thepopebot 1.2.74-beta.2 → 1.2.74-beta.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/github-api.js +2 -17
- package/package.json +1 -1
package/lib/github-api.js
CHANGED
|
@@ -60,32 +60,17 @@ export async function listGitHubSecrets() {
|
|
|
60
60
|
}
|
|
61
61
|
|
|
62
62
|
/**
|
|
63
|
-
* Set a repository secret
|
|
63
|
+
* Set a repository secret.
|
|
64
64
|
*/
|
|
65
65
|
export async function setGitHubSecret(name, value) {
|
|
66
66
|
const repo = getRepoPath();
|
|
67
67
|
if (!repo) return { error: 'GitHub not configured' };
|
|
68
68
|
try {
|
|
69
|
-
// Get the repo public key
|
|
70
|
-
const pubKey = await ghFetch(`/repos/${repo}/actions/secrets/public-key`);
|
|
71
|
-
|
|
72
|
-
// Encrypt with libsodium sealed box
|
|
73
|
-
const sodium = await import('libsodium-wrappers');
|
|
74
|
-
await sodium.default.ready;
|
|
75
|
-
const binKey = sodium.default.from_base64(pubKey.key, sodium.default.base64_variants.ORIGINAL);
|
|
76
|
-
const binValue = sodium.default.from_string(value);
|
|
77
|
-
const encrypted = sodium.default.crypto_box_seal(binValue, binKey);
|
|
78
|
-
const encryptedBase64 = sodium.default.to_base64(encrypted, sodium.default.base64_variants.ORIGINAL);
|
|
79
|
-
|
|
80
69
|
await ghFetch(`/repos/${repo}/actions/secrets/${name}`, {
|
|
81
70
|
method: 'PUT',
|
|
82
71
|
headers: { 'Content-Type': 'application/json' },
|
|
83
|
-
body: JSON.stringify({
|
|
84
|
-
encrypted_value: encryptedBase64,
|
|
85
|
-
key_id: pubKey.key_id,
|
|
86
|
-
}),
|
|
72
|
+
body: JSON.stringify({ value }),
|
|
87
73
|
});
|
|
88
|
-
|
|
89
74
|
return { success: true };
|
|
90
75
|
} catch (err) {
|
|
91
76
|
return { error: err.message };
|