@cloudsnorkel/cdk-github-runners 0.3.0 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.gitattributes +3 -0
- package/.jsii +1488 -374
- package/API.md +1174 -86
- package/README.md +19 -17
- package/lib/index.d.ts +2 -1
- package/lib/index.js +4 -1
- package/lib/lambdas/aws-image-builder-versioner/index.js +2469 -0
- package/lib/lambdas/build-image/index.js +77 -43
- package/lib/lambdas/delete-runner/index.js +4276 -2096
- package/lib/lambdas/setup/index.html +37 -0
- package/lib/lambdas/setup/index.js +166 -266
- package/lib/lambdas/status/index.js +4311 -2101
- package/lib/lambdas/token-retriever/index.js +4276 -2096
- package/lib/lambdas/update-lambda/index.js +5 -2
- package/lib/lambdas/webhook-handler/index.js +11 -5
- package/lib/providers/codebuild.d.ts +5 -1
- package/lib/providers/codebuild.js +16 -6
- package/lib/providers/common.d.ts +28 -1
- package/lib/providers/common.js +4 -4
- package/lib/providers/docker-images/codebuild/linux-arm64/Dockerfile +5 -1
- package/lib/providers/docker-images/codebuild/linux-x64/Dockerfile +5 -1
- package/lib/providers/docker-images/fargate/linux-arm64/Dockerfile +5 -1
- package/lib/providers/docker-images/fargate/linux-x64/Dockerfile +5 -1
- package/lib/providers/docker-images/lambda/linux-arm64/Dockerfile +4 -0
- package/lib/providers/docker-images/lambda/linux-x64/Dockerfile +4 -0
- package/lib/providers/fargate.d.ts +5 -1
- package/lib/providers/fargate.js +3 -3
- package/lib/providers/image-builders/codebuild.d.ts +10 -2
- package/lib/providers/image-builders/codebuild.js +20 -5
- package/lib/providers/image-builders/container.d.ts +220 -0
- package/lib/providers/image-builders/container.js +508 -0
- package/lib/providers/image-builders/static.js +2 -3
- package/lib/providers/lambda.d.ts +5 -1
- package/lib/providers/lambda.js +19 -8
- package/lib/runner.d.ts +54 -7
- package/lib/runner.js +59 -21
- package/lib/secrets.js +1 -1
- package/lib/utils.js +2 -2
- package/package.json +34 -15
- package/setup/index.html +12 -0
- package/setup/src/App.svelte +291 -0
- package/setup/src/app.scss +15 -0
- package/setup/src/main.ts +8 -0
- package/setup/src/vite-env.d.ts +2 -0
- package/setup/svelte.config.mjs +7 -0
- package/setup/tsconfig.json +21 -0
- package/setup/tsconfig.node.json +8 -0
- package/setup/vite.config.ts +15 -0
|
@@ -16,7 +16,10 @@ var __copyProps = (to, from, except, desc) => {
|
|
|
16
16
|
}
|
|
17
17
|
return to;
|
|
18
18
|
};
|
|
19
|
-
var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
|
|
19
|
+
var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
|
|
20
|
+
isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
|
|
21
|
+
mod
|
|
22
|
+
));
|
|
20
23
|
|
|
21
24
|
// node_modules/universal-user-agent/dist-node/index.js
|
|
22
25
|
var require_dist_node = __commonJS({
|
|
@@ -5753,7 +5756,7 @@ var require_lib2 = __commonJS({
|
|
|
5753
5756
|
var trail = encoder.end();
|
|
5754
5757
|
return trail && trail.length > 0 ? Buffer2.concat([res, trail]) : res;
|
|
5755
5758
|
};
|
|
5756
|
-
iconv.decode = function
|
|
5759
|
+
iconv.decode = function decode(buf, encoding, options) {
|
|
5757
5760
|
if (typeof buf === "string") {
|
|
5758
5761
|
if (!iconv.skipDecodeWarning) {
|
|
5759
5762
|
console.error("Iconv-lite warning: decode()-ing strings is deprecated. Refer to https://github.com/ashtuchkin/iconv-lite/wiki/Use-Buffers-when-decoding");
|
|
@@ -6089,11 +6092,14 @@ var require_lib3 = __commonJS({
|
|
|
6089
6092
|
blob() {
|
|
6090
6093
|
let ct = this.headers && this.headers.get("content-type") || "";
|
|
6091
6094
|
return consumeBody.call(this).then(function(buf) {
|
|
6092
|
-
return Object.assign(
|
|
6093
|
-
|
|
6094
|
-
|
|
6095
|
-
|
|
6096
|
-
|
|
6095
|
+
return Object.assign(
|
|
6096
|
+
new Blob([], {
|
|
6097
|
+
type: ct.toLowerCase()
|
|
6098
|
+
}),
|
|
6099
|
+
{
|
|
6100
|
+
[BUFFER]: buf
|
|
6101
|
+
}
|
|
6102
|
+
);
|
|
6097
6103
|
});
|
|
6098
6104
|
},
|
|
6099
6105
|
json() {
|
|
@@ -6795,16 +6801,16 @@ var require_lib3 = __commonJS({
|
|
|
6795
6801
|
const options = getNodeRequestOptions(request);
|
|
6796
6802
|
const send = (options.protocol === "https:" ? https : http).request;
|
|
6797
6803
|
const signal = request.signal;
|
|
6798
|
-
let
|
|
6804
|
+
let response2 = null;
|
|
6799
6805
|
const abort = function abort2() {
|
|
6800
6806
|
let error = new AbortError("The user aborted a request.");
|
|
6801
6807
|
reject(error);
|
|
6802
6808
|
if (request.body && request.body instanceof Stream.Readable) {
|
|
6803
6809
|
request.body.destroy(error);
|
|
6804
6810
|
}
|
|
6805
|
-
if (!
|
|
6811
|
+
if (!response2 || !response2.body)
|
|
6806
6812
|
return;
|
|
6807
|
-
|
|
6813
|
+
response2.body.emit("error", error);
|
|
6808
6814
|
};
|
|
6809
6815
|
if (signal && signal.aborted) {
|
|
6810
6816
|
abort();
|
|
@@ -6923,8 +6929,8 @@ var require_lib3 = __commonJS({
|
|
|
6923
6929
|
};
|
|
6924
6930
|
const codings = headers.get("Content-Encoding");
|
|
6925
6931
|
if (!request.compress || request.method === "HEAD" || codings === null || res.statusCode === 204 || res.statusCode === 304) {
|
|
6926
|
-
|
|
6927
|
-
resolve(
|
|
6932
|
+
response2 = new Response(body, response_options);
|
|
6933
|
+
resolve(response2);
|
|
6928
6934
|
return;
|
|
6929
6935
|
}
|
|
6930
6936
|
const zlibOptions = {
|
|
@@ -6933,8 +6939,8 @@ var require_lib3 = __commonJS({
|
|
|
6933
6939
|
};
|
|
6934
6940
|
if (codings == "gzip" || codings == "x-gzip") {
|
|
6935
6941
|
body = body.pipe(zlib.createGunzip(zlibOptions));
|
|
6936
|
-
|
|
6937
|
-
resolve(
|
|
6942
|
+
response2 = new Response(body, response_options);
|
|
6943
|
+
resolve(response2);
|
|
6938
6944
|
return;
|
|
6939
6945
|
}
|
|
6940
6946
|
if (codings == "deflate" || codings == "x-deflate") {
|
|
@@ -6945,19 +6951,19 @@ var require_lib3 = __commonJS({
|
|
|
6945
6951
|
} else {
|
|
6946
6952
|
body = body.pipe(zlib.createInflateRaw());
|
|
6947
6953
|
}
|
|
6948
|
-
|
|
6949
|
-
resolve(
|
|
6954
|
+
response2 = new Response(body, response_options);
|
|
6955
|
+
resolve(response2);
|
|
6950
6956
|
});
|
|
6951
6957
|
return;
|
|
6952
6958
|
}
|
|
6953
6959
|
if (codings == "br" && typeof zlib.createBrotliDecompress === "function") {
|
|
6954
6960
|
body = body.pipe(zlib.createBrotliDecompress());
|
|
6955
|
-
|
|
6956
|
-
resolve(
|
|
6961
|
+
response2 = new Response(body, response_options);
|
|
6962
|
+
resolve(response2);
|
|
6957
6963
|
return;
|
|
6958
6964
|
}
|
|
6959
|
-
|
|
6960
|
-
resolve(
|
|
6965
|
+
response2 = new Response(body, response_options);
|
|
6966
|
+
resolve(response2);
|
|
6961
6967
|
});
|
|
6962
6968
|
writeToStream(req, request);
|
|
6963
6969
|
});
|
|
@@ -7138,8 +7144,8 @@ var require_dist_node5 = __commonJS({
|
|
|
7138
7144
|
var nodeFetch = _interopDefault(require_lib3());
|
|
7139
7145
|
var requestError = require_dist_node4();
|
|
7140
7146
|
var VERSION = "5.6.3";
|
|
7141
|
-
function getBufferResponse(
|
|
7142
|
-
return
|
|
7147
|
+
function getBufferResponse(response2) {
|
|
7148
|
+
return response2.arrayBuffer();
|
|
7143
7149
|
}
|
|
7144
7150
|
function fetchWrapper(requestOptions) {
|
|
7145
7151
|
const log = requestOptions.request && requestOptions.request.log ? requestOptions.request.log : console;
|
|
@@ -7150,15 +7156,18 @@ var require_dist_node5 = __commonJS({
|
|
|
7150
7156
|
let status;
|
|
7151
7157
|
let url;
|
|
7152
7158
|
const fetch = requestOptions.request && requestOptions.request.fetch || nodeFetch;
|
|
7153
|
-
return fetch(requestOptions.url, Object.assign(
|
|
7154
|
-
|
|
7155
|
-
|
|
7156
|
-
|
|
7157
|
-
|
|
7158
|
-
|
|
7159
|
-
|
|
7160
|
-
|
|
7161
|
-
|
|
7159
|
+
return fetch(requestOptions.url, Object.assign(
|
|
7160
|
+
{
|
|
7161
|
+
method: requestOptions.method,
|
|
7162
|
+
body: requestOptions.body,
|
|
7163
|
+
headers: requestOptions.headers,
|
|
7164
|
+
redirect: requestOptions.redirect
|
|
7165
|
+
},
|
|
7166
|
+
requestOptions.request
|
|
7167
|
+
)).then(async (response2) => {
|
|
7168
|
+
url = response2.url;
|
|
7169
|
+
status = response2.status;
|
|
7170
|
+
for (const keyAndValue of response2.headers) {
|
|
7162
7171
|
headers[keyAndValue[0]] = keyAndValue[1];
|
|
7163
7172
|
}
|
|
7164
7173
|
if ("deprecation" in headers) {
|
|
@@ -7173,7 +7182,7 @@ var require_dist_node5 = __commonJS({
|
|
|
7173
7182
|
if (status < 400) {
|
|
7174
7183
|
return;
|
|
7175
7184
|
}
|
|
7176
|
-
throw new requestError.RequestError(
|
|
7185
|
+
throw new requestError.RequestError(response2.statusText, status, {
|
|
7177
7186
|
response: {
|
|
7178
7187
|
url,
|
|
7179
7188
|
status,
|
|
@@ -7189,13 +7198,13 @@ var require_dist_node5 = __commonJS({
|
|
|
7189
7198
|
url,
|
|
7190
7199
|
status,
|
|
7191
7200
|
headers,
|
|
7192
|
-
data: await getResponseData(
|
|
7201
|
+
data: await getResponseData(response2)
|
|
7193
7202
|
},
|
|
7194
7203
|
request: requestOptions
|
|
7195
7204
|
});
|
|
7196
7205
|
}
|
|
7197
7206
|
if (status >= 400) {
|
|
7198
|
-
const data = await getResponseData(
|
|
7207
|
+
const data = await getResponseData(response2);
|
|
7199
7208
|
const error = new requestError.RequestError(toErrorMessage(data), status, {
|
|
7200
7209
|
response: {
|
|
7201
7210
|
url,
|
|
@@ -7207,7 +7216,7 @@ var require_dist_node5 = __commonJS({
|
|
|
7207
7216
|
});
|
|
7208
7217
|
throw error;
|
|
7209
7218
|
}
|
|
7210
|
-
return getResponseData(
|
|
7219
|
+
return getResponseData(response2);
|
|
7211
7220
|
}).then((data) => {
|
|
7212
7221
|
return {
|
|
7213
7222
|
status,
|
|
@@ -7223,15 +7232,15 @@ var require_dist_node5 = __commonJS({
|
|
|
7223
7232
|
});
|
|
7224
7233
|
});
|
|
7225
7234
|
}
|
|
7226
|
-
async function getResponseData(
|
|
7227
|
-
const contentType =
|
|
7235
|
+
async function getResponseData(response2) {
|
|
7236
|
+
const contentType = response2.headers.get("content-type");
|
|
7228
7237
|
if (/application\/json/.test(contentType)) {
|
|
7229
|
-
return
|
|
7238
|
+
return response2.json();
|
|
7230
7239
|
}
|
|
7231
7240
|
if (!contentType || /^text\/|charset=utf-8$/.test(contentType)) {
|
|
7232
|
-
return
|
|
7241
|
+
return response2.text();
|
|
7233
7242
|
}
|
|
7234
|
-
return getBufferResponse(
|
|
7243
|
+
return getBufferResponse(response2);
|
|
7235
7244
|
}
|
|
7236
7245
|
function toErrorMessage(data) {
|
|
7237
7246
|
if (typeof data === "string")
|
|
@@ -7287,14 +7296,14 @@ var require_dist_node6 = __commonJS({
|
|
|
7287
7296
|
` + data.errors.map((e) => ` - ${e.message}`).join("\n");
|
|
7288
7297
|
}
|
|
7289
7298
|
var GraphqlResponseError = class extends Error {
|
|
7290
|
-
constructor(request2, headers,
|
|
7291
|
-
super(_buildMessageForResponseErrors(
|
|
7299
|
+
constructor(request2, headers, response2) {
|
|
7300
|
+
super(_buildMessageForResponseErrors(response2));
|
|
7292
7301
|
this.request = request2;
|
|
7293
7302
|
this.headers = headers;
|
|
7294
|
-
this.response =
|
|
7303
|
+
this.response = response2;
|
|
7295
7304
|
this.name = "GraphqlResponseError";
|
|
7296
|
-
this.errors =
|
|
7297
|
-
this.data =
|
|
7305
|
+
this.errors = response2.errors;
|
|
7306
|
+
this.data = response2.data;
|
|
7298
7307
|
if (Error.captureStackTrace) {
|
|
7299
7308
|
Error.captureStackTrace(this, this.constructor);
|
|
7300
7309
|
}
|
|
@@ -7332,15 +7341,15 @@ var require_dist_node6 = __commonJS({
|
|
|
7332
7341
|
if (GHES_V3_SUFFIX_REGEX.test(baseUrl)) {
|
|
7333
7342
|
requestOptions.url = baseUrl.replace(GHES_V3_SUFFIX_REGEX, "/api/graphql");
|
|
7334
7343
|
}
|
|
7335
|
-
return request2(requestOptions).then((
|
|
7336
|
-
if (
|
|
7344
|
+
return request2(requestOptions).then((response2) => {
|
|
7345
|
+
if (response2.data.errors) {
|
|
7337
7346
|
const headers = {};
|
|
7338
|
-
for (const key of Object.keys(
|
|
7339
|
-
headers[key] =
|
|
7347
|
+
for (const key of Object.keys(response2.headers)) {
|
|
7348
|
+
headers[key] = response2.headers[key];
|
|
7340
7349
|
}
|
|
7341
|
-
throw new GraphqlResponseError(requestOptions, headers,
|
|
7350
|
+
throw new GraphqlResponseError(requestOptions, headers, response2.data);
|
|
7342
7351
|
}
|
|
7343
|
-
return
|
|
7352
|
+
return response2.data.data;
|
|
7344
7353
|
});
|
|
7345
7354
|
}
|
|
7346
7355
|
function withDefaults(request$1, newDefaults) {
|
|
@@ -7566,9 +7575,9 @@ var require_dist_node9 = __commonJS({
|
|
|
7566
7575
|
const start = Date.now();
|
|
7567
7576
|
const requestOptions = octokit.request.endpoint.parse(options);
|
|
7568
7577
|
const path = requestOptions.url.replace(options.baseUrl, "");
|
|
7569
|
-
return request(options).then((
|
|
7570
|
-
octokit.log.info(`${requestOptions.method} ${path} - ${
|
|
7571
|
-
return
|
|
7578
|
+
return request(options).then((response2) => {
|
|
7579
|
+
octokit.log.info(`${requestOptions.method} ${path} - ${response2.status} in ${Date.now() - start}ms`);
|
|
7580
|
+
return response2;
|
|
7572
7581
|
}).catch((error) => {
|
|
7573
7582
|
octokit.log.info(`${requestOptions.method} ${path} - ${error.status} in ${Date.now() - start}ms`);
|
|
7574
7583
|
throw error;
|
|
@@ -7585,7 +7594,7 @@ var require_dist_node10 = __commonJS({
|
|
|
7585
7594
|
"node_modules/@octokit/plugin-paginate-rest/dist-node/index.js"(exports2) {
|
|
7586
7595
|
"use strict";
|
|
7587
7596
|
Object.defineProperty(exports2, "__esModule", { value: true });
|
|
7588
|
-
var VERSION = "2.
|
|
7597
|
+
var VERSION = "2.21.3";
|
|
7589
7598
|
function ownKeys(object, enumerableOnly) {
|
|
7590
7599
|
var keys = Object.keys(object);
|
|
7591
7600
|
if (Object.getOwnPropertySymbols) {
|
|
@@ -7598,7 +7607,7 @@ var require_dist_node10 = __commonJS({
|
|
|
7598
7607
|
}
|
|
7599
7608
|
function _objectSpread2(target) {
|
|
7600
7609
|
for (var i = 1; i < arguments.length; i++) {
|
|
7601
|
-
var source = arguments[i]
|
|
7610
|
+
var source = null != arguments[i] ? arguments[i] : {};
|
|
7602
7611
|
i % 2 ? ownKeys(Object(source), true).forEach(function(key) {
|
|
7603
7612
|
_defineProperty(target, key, source[key]);
|
|
7604
7613
|
}) : Object.getOwnPropertyDescriptors ? Object.defineProperties(target, Object.getOwnPropertyDescriptors(source)) : ownKeys(Object(source)).forEach(function(key) {
|
|
@@ -7620,32 +7629,32 @@ var require_dist_node10 = __commonJS({
|
|
|
7620
7629
|
}
|
|
7621
7630
|
return obj;
|
|
7622
7631
|
}
|
|
7623
|
-
function normalizePaginatedListResponse(
|
|
7624
|
-
if (!
|
|
7625
|
-
return _objectSpread2(_objectSpread2({},
|
|
7632
|
+
function normalizePaginatedListResponse(response2) {
|
|
7633
|
+
if (!response2.data) {
|
|
7634
|
+
return _objectSpread2(_objectSpread2({}, response2), {}, {
|
|
7626
7635
|
data: []
|
|
7627
7636
|
});
|
|
7628
7637
|
}
|
|
7629
|
-
const responseNeedsNormalization = "total_count" in
|
|
7638
|
+
const responseNeedsNormalization = "total_count" in response2.data && !("url" in response2.data);
|
|
7630
7639
|
if (!responseNeedsNormalization)
|
|
7631
|
-
return
|
|
7632
|
-
const incompleteResults =
|
|
7633
|
-
const repositorySelection =
|
|
7634
|
-
const totalCount =
|
|
7635
|
-
delete
|
|
7636
|
-
delete
|
|
7637
|
-
delete
|
|
7638
|
-
const namespaceKey = Object.keys(
|
|
7639
|
-
const data =
|
|
7640
|
-
|
|
7640
|
+
return response2;
|
|
7641
|
+
const incompleteResults = response2.data.incomplete_results;
|
|
7642
|
+
const repositorySelection = response2.data.repository_selection;
|
|
7643
|
+
const totalCount = response2.data.total_count;
|
|
7644
|
+
delete response2.data.incomplete_results;
|
|
7645
|
+
delete response2.data.repository_selection;
|
|
7646
|
+
delete response2.data.total_count;
|
|
7647
|
+
const namespaceKey = Object.keys(response2.data)[0];
|
|
7648
|
+
const data = response2.data[namespaceKey];
|
|
7649
|
+
response2.data = data;
|
|
7641
7650
|
if (typeof incompleteResults !== "undefined") {
|
|
7642
|
-
|
|
7651
|
+
response2.data.incomplete_results = incompleteResults;
|
|
7643
7652
|
}
|
|
7644
7653
|
if (typeof repositorySelection !== "undefined") {
|
|
7645
|
-
|
|
7654
|
+
response2.data.repository_selection = repositorySelection;
|
|
7646
7655
|
}
|
|
7647
|
-
|
|
7648
|
-
return
|
|
7656
|
+
response2.data.total_count = totalCount;
|
|
7657
|
+
return response2;
|
|
7649
7658
|
}
|
|
7650
7659
|
function iterator(octokit, route, parameters) {
|
|
7651
7660
|
const options = typeof route === "function" ? route.endpoint(parameters) : octokit.request.endpoint(route, parameters);
|
|
@@ -7661,12 +7670,12 @@ var require_dist_node10 = __commonJS({
|
|
|
7661
7670
|
done: true
|
|
7662
7671
|
};
|
|
7663
7672
|
try {
|
|
7664
|
-
const
|
|
7673
|
+
const response2 = await requestMethod({
|
|
7665
7674
|
method,
|
|
7666
7675
|
url,
|
|
7667
7676
|
headers
|
|
7668
7677
|
});
|
|
7669
|
-
const normalizedResponse = normalizePaginatedListResponse(
|
|
7678
|
+
const normalizedResponse = normalizePaginatedListResponse(response2);
|
|
7670
7679
|
url = ((normalizedResponse.headers.link || "").match(/<([^>]+)>;\s*rel="next"/) || [])[1];
|
|
7671
7680
|
return {
|
|
7672
7681
|
value: normalizedResponse
|
|
@@ -7713,7 +7722,7 @@ var require_dist_node10 = __commonJS({
|
|
|
7713
7722
|
var composePaginateRest = Object.assign(paginate, {
|
|
7714
7723
|
iterator
|
|
7715
7724
|
});
|
|
7716
|
-
var paginatingEndpoints = ["GET /app/hook/deliveries", "GET /app/installations", "GET /applications/grants", "GET /authorizations", "GET /enterprises/{enterprise}/actions/permissions/organizations", "GET /enterprises/{enterprise}/actions/runner-groups", "GET /enterprises/{enterprise}/actions/runner-groups/{runner_group_id}/organizations", "GET /enterprises/{enterprise}/actions/runner-groups/{runner_group_id}/runners", "GET /enterprises/{enterprise}/actions/runners", "GET /enterprises/{enterprise}/
|
|
7725
|
+
var paginatingEndpoints = ["GET /app/hook/deliveries", "GET /app/installations", "GET /applications/grants", "GET /authorizations", "GET /enterprises/{enterprise}/actions/permissions/organizations", "GET /enterprises/{enterprise}/actions/runner-groups", "GET /enterprises/{enterprise}/actions/runner-groups/{runner_group_id}/organizations", "GET /enterprises/{enterprise}/actions/runner-groups/{runner_group_id}/runners", "GET /enterprises/{enterprise}/actions/runners", "GET /enterprises/{enterprise}/audit-log", "GET /enterprises/{enterprise}/secret-scanning/alerts", "GET /enterprises/{enterprise}/settings/billing/advanced-security", "GET /events", "GET /gists", "GET /gists/public", "GET /gists/starred", "GET /gists/{gist_id}/comments", "GET /gists/{gist_id}/commits", "GET /gists/{gist_id}/forks", "GET /installation/repositories", "GET /issues", "GET /licenses", "GET /marketplace_listing/plans", "GET /marketplace_listing/plans/{plan_id}/accounts", "GET /marketplace_listing/stubbed/plans", "GET /marketplace_listing/stubbed/plans/{plan_id}/accounts", "GET /networks/{owner}/{repo}/events", "GET /notifications", "GET /organizations", "GET /orgs/{org}/actions/cache/usage-by-repository", "GET /orgs/{org}/actions/permissions/repositories", "GET /orgs/{org}/actions/runner-groups", "GET /orgs/{org}/actions/runner-groups/{runner_group_id}/repositories", "GET /orgs/{org}/actions/runner-groups/{runner_group_id}/runners", "GET /orgs/{org}/actions/runners", "GET /orgs/{org}/actions/secrets", "GET /orgs/{org}/actions/secrets/{secret_name}/repositories", "GET /orgs/{org}/audit-log", "GET /orgs/{org}/blocks", "GET /orgs/{org}/code-scanning/alerts", "GET /orgs/{org}/codespaces", "GET /orgs/{org}/credential-authorizations", "GET /orgs/{org}/dependabot/secrets", "GET /orgs/{org}/dependabot/secrets/{secret_name}/repositories", "GET /orgs/{org}/events", "GET /orgs/{org}/external-groups", "GET /orgs/{org}/failed_invitations", "GET /orgs/{org}/hooks", "GET /orgs/{org}/hooks/{hook_id}/deliveries", "GET /orgs/{org}/installations", "GET /orgs/{org}/invitations", "GET /orgs/{org}/invitations/{invitation_id}/teams", "GET /orgs/{org}/issues", "GET /orgs/{org}/members", "GET /orgs/{org}/migrations", "GET /orgs/{org}/migrations/{migration_id}/repositories", "GET /orgs/{org}/outside_collaborators", "GET /orgs/{org}/packages", "GET /orgs/{org}/packages/{package_type}/{package_name}/versions", "GET /orgs/{org}/projects", "GET /orgs/{org}/public_members", "GET /orgs/{org}/repos", "GET /orgs/{org}/secret-scanning/alerts", "GET /orgs/{org}/settings/billing/advanced-security", "GET /orgs/{org}/team-sync/groups", "GET /orgs/{org}/teams", "GET /orgs/{org}/teams/{team_slug}/discussions", "GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments", "GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions", "GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions", "GET /orgs/{org}/teams/{team_slug}/invitations", "GET /orgs/{org}/teams/{team_slug}/members", "GET /orgs/{org}/teams/{team_slug}/projects", "GET /orgs/{org}/teams/{team_slug}/repos", "GET /orgs/{org}/teams/{team_slug}/teams", "GET /projects/columns/{column_id}/cards", "GET /projects/{project_id}/collaborators", "GET /projects/{project_id}/columns", "GET /repos/{owner}/{repo}/actions/artifacts", "GET /repos/{owner}/{repo}/actions/caches", "GET /repos/{owner}/{repo}/actions/runners", "GET /repos/{owner}/{repo}/actions/runs", "GET /repos/{owner}/{repo}/actions/runs/{run_id}/artifacts", "GET /repos/{owner}/{repo}/actions/runs/{run_id}/attempts/{attempt_number}/jobs", "GET /repos/{owner}/{repo}/actions/runs/{run_id}/jobs", "GET /repos/{owner}/{repo}/actions/secrets", "GET /repos/{owner}/{repo}/actions/workflows", "GET /repos/{owner}/{repo}/actions/workflows/{workflow_id}/runs", "GET /repos/{owner}/{repo}/assignees", "GET /repos/{owner}/{repo}/branches", "GET /repos/{owner}/{repo}/check-runs/{check_run_id}/annotations", "GET /repos/{owner}/{repo}/check-suites/{check_suite_id}/check-runs", "GET /repos/{owner}/{repo}/code-scanning/alerts", "GET /repos/{owner}/{repo}/code-scanning/alerts/{alert_number}/instances", "GET /repos/{owner}/{repo}/code-scanning/analyses", "GET /repos/{owner}/{repo}/codespaces", "GET /repos/{owner}/{repo}/codespaces/devcontainers", "GET /repos/{owner}/{repo}/codespaces/secrets", "GET /repos/{owner}/{repo}/collaborators", "GET /repos/{owner}/{repo}/comments", "GET /repos/{owner}/{repo}/comments/{comment_id}/reactions", "GET /repos/{owner}/{repo}/commits", "GET /repos/{owner}/{repo}/commits/{commit_sha}/comments", "GET /repos/{owner}/{repo}/commits/{commit_sha}/pulls", "GET /repos/{owner}/{repo}/commits/{ref}/check-runs", "GET /repos/{owner}/{repo}/commits/{ref}/check-suites", "GET /repos/{owner}/{repo}/commits/{ref}/status", "GET /repos/{owner}/{repo}/commits/{ref}/statuses", "GET /repos/{owner}/{repo}/contributors", "GET /repos/{owner}/{repo}/dependabot/secrets", "GET /repos/{owner}/{repo}/deployments", "GET /repos/{owner}/{repo}/deployments/{deployment_id}/statuses", "GET /repos/{owner}/{repo}/environments", "GET /repos/{owner}/{repo}/events", "GET /repos/{owner}/{repo}/forks", "GET /repos/{owner}/{repo}/git/matching-refs/{ref}", "GET /repos/{owner}/{repo}/hooks", "GET /repos/{owner}/{repo}/hooks/{hook_id}/deliveries", "GET /repos/{owner}/{repo}/invitations", "GET /repos/{owner}/{repo}/issues", "GET /repos/{owner}/{repo}/issues/comments", "GET /repos/{owner}/{repo}/issues/comments/{comment_id}/reactions", "GET /repos/{owner}/{repo}/issues/events", "GET /repos/{owner}/{repo}/issues/{issue_number}/comments", "GET /repos/{owner}/{repo}/issues/{issue_number}/events", "GET /repos/{owner}/{repo}/issues/{issue_number}/labels", "GET /repos/{owner}/{repo}/issues/{issue_number}/reactions", "GET /repos/{owner}/{repo}/issues/{issue_number}/timeline", "GET /repos/{owner}/{repo}/keys", "GET /repos/{owner}/{repo}/labels", "GET /repos/{owner}/{repo}/milestones", "GET /repos/{owner}/{repo}/milestones/{milestone_number}/labels", "GET /repos/{owner}/{repo}/notifications", "GET /repos/{owner}/{repo}/pages/builds", "GET /repos/{owner}/{repo}/projects", "GET /repos/{owner}/{repo}/pulls", "GET /repos/{owner}/{repo}/pulls/comments", "GET /repos/{owner}/{repo}/pulls/comments/{comment_id}/reactions", "GET /repos/{owner}/{repo}/pulls/{pull_number}/comments", "GET /repos/{owner}/{repo}/pulls/{pull_number}/commits", "GET /repos/{owner}/{repo}/pulls/{pull_number}/files", "GET /repos/{owner}/{repo}/pulls/{pull_number}/requested_reviewers", "GET /repos/{owner}/{repo}/pulls/{pull_number}/reviews", "GET /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}/comments", "GET /repos/{owner}/{repo}/releases", "GET /repos/{owner}/{repo}/releases/{release_id}/assets", "GET /repos/{owner}/{repo}/releases/{release_id}/reactions", "GET /repos/{owner}/{repo}/secret-scanning/alerts", "GET /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}/locations", "GET /repos/{owner}/{repo}/stargazers", "GET /repos/{owner}/{repo}/subscribers", "GET /repos/{owner}/{repo}/tags", "GET /repos/{owner}/{repo}/teams", "GET /repos/{owner}/{repo}/topics", "GET /repositories", "GET /repositories/{repository_id}/environments/{environment_name}/secrets", "GET /search/code", "GET /search/commits", "GET /search/issues", "GET /search/labels", "GET /search/repositories", "GET /search/topics", "GET /search/users", "GET /teams/{team_id}/discussions", "GET /teams/{team_id}/discussions/{discussion_number}/comments", "GET /teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions", "GET /teams/{team_id}/discussions/{discussion_number}/reactions", "GET /teams/{team_id}/invitations", "GET /teams/{team_id}/members", "GET /teams/{team_id}/projects", "GET /teams/{team_id}/repos", "GET /teams/{team_id}/teams", "GET /user/blocks", "GET /user/codespaces", "GET /user/codespaces/secrets", "GET /user/emails", "GET /user/followers", "GET /user/following", "GET /user/gpg_keys", "GET /user/installations", "GET /user/installations/{installation_id}/repositories", "GET /user/issues", "GET /user/keys", "GET /user/marketplace_purchases", "GET /user/marketplace_purchases/stubbed", "GET /user/memberships/orgs", "GET /user/migrations", "GET /user/migrations/{migration_id}/repositories", "GET /user/orgs", "GET /user/packages", "GET /user/packages/{package_type}/{package_name}/versions", "GET /user/public_emails", "GET /user/repos", "GET /user/repository_invitations", "GET /user/starred", "GET /user/subscriptions", "GET /user/teams", "GET /users", "GET /users/{username}/events", "GET /users/{username}/events/orgs/{org}", "GET /users/{username}/events/public", "GET /users/{username}/followers", "GET /users/{username}/following", "GET /users/{username}/gists", "GET /users/{username}/gpg_keys", "GET /users/{username}/keys", "GET /users/{username}/orgs", "GET /users/{username}/packages", "GET /users/{username}/projects", "GET /users/{username}/received_events", "GET /users/{username}/received_events/public", "GET /users/{username}/repos", "GET /users/{username}/starred", "GET /users/{username}/subscriptions"];
|
|
7717
7726
|
function isPaginatingEndpoint(arg) {
|
|
7718
7727
|
if (typeof arg === "string") {
|
|
7719
7728
|
return paginatingEndpoints.includes(arg);
|
|
@@ -7799,6 +7808,8 @@ var require_dist_node11 = __commonJS({
|
|
|
7799
7808
|
createRemoveTokenForOrg: ["POST /orgs/{org}/actions/runners/remove-token"],
|
|
7800
7809
|
createRemoveTokenForRepo: ["POST /repos/{owner}/{repo}/actions/runners/remove-token"],
|
|
7801
7810
|
createWorkflowDispatch: ["POST /repos/{owner}/{repo}/actions/workflows/{workflow_id}/dispatches"],
|
|
7811
|
+
deleteActionsCacheById: ["DELETE /repos/{owner}/{repo}/actions/caches/{cache_id}"],
|
|
7812
|
+
deleteActionsCacheByKey: ["DELETE /repos/{owner}/{repo}/actions/caches{?key,ref}"],
|
|
7802
7813
|
deleteArtifact: ["DELETE /repos/{owner}/{repo}/actions/artifacts/{artifact_id}"],
|
|
7803
7814
|
deleteEnvironmentSecret: ["DELETE /repositories/{repository_id}/environments/{environment_name}/secrets/{secret_name}"],
|
|
7804
7815
|
deleteOrgSecret: ["DELETE /orgs/{org}/actions/secrets/{secret_name}"],
|
|
@@ -7815,6 +7826,7 @@ var require_dist_node11 = __commonJS({
|
|
|
7815
7826
|
downloadWorkflowRunLogs: ["GET /repos/{owner}/{repo}/actions/runs/{run_id}/logs"],
|
|
7816
7827
|
enableSelectedRepositoryGithubActionsOrganization: ["PUT /orgs/{org}/actions/permissions/repositories/{repository_id}"],
|
|
7817
7828
|
enableWorkflow: ["PUT /repos/{owner}/{repo}/actions/workflows/{workflow_id}/enable"],
|
|
7829
|
+
getActionsCacheList: ["GET /repos/{owner}/{repo}/actions/caches"],
|
|
7818
7830
|
getActionsCacheUsage: ["GET /repos/{owner}/{repo}/actions/cache/usage"],
|
|
7819
7831
|
getActionsCacheUsageByRepoForOrg: ["GET /orgs/{org}/actions/cache/usage-by-repository"],
|
|
7820
7832
|
getActionsCacheUsageForEnterprise: ["GET /enterprises/{enterprise}/actions/cache/usage"],
|
|
@@ -8020,6 +8032,7 @@ var require_dist_node11 = __commonJS({
|
|
|
8020
8032
|
createWithPrForAuthenticatedUser: ["POST /repos/{owner}/{repo}/pulls/{pull_number}/codespaces"],
|
|
8021
8033
|
createWithRepoForAuthenticatedUser: ["POST /repos/{owner}/{repo}/codespaces"],
|
|
8022
8034
|
deleteForAuthenticatedUser: ["DELETE /user/codespaces/{codespace_name}"],
|
|
8035
|
+
deleteFromOrganization: ["DELETE /orgs/{org}/members/{username}/codespaces/{codespace_name}"],
|
|
8023
8036
|
deleteRepoSecret: ["DELETE /repos/{owner}/{repo}/codespaces/secrets/{secret_name}"],
|
|
8024
8037
|
deleteSecretForAuthenticatedUser: ["DELETE /user/codespaces/secrets/{secret_name}"],
|
|
8025
8038
|
exportForAuthenticatedUser: ["POST /user/codespaces/{codespace_name}/exports"],
|
|
@@ -8031,6 +8044,11 @@ var require_dist_node11 = __commonJS({
|
|
|
8031
8044
|
getSecretForAuthenticatedUser: ["GET /user/codespaces/secrets/{secret_name}"],
|
|
8032
8045
|
listDevcontainersInRepositoryForAuthenticatedUser: ["GET /repos/{owner}/{repo}/codespaces/devcontainers"],
|
|
8033
8046
|
listForAuthenticatedUser: ["GET /user/codespaces"],
|
|
8047
|
+
listInOrganization: ["GET /orgs/{org}/codespaces", {}, {
|
|
8048
|
+
renamedParameters: {
|
|
8049
|
+
org_id: "org"
|
|
8050
|
+
}
|
|
8051
|
+
}],
|
|
8034
8052
|
listInRepositoryForAuthenticatedUser: ["GET /repos/{owner}/{repo}/codespaces"],
|
|
8035
8053
|
listRepoSecrets: ["GET /repos/{owner}/{repo}/codespaces/secrets"],
|
|
8036
8054
|
listRepositoriesForSecretForAuthenticatedUser: ["GET /user/codespaces/secrets/{secret_name}/repositories"],
|
|
@@ -8040,6 +8058,7 @@ var require_dist_node11 = __commonJS({
|
|
|
8040
8058
|
setRepositoriesForSecretForAuthenticatedUser: ["PUT /user/codespaces/secrets/{secret_name}/repositories"],
|
|
8041
8059
|
startForAuthenticatedUser: ["POST /user/codespaces/{codespace_name}/start"],
|
|
8042
8060
|
stopForAuthenticatedUser: ["POST /user/codespaces/{codespace_name}/stop"],
|
|
8061
|
+
stopInOrganization: ["POST /orgs/{org}/members/{username}/codespaces/{codespace_name}/stop"],
|
|
8043
8062
|
updateForAuthenticatedUser: ["PATCH /user/codespaces/{codespace_name}"]
|
|
8044
8063
|
},
|
|
8045
8064
|
dependabot: {
|
|
@@ -8059,6 +8078,7 @@ var require_dist_node11 = __commonJS({
|
|
|
8059
8078
|
setSelectedReposForOrgSecret: ["PUT /orgs/{org}/dependabot/secrets/{secret_name}/repositories"]
|
|
8060
8079
|
},
|
|
8061
8080
|
dependencyGraph: {
|
|
8081
|
+
createRepositorySnapshot: ["POST /repos/{owner}/{repo}/dependency-graph/snapshots"],
|
|
8062
8082
|
diffRange: ["GET /repos/{owner}/{repo}/dependency-graph/compare/{basehead}"]
|
|
8063
8083
|
},
|
|
8064
8084
|
emojis: {
|
|
@@ -8721,7 +8741,7 @@ var require_dist_node11 = __commonJS({
|
|
|
8721
8741
|
updateAuthenticated: ["PATCH /user"]
|
|
8722
8742
|
}
|
|
8723
8743
|
};
|
|
8724
|
-
var VERSION = "5.
|
|
8744
|
+
var VERSION = "5.16.2";
|
|
8725
8745
|
function endpointsToMethods(octokit, endpointsMap) {
|
|
8726
8746
|
const newMethods = {};
|
|
8727
8747
|
for (const [scope, endpoints] of Object.entries(endpointsMap)) {
|
|
@@ -8818,7 +8838,7 @@ var require_dist_node12 = __commonJS({
|
|
|
8818
8838
|
|
|
8819
8839
|
// src/lambdas/setup/index.ts
|
|
8820
8840
|
var crypto = __toESM(require("crypto"));
|
|
8821
|
-
var
|
|
8841
|
+
var fs = __toESM(require("fs"));
|
|
8822
8842
|
var import_rest = __toESM(require_dist_node12());
|
|
8823
8843
|
|
|
8824
8844
|
// src/lambdas/helpers.ts
|
|
@@ -8844,135 +8864,58 @@ async function updateSecretValue(arn, value) {
|
|
|
8844
8864
|
await sm.updateSecret({ SecretId: arn, SecretString: value }).promise();
|
|
8845
8865
|
}
|
|
8846
8866
|
|
|
8847
|
-
// src/lambdas/
|
|
8848
|
-
function
|
|
8849
|
-
|
|
8850
|
-
|
|
8851
|
-
|
|
8852
|
-
|
|
8853
|
-
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"/>
|
|
8854
|
-
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0">
|
|
8855
|
-
<title>Setup GitHub Runners</title>
|
|
8856
|
-
<body>
|
|
8857
|
-
<h1>Setup GitHub Runners</h1>
|
|
8858
|
-
<p>You can choose between creating a new app that will provide authentication for specific repositories, or a personal access token that will provide access to all repositories available to you. Apps are easier to set up and provide more fine-grained access control.</p>
|
|
8859
|
-
<form>
|
|
8860
|
-
<fieldset>
|
|
8861
|
-
<legend>GitHub Domain</legend>
|
|
8862
|
-
<p>When using a GitHub Enterprise Server, change this to your own domain like github.mycompany.com.</p>
|
|
8863
|
-
<label for="domain">Domain: </label>
|
|
8864
|
-
<input id="domain" value="github.com">
|
|
8865
|
-
</fieldset>
|
|
8866
|
-
</form>
|
|
8867
|
-
|
|
8868
|
-
<h2>Using App</h2>
|
|
8869
|
-
<p>Choose whether you want a personal app, an organization app, or an existing app created according to the instructions in <a href="https://github.com/CloudSnorkel/cdk-github-runners/blob/main/SETUP_GITHUB.md">SETUP_GITHUB.md</a>. The scope of the app should match the scope of the repositories you need to provide runners for.</p>
|
|
8870
|
-
<form action="https://github.com/settings/apps/new?state=${token}" method="post" id="appform">
|
|
8871
|
-
<fieldset>
|
|
8872
|
-
<legend>New Personal App</legend>
|
|
8873
|
-
<input type="hidden" name="manifest" id="manifest">
|
|
8874
|
-
<input type="submit" value="Create">
|
|
8875
|
-
</fieldset>
|
|
8876
|
-
</form>
|
|
8877
|
-
|
|
8878
|
-
<br>
|
|
8879
|
-
<form action="https://github.com/organizations/ORGANIZATION/settings/apps/new?state=${token}" method="post" id="orgappform">
|
|
8880
|
-
<fieldset>
|
|
8881
|
-
<legend>New Organization App</legend>
|
|
8882
|
-
<label for="org">Organization slug:</label>
|
|
8883
|
-
<input id="org" name="org" value="ORGANIZATION"><br><br>
|
|
8884
|
-
<input type="hidden" name="manifest" id="manifestorg">
|
|
8885
|
-
<input type="submit" value="Create">
|
|
8886
|
-
</fieldset>
|
|
8887
|
-
</form>
|
|
8888
|
-
|
|
8889
|
-
<br>
|
|
8890
|
-
<form action="app?token=${token}" method="post">
|
|
8891
|
-
<fieldset>
|
|
8892
|
-
<p>Existing apps must have <code>actions</code> and <code>administration</code> write permissions. Don't forget to set up the webhook and its secret as described in <a href="https://github.com/CloudSnorkel/cdk-github-runners/blob/main/SETUP_GITHUB.md">SETUP_GITHUB.md</a>.</p>
|
|
8893
|
-
<legend>Existing App</legend>
|
|
8894
|
-
<input type="hidden" name="domain" id="existingdomain" value="github.com">
|
|
8895
|
-
<label for="appid">App id:</label>
|
|
8896
|
-
<input type="number" id="appid" name="appid"><br><br>
|
|
8897
|
-
<label for="pk">Private key:</label>
|
|
8898
|
-
<textarea id="pk" name="pk"></textarea><br><br>
|
|
8899
|
-
<input type="submit" value="Set">
|
|
8900
|
-
</fieldset>
|
|
8901
|
-
</form>
|
|
8902
|
-
|
|
8903
|
-
<h2>Using Personal Access Token</h2>
|
|
8904
|
-
<p>The personal token must have the <code>repo</code> scope enable. Don't forget to also create a webhook as described in <a href="https://github.com/CloudSnorkel/cdk-github-runners/blob/main/SETUP_GITHUB.md">SETUP_GITHUB.md</a>.</p>
|
|
8905
|
-
<form action="pat?token=${token}" method="post">
|
|
8906
|
-
<fieldset>
|
|
8907
|
-
<label for="pat">Token:</label>
|
|
8908
|
-
<input type="hidden" name="domain" id="patdomain" value="github.com">
|
|
8909
|
-
<input type="password" id="pat" name="pat">
|
|
8910
|
-
<input type="submit" value="Set">
|
|
8911
|
-
</fieldset>
|
|
8912
|
-
</form>
|
|
8913
|
-
|
|
8914
|
-
<script>
|
|
8915
|
-
document.getElementById("manifest").value = JSON.stringify(${manifest});
|
|
8916
|
-
document.getElementById("manifestorg").value = JSON.stringify(${manifest});
|
|
8917
|
-
function setDomainAndOrg() {
|
|
8918
|
-
const domain = document.getElementById("domain").value;
|
|
8919
|
-
const org = document.getElementById("org").value;
|
|
8920
|
-
document.getElementById("appform").action = \`https://\${domain}/settings/apps/new?state=${token}\`;
|
|
8921
|
-
document.getElementById("orgappform").action = \`https://\${domain}/organizations/\${org}/settings/apps/new?state=${token}\`;
|
|
8922
|
-
document.getElementById("existingdomain").value = domain;
|
|
8923
|
-
document.getElementById("patdomain").value = domain;
|
|
8924
|
-
}
|
|
8925
|
-
document.getElementById("domain").onchange = setDomainAndOrg;
|
|
8926
|
-
document.getElementById("org").onchange = setDomainAndOrg;
|
|
8927
|
-
<\/script>
|
|
8928
|
-
</body>
|
|
8929
|
-
</html>
|
|
8930
|
-
`;
|
|
8867
|
+
// src/lambdas/github.ts
|
|
8868
|
+
function baseUrlFromDomain(domain) {
|
|
8869
|
+
if (domain == "github.com") {
|
|
8870
|
+
return "https://api.github.com";
|
|
8871
|
+
}
|
|
8872
|
+
return `https://${domain}/api/v3`;
|
|
8931
8873
|
}
|
|
8932
|
-
|
|
8933
|
-
|
|
8934
|
-
|
|
8935
|
-
|
|
8936
|
-
|
|
8937
|
-
},
|
|
8938
|
-
redirect_url: `${baseUrl}/complete-new-app`,
|
|
8939
|
-
public: false,
|
|
8940
|
-
default_permissions: {
|
|
8941
|
-
actions: "write",
|
|
8942
|
-
administration: "write"
|
|
8943
|
-
},
|
|
8944
|
-
default_events: [
|
|
8945
|
-
"workflow_job"
|
|
8946
|
-
]
|
|
8947
|
-
});
|
|
8874
|
+
|
|
8875
|
+
// src/lambdas/setup/index.ts
|
|
8876
|
+
var nonce = crypto.randomBytes(64).toString("hex");
|
|
8877
|
+
function getHtml(baseUrl, token, domain) {
|
|
8878
|
+
return fs.readFileSync("index.html", "utf-8").replace(/INSERT_WEBHOOK_URL_HERE/g, process.env.WEBHOOK_URL).replace(/INSERT_BASE_URL_HERE/g, baseUrl).replace(/INSERT_TOKEN_HERE/g, token).replace(/INSERT_SECRET_ARN_HERE/g, process.env.SETUP_SECRET_ARN).replace(/INSERT_DOMAIN_HERE/g, domain).replace(/<script/g, `<script nonce="${nonce}"`).replace(/<style/g, `<style nonce="${nonce}"`);
|
|
8948
8879
|
}
|
|
8949
|
-
|
|
8950
|
-
const setupBaseUrl = `https://${event.requestContext.domainName}`;
|
|
8880
|
+
function response(code, body) {
|
|
8951
8881
|
return {
|
|
8952
|
-
statusCode:
|
|
8882
|
+
statusCode: code,
|
|
8953
8883
|
headers: {
|
|
8954
|
-
"Content-Type": "text/html"
|
|
8884
|
+
"Content-Type": "text/html",
|
|
8885
|
+
"Content-Security-Policy": `default-src 'nonce-${nonce}'; img-src data:; connect-src 'self'; form-action https:; frame-ancestors 'none'`
|
|
8955
8886
|
},
|
|
8956
|
-
body
|
|
8887
|
+
body
|
|
8957
8888
|
};
|
|
8958
8889
|
}
|
|
8890
|
+
async function handleRoot(event, setupToken) {
|
|
8891
|
+
const setupBaseUrl = `https://${event.requestContext.domainName}`;
|
|
8892
|
+
const githubSecrets = await getSecretJsonValue(process.env.GITHUB_SECRET_ARN);
|
|
8893
|
+
return response(200, getHtml(setupBaseUrl, setupToken, githubSecrets.domain));
|
|
8894
|
+
}
|
|
8959
8895
|
function decodeBody(event) {
|
|
8960
8896
|
let body = event.body;
|
|
8897
|
+
if (!body) {
|
|
8898
|
+
throw new Error("No body found");
|
|
8899
|
+
}
|
|
8961
8900
|
if (event.isBase64Encoded) {
|
|
8962
8901
|
body = Buffer.from(body, "base64").toString("utf-8");
|
|
8963
8902
|
}
|
|
8964
|
-
return
|
|
8903
|
+
return JSON.parse(body);
|
|
8904
|
+
}
|
|
8905
|
+
async function handleDomain(event) {
|
|
8906
|
+
const body = decodeBody(event);
|
|
8907
|
+
if (!body.domain) {
|
|
8908
|
+
return response(400, "Invalid domain");
|
|
8909
|
+
}
|
|
8910
|
+
const githubSecrets = await getSecretJsonValue(process.env.GITHUB_SECRET_ARN);
|
|
8911
|
+
githubSecrets.domain = body.domain;
|
|
8912
|
+
await updateSecretValue(process.env.GITHUB_SECRET_ARN, JSON.stringify(githubSecrets));
|
|
8913
|
+
return response(200, "Domain set");
|
|
8965
8914
|
}
|
|
8966
8915
|
async function handlePat(event) {
|
|
8967
8916
|
const body = decodeBody(event);
|
|
8968
8917
|
if (!body.pat || !body.domain) {
|
|
8969
|
-
return
|
|
8970
|
-
statusCode: 400,
|
|
8971
|
-
headers: {
|
|
8972
|
-
"Content-Type": "text/html"
|
|
8973
|
-
},
|
|
8974
|
-
body: "Invalid personal access token"
|
|
8975
|
-
};
|
|
8918
|
+
return response(400, "Invalid personal access token");
|
|
8976
8919
|
}
|
|
8977
8920
|
await updateSecretValue(process.env.GITHUB_SECRET_ARN, JSON.stringify({
|
|
8978
8921
|
domain: body.domain,
|
|
@@ -8980,26 +8923,19 @@ async function handlePat(event) {
|
|
|
8980
8923
|
personalAuthToken: body.pat
|
|
8981
8924
|
}));
|
|
8982
8925
|
await updateSecretValue(process.env.SETUP_SECRET_ARN, JSON.stringify({ token: "" }));
|
|
8983
|
-
return
|
|
8984
|
-
statusCode: 200,
|
|
8985
|
-
headers: {
|
|
8986
|
-
"Content-Type": "text/html"
|
|
8987
|
-
},
|
|
8988
|
-
body: "Personal access token set"
|
|
8989
|
-
};
|
|
8926
|
+
return response(200, "Personal access token set");
|
|
8990
8927
|
}
|
|
8991
8928
|
async function handleNewApp(event) {
|
|
8929
|
+
if (!event.queryStringParameters) {
|
|
8930
|
+
return response(400, "Invalid code");
|
|
8931
|
+
}
|
|
8992
8932
|
const code = event.queryStringParameters.code;
|
|
8993
8933
|
if (!code) {
|
|
8994
|
-
return
|
|
8995
|
-
statusCode: 400,
|
|
8996
|
-
headers: {
|
|
8997
|
-
"Content-Type": "text/html"
|
|
8998
|
-
},
|
|
8999
|
-
body: "Invalid code"
|
|
9000
|
-
};
|
|
8934
|
+
return response(400, "Invalid code");
|
|
9001
8935
|
}
|
|
9002
|
-
const
|
|
8936
|
+
const githubSecrets = await getSecretJsonValue(process.env.GITHUB_SECRET_ARN);
|
|
8937
|
+
const baseUrl = baseUrlFromDomain(githubSecrets.domain);
|
|
8938
|
+
const newApp = await new import_rest.Octokit({ baseUrl }).rest.apps.createFromManifest({ code });
|
|
9003
8939
|
await updateSecretValue(process.env.GITHUB_SECRET_ARN, JSON.stringify({
|
|
9004
8940
|
domain: new URL(newApp.data.html_url).host,
|
|
9005
8941
|
appId: newApp.data.id,
|
|
@@ -9010,24 +8946,12 @@ async function handleNewApp(event) {
|
|
|
9010
8946
|
webhookSecret: newApp.data.webhook_secret
|
|
9011
8947
|
}));
|
|
9012
8948
|
await updateSecretValue(process.env.SETUP_SECRET_ARN, JSON.stringify({ token: "" }));
|
|
9013
|
-
return {
|
|
9014
|
-
statusCode: 200,
|
|
9015
|
-
headers: {
|
|
9016
|
-
"Content-Type": "text/html"
|
|
9017
|
-
},
|
|
9018
|
-
body: `New app set. <a href="${newApp.data.html_url}/installations/new">Install it</a> for your repositories.`
|
|
9019
|
-
};
|
|
8949
|
+
return response(200, `New app set. <a href="${newApp.data.html_url}/installations/new">Install it</a> for your repositories.`);
|
|
9020
8950
|
}
|
|
9021
8951
|
async function handleExistingApp(event) {
|
|
9022
8952
|
const body = decodeBody(event);
|
|
9023
8953
|
if (!body.appid || !body.pk || !body.domain) {
|
|
9024
|
-
return
|
|
9025
|
-
statusCode: 400,
|
|
9026
|
-
headers: {
|
|
9027
|
-
"Content-Type": "text/html"
|
|
9028
|
-
},
|
|
9029
|
-
body: "Missing fields"
|
|
9030
|
-
};
|
|
8954
|
+
return response(400, "Missing fields");
|
|
9031
8955
|
}
|
|
9032
8956
|
await updateSecretValue(process.env.GITHUB_SECRET_ARN, JSON.stringify({
|
|
9033
8957
|
domain: body.domain,
|
|
@@ -9036,13 +8960,7 @@ async function handleExistingApp(event) {
|
|
|
9036
8960
|
}));
|
|
9037
8961
|
await updateSecretValue(process.env.GITHUB_PRIVATE_KEY_SECRET_ARN, body.pk);
|
|
9038
8962
|
await updateSecretValue(process.env.SETUP_SECRET_ARN, JSON.stringify({ token: "" }));
|
|
9039
|
-
return
|
|
9040
|
-
statusCode: 200,
|
|
9041
|
-
headers: {
|
|
9042
|
-
"Content-Type": "text/html"
|
|
9043
|
-
},
|
|
9044
|
-
body: "Existing app set. Don't forget to set up the webhook."
|
|
9045
|
-
};
|
|
8963
|
+
return response(200, "Existing app set. Don't forget to set up the webhook.");
|
|
9046
8964
|
}
|
|
9047
8965
|
exports.handler = async function(event) {
|
|
9048
8966
|
if (!process.env.WEBHOOK_URL) {
|
|
@@ -9050,49 +8968,31 @@ exports.handler = async function(event) {
|
|
|
9050
8968
|
}
|
|
9051
8969
|
const setupToken = (await getSecretJsonValue(process.env.SETUP_SECRET_ARN)).token;
|
|
9052
8970
|
if (!setupToken) {
|
|
9053
|
-
return
|
|
9054
|
-
statusCode: 200,
|
|
9055
|
-
headers: {
|
|
9056
|
-
"Content-Type": "text/html"
|
|
9057
|
-
},
|
|
9058
|
-
body: "Setup already complete. Put a new token in the setup secret if you want to redo it."
|
|
9059
|
-
};
|
|
8971
|
+
return response(200, "Setup already complete. Put a new token in the setup secret if you want to redo it.");
|
|
9060
8972
|
}
|
|
9061
8973
|
if (!event.queryStringParameters) {
|
|
9062
|
-
return
|
|
9063
|
-
statusCode: 403,
|
|
9064
|
-
headers: {
|
|
9065
|
-
"Content-Type": "text/html"
|
|
9066
|
-
},
|
|
9067
|
-
body: "Wrong setup token."
|
|
9068
|
-
};
|
|
8974
|
+
return response(403, "Wrong setup token.");
|
|
9069
8975
|
}
|
|
9070
|
-
const urlToken = event.queryStringParameters.token || event.queryStringParameters.state;
|
|
8976
|
+
const urlToken = event.queryStringParameters.token || event.queryStringParameters.state || "";
|
|
9071
8977
|
if (urlToken.length != setupToken.length || !crypto.timingSafeEqual(Buffer.from(urlToken, "utf-8"), Buffer.from(setupToken, "utf-8"))) {
|
|
9072
|
-
return
|
|
9073
|
-
statusCode: 403,
|
|
9074
|
-
headers: {
|
|
9075
|
-
"Content-Type": "text/html"
|
|
9076
|
-
},
|
|
9077
|
-
body: "Wrong setup token."
|
|
9078
|
-
};
|
|
8978
|
+
return response(403, "Wrong setup token.");
|
|
9079
8979
|
}
|
|
9080
|
-
|
|
9081
|
-
|
|
9082
|
-
|
|
9083
|
-
|
|
9084
|
-
|
|
9085
|
-
|
|
9086
|
-
|
|
9087
|
-
|
|
9088
|
-
|
|
9089
|
-
|
|
9090
|
-
|
|
9091
|
-
|
|
9092
|
-
|
|
9093
|
-
|
|
9094
|
-
|
|
9095
|
-
};
|
|
8980
|
+
try {
|
|
8981
|
+
if (event.requestContext.http.path == "/") {
|
|
8982
|
+
return await handleRoot(event, setupToken);
|
|
8983
|
+
} else if (event.requestContext.http.path == "/domain" && event.requestContext.http.method == "POST") {
|
|
8984
|
+
return await handleDomain(event);
|
|
8985
|
+
} else if (event.requestContext.http.path == "/pat" && event.requestContext.http.method == "POST") {
|
|
8986
|
+
return await handlePat(event);
|
|
8987
|
+
} else if (event.requestContext.http.path == "/complete-new-app" && event.requestContext.http.method == "GET") {
|
|
8988
|
+
return await handleNewApp(event);
|
|
8989
|
+
} else if (event.requestContext.http.path == "/app" && event.requestContext.http.method == "POST") {
|
|
8990
|
+
return await handleExistingApp(event);
|
|
8991
|
+
} else {
|
|
8992
|
+
return response(404, "Not found");
|
|
8993
|
+
}
|
|
8994
|
+
} catch (e) {
|
|
8995
|
+
return response(500, `<b>Error:</b> ${e}`);
|
|
9096
8996
|
}
|
|
9097
8997
|
};
|
|
9098
8998
|
/*!
|