@jumpgroup/github-integration 1.0.0

package/.github/workflows/main.yml

@@ -0,0 +1,24 @@
+name: run npm-version pipeline
+on:  
+  push:
+    tags:
+      - '*'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@master
+
+      - uses: actions/setup-node@v1
+        with:
+          node-version: 18
+          registry-url: 'https://registry.npmjs.org'
+          
+      - run: npm install
+      
+      - name: Publish package on NPM 📦
+        run: npm publish
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

package/.github/workflows/scripts.code-workspace

@@ -0,0 +1,8 @@
+{
+	"folders": [
+		{
+			"path": "../../.."
+		}
+	],
+	"settings": {}
+}

package/bin/tools.js

@@ -0,0 +1,58 @@
+#!/usr/bin/env node
+
+import { program } from "commander";
+import { listRepoSecrets, createRepoSecrets } from "../src/githubactions/secrets.js";
+import { listRepoVariables, createRepoVariable } from "../src/githubactions/variables.js";
+
+// Initialize program
+program.version("0.0.1").description("A CLI tool to integrate with GitHub");
+
+// Register 'secrets' command
+const secrets = program.command("secrets").description("Manage GitHub secrets");
+
+secrets
+    .command("list")
+    .description("List all secrets")
+    .option("-o, --owner <owner>", "Owner of the repository")
+    .option("-r, --repo <repo>", "Repository name")
+    .action((options) => {
+        console.log("Listing all secrets");
+        listRepoSecrets(options);
+    });
+
+secrets
+    .command("create")
+    .description("Create all repo secrets")
+    .option("-o, --owner <owner>", "Owner of the repository")
+    .option("-r, --repo <repo>", "Repository name")
+    .option("-s, --secret <secret>", "Secret name")
+    .action((options) => {
+        console.log("Creating all repo secrets");
+        createRepoSecrets(options);
+    });
+
+const variables = program.command("variables").description("Manage GitHub variables");
+
+variables
+    .command("list")
+    .description("List all variables")
+    .option("-o, --owner <owner>", "Owner of the repository")
+    .option("-r, --repo <repo>", "Repository name")
+    .action((options) => {
+        console.log("Listing all variables");
+        listRepoVariables(options);
+    });
+
+variables
+    .command("create")
+    .description("Create a new variable")
+    .option("-o, --owner <owner>", "Owner of the repository")
+    .option("-r, --repo <repo>", "Repository name")
+    .option("-v, --variable <variable>", "Variable name")
+    .action((options) => {
+        console.log("Creating a new variable");
+        createRepoVariable(options);
+    });
+
+// Parse command line arguments
+program.parse(process.argv);

package/package.json

@@ -0,0 +1,27 @@
+{
+  "name": "@jumpgroup/github-integration",
+  "version": "1.0.0",
+  "description": "A new package to manage github variables and secrets",
+  "main": "src/index.js",
+  "type": "module",
+  "engines": {
+    "node": "20"
+  },
+  "bin": {
+    "github-integration": "bin/tools.js"
+  },
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "author": "JumpGroup srl",
+  "license": "ISC",
+  "dependencies": {
+    "@inquirer/prompts": "^6.0.1",
+    "@jumpgroup/secret-fetcher": "^2.0.0",
+    "@octokit/rest": "^21.0.2",
+    "commander": "^12.1.0",
+    "keytar": "^7.9.0",
+    "libsodium-wrappers": "^0.7.15"
+  },
+  "devDependencies": {}
+}

package/src/githubactions/secrets.js

@@ -0,0 +1,172 @@
+import { Octokit } from '@octokit/rest';
+import keytar from 'keytar';
+import { input, confirm } from '@inquirer/prompts';
+import { getSecrets } from '@jumpgroup/secret-fetcher';
+import sodium from 'libsodium-wrappers';
+import { getGitRepo } from '../utilities.js';
+import { getLocalKeys } from '../utilities.js';
+import { getToken } from '../utilities.js';
+
+const encryptSecret = async (publicKeyBase64, secretValue) => {
+  // Assicurati che libsodium sia pronto
+  await sodium.ready;
+
+  // Converti la chiave pubblica da Base64 a Uint8Array
+  const publicKey = sodium.from_base64(publicKeyBase64, sodium.base64_variants.ORIGINAL);
+
+  // Converti il valore segreto in Uint8Array (formato binario)
+  const secret = sodium.from_string(secretValue);
+
+  // Crittografa il valore segreto usando la chiave pubblica
+  const encrypted = sodium.crypto_box_seal(secret, publicKey);
+
+  // Converte il risultato crittografato in Base64
+  return sodium.to_base64(encrypted, sodium.base64_variants.ORIGINAL);
+};
+
+const formatSSHPrivateKey = async (key) => {
+  // Define the key header and footer
+  const header = '-----BEGIN RSA PRIVATE KEY-----\n';
+  const footer = '\n-----END RSA PRIVATE KEY-----';
+  
+  let cleanedKey = key.replace(/-----BEGIN RSA PRIVATE KEY-----|-----END RSA PRIVATE KEY-----/g, '')
+  .replace(/\s+/g, '');
+
+  // Add line breaks every 64 characters
+  let formattedKey = cleanedKey.match(/.{1,64}/g).join('\n');
+
+  // Concatenate the final key with header and footer
+  return header + formattedKey + footer;
+};
+
+
+// Function to list secrets
+export async function listRepoSecrets(options) {
+
+  // Instantiate octokit with an authentication token
+  const octokit = new Octokit({
+    auth: await getToken(),  // Replace with your GitHub token or use environment variable
+  });
+
+  // get repo from git
+  var repoName = '';
+  var repoOwner = '';
+
+  if (!options.repo && !options.owner) {
+    const repo = await getGitRepo();
+    repoOwner = repo.split(':')[1].split('/')[0];
+    repoName = repo.split('/').pop().replace('.git', '');
+  } else {
+    repoOwner = options.owner;
+    repoName = options.repo;
+  }
+
+  console.log('Owner:', repoOwner);
+  console.log('repoName:', repoName);
+
+  try {
+    const response = await octokit.paginate("GET /repos/{owner}/{repo}/actions/secrets", {
+      owner: repoOwner,
+      repo: repoName,
+      headers: {
+        'X-GitHub-Api-Version': '2022-11-28'
+      }
+    });
+
+    if (response.length === 0) {
+      console.log('No secrets found');
+      return [];
+    }
+    console.log('Secrets:', response);
+    return response;
+  } catch (error) {
+    console.error('Error fetching secrets:', error);
+  }
+}
+
+export async function createRepoSecrets(options) {
+  // Instantiate octokit with an authentication token
+  const octokit = new Octokit({
+    auth: await getToken(),  // Replace with your GitHub token or use environment variable
+  });
+
+  // get repo from git
+  var repoName = '';
+  var repoOwner = '';
+
+  if (!options.repo && !options.owner) {
+    const repo = await getGitRepo();
+    repoOwner = repo.split(':')[1].split('/')[0];
+    repoName = repo.split('/').pop().replace('.git', '');
+  } else {
+    repoOwner = options.owner;
+    repoName = options.repo;
+  }
+
+  console.log('Owner:', repoOwner);
+  console.log('repoName:', repoName);
+
+  //check if exists a secret with the same name
+  const secrets = await listRepoSecrets(options);
+  const secretNames = secrets.map(secret => secret.name);
+
+  const new_options = {
+    // name: "autodeploy",
+    env: "secret"
+  };
+  //take the secret value from secret-fetcher
+  const autodeploySecrets = await getSecrets(new_options);
+
+  let secretValues = autodeploySecrets.secret;
+  const settings = await getLocalKeys();
+  secretValues.GROUP_SECRET = settings.groupSecret;
+
+  console.log('Secret value:', secretValues);
+
+  //get key_id
+  const { data: { key, key_id } } = await octokit.request('GET /repos/{owner}/{repo}/actions/secrets/public-key', {
+    owner: repoOwner,
+    repo: repoName
+  });
+
+  console.log('Key:', key);
+  const publicKey = key;
+  console.log('Key ID:', key_id);
+
+  // foreach secret value, use key like name and value like value
+  for (const [key, value] of Object.entries(secretValues)) {
+    var secret = value;
+    if (key === 'SSH_PRIVATE_KEY') {
+      secret = await formatSSHPrivateKey(value);
+
+      console.log('Secret:', secret);
+    }
+    if (secretNames.includes(key)) {
+      console.log('A secret with the same name already exists');
+      const overwrite = await confirm({ message: 'Do you want to overwrite it?' });
+
+      if (!overwrite) {
+        console.log(`Skipping secret: ${key}`);
+        continue;  // 
+      }
+    }
+    const encryptValue = await encryptSecret(publicKey, secret);
+    try {
+      const response = await octokit.request('PUT /repos/{owner}/{repo}/actions/secrets/{secret_name}', {
+        owner: repoOwner,
+        repo: repoName,
+        secret_name: key,
+        encrypted_value: encryptValue,
+        key_id: key_id,
+        headers: {
+          'X-GitHub-Api-Version': '2022-11-28'
+        }
+      })
+
+      console.log('Secret created:', response);
+    } catch (error) {
+      console.error('Error creating secret:', error);
+    }
+  }
+}
+

package/src/githubactions/variables.js

@@ -0,0 +1,138 @@
+import { Octokit } from '@octokit/rest';
+import keytar from 'keytar';
+import { getToken } from '../utilities.js';
+import { getGitRepo } from '../utilities.js';
+import { getSecrets } from '@jumpgroup/secret-fetcher';
+import { input, confirm } from '@inquirer/prompts';
+import { getLocalKeys } from '../utilities.js';
+
+// Function to list variables
+export async function listRepoVariables(options) {
+
+    // Instantiate octokit with an authentication token
+    const octokit = new Octokit({
+        auth: await getToken(),  // Replace with your GitHub token or use environment variable
+    });
+
+    // get repo from git
+    var repoName = '';
+    var repoOwner = '';
+
+    if (!options.repo && !options.owner) {
+        const repo = await getGitRepo();
+        repoOwner = repo.split(':')[1].split('/')[0];
+        repoName = repo.split('/').pop().replace('.git', '');
+    } else {
+        repoOwner = options.owner;
+        repoName = options.repo;
+    }
+
+    console.log('Owner:', repoOwner);
+    console.log('repoName:', repoName);
+
+    try {
+        const response = await octokit.paginate("GET /repos/{owner}/{repo}/actions/variables", {
+            owner: repoOwner,
+            repo: repoName,
+            headers: {
+                'X-GitHub-Api-Version': '2022-11-28'
+            }
+        });
+
+        if (response.length === 0) {
+            console.log('No variables found');
+            return [];
+        }
+        console.log('Variables:', response);
+        return response;
+    } catch (error) {
+        console.error('Error fetching secrets:', error);
+    }
+}
+
+export async function createRepoVariable(options) {
+    // Instantiate octokit with an authentication token
+    const octokit = new Octokit({
+        auth: await getToken(),  // Replace with your GitHub token or use environment variable
+    });
+
+    // get repo from git
+    var repoName = '';
+    var repoOwner = '';
+
+    if (!options.repo && !options.owner) {
+        const repo = await getGitRepo();
+        repoOwner = repo.split(':')[1].split('/')[0];
+        repoName = repo.split('/').pop().replace('.git', '');
+    } else {
+        repoOwner = options.owner;
+        repoName = options.repo;
+    }
+
+    console.log('Owner:', repoOwner);
+    console.log('repoName:', repoName);
+
+    //check if exists a secret with the same name
+    const variables = await listRepoVariables(options);
+    const variableNames = variables.map(variable => variable.name);
+
+    const new_options = {
+        // name: "autodeploy",
+        env: "variable"
+    };
+    //take the secret value from secret-fetcher
+    const autodeployVariables = await getSecrets(new_options);
+
+    let variableValues = autodeployVariables.variable;
+    const settings = await getLocalKeys();
+    variableValues.GROUP_KEY = settings.groupKey;
+
+    console.log('Variables :', variableValues);
+
+    // foreach secret value, use key like name and value like value
+    for (const [key, value] of Object.entries(variableValues)) {
+        if (variableNames.includes(key)) {
+            console.log('A secret with the same name already exists');
+            const overwrite = await confirm({ message: 'Do you want to overwrite it?' });
+
+            if (!overwrite) {
+                console.log(`Skipping secret: ${key}`);
+                continue;  // 
+            }
+
+            // Effettua una richiesta PATCH per aggiornare la variabile esistente
+            try {
+                const response = await octokit.request('PATCH /repos/{owner}/{repo}/actions/variables/{name}', {
+                    owner: repoOwner,
+                    repo: repoName,
+                    name: key,
+                    value: value,
+                    headers: {
+                        'X-GitHub-Api-Version': '2022-11-28'
+                    }
+                });
+
+                console.log('Variable updated:', response);
+            } catch (error) {
+                console.error('Error updating secret:', error);
+            }
+        }else{
+            try {
+                const response = await octokit.request('POST /repos/{owner}/{repo}/actions/variables', {
+                    owner: repoOwner,
+                    repo: repoName,
+                    name: key,
+                    value: value,
+                    headers: {
+                        'X-GitHub-Api-Version': '2022-11-28'
+                    }
+                })
+    
+                console.log('Variable created:', response);
+            } catch (error) {
+                console.error('Error creating secret:', error);
+            }
+        }
+    }
+
+}

package/src/index.js

@@ -0,0 +1,2 @@
+
+

package/src/utilities.js

@@ -0,0 +1,55 @@
+import { execSync } from 'child_process';
+import keytar from 'keytar';
+import { input } from '@inquirer/prompts';
+import { globSync } from 'glob';
+import { config } from 'dotenv';
+
+export const getGitRepo = async () => {
+    try {
+        const repoPath = execSync('git config --get remote.origin.url', { encoding: 'utf-8' }).trim();
+        return repoPath;
+    } catch (error) {
+        // Handle the error if the current directory is not a Git repository
+        console.error(`Error: ${error.stderr}`);
+        return null;
+    }
+}
+
+// Get the variables from the local file
+export const getLocalKeys = async () => {
+    const localFile = globSync(".secret-fetcher")[0];
+    if (!localFile) {
+        throw new Error("No .secret_fetcher file found");
+    }
+
+    const variables = config({
+        path: '.secret-fetcher'
+    }).parsed;
+
+    return variables;
+}
+
+// Function to get the GitHub token from the Keychain
+export async function getToken() {
+    // Recupera il token dal Keychain
+    let token = await keytar.getPassword("github-integration", "github-token");
+
+    // Se il token non è trovato nel Keychain, chiede all'utente di inserirlo
+    if (!token) {
+        console.log('Token not found in Keychain, please insert it now:');
+        //in inglese se non ce l'hai contatta Giada
+        console.log('If you don\'t have the token, please contact Giada');
+
+        // Ottieni l'input dell'utente (simulato qui con una variabile di esempio)
+        const inputToken = await input({ message: 'Insert GitHub Token: ' }); // Assicurati che 'input' restituisca il token come una stringa
+
+        // Salva il token nel Keychain
+        await keytar.setPassword("github-integration", "github-token", inputToken);
+        console.log('Token saved in Keychain');
+
+        // Usa il nuovo token appena inserito
+        token = inputToken;
+    }
+
+    return token;
+}