__default.default.from_base64(
+          publicKeyResponse.data.key,
+          Sodium__default.default.base64_variants.ORIGINAL
+        );
+        for (const [key, value] of Object.entries(secrets)) {
+          const binarySecret = Sodium__default.default.from_string(value);
+          const encryptedBinarySecret = Sodium__default.default.crypto_box_seal(
+            binarySecret,
+            binaryKey
+          );
+          const encryptedBase64Secret = Sodium__default.default.to_base64(
+            encryptedBinarySecret,
+            Sodium__default.default.base64_variants.ORIGINAL
+          );
+          await client.rest.actions.createOrUpdateEnvironmentSecret({
+            repository_id: repository.data.id,
+            owner,
+            repo,
+            environment_name: name,
+            secret_name: key,
+            encrypted_value: encryptedBase64Secret,
+            key_id: publicKeyResponse.data.key_id
+          });
+        }
+      }
+    }
+  });
+}
+
+exports.createGithubEnvironmentAction = createGithubEnvironmentAction;
+//# sourceMappingURL=githubEnvironment.cjs.js.map