更换一个加密函数

set_github_secret/set_github_secret.py

@@ -8,9 +8,11 @@
 '''
 
 import requests
-import nacl.secret
-from nacl.encoding import Base64Encoder
 import json
+import requests
+from nacl import encoding, public
+import json,sys
+import base64
 
 class GithubPulbicKey:
     ''' Github public key '''
@@ -46,7 +48,7 @@ class GithubApi:
         '''
         url = f'{self._api_url}/repos/{self.owner}/{self.repo}/actions/secrets/public-key'
         response = self.sess.get(url)
-        # print(f'get public key response: {response.text}')
+        print(f'get public key response: {response.text}')
         if response.status_code == 200:
             res_json = response.json()
             self.public_key = GithubPulbicKey(
@@ -57,16 +59,36 @@ class GithubApi:
             print(f"Response status code: {response.status_code}")
             print(f"Response body: {response.text}")
             return None
+    
+    @staticmethod
+    def _base64encode(value):
+        """
 
-    def encrypt_secret_value(self, value: str, public_key: str):
+        :param value: byte, encrypted message
+        :return: string
+        """
+        if sys.version_info <= (3, 1):
+            return base64.encodestring(value).decode("utf-8")
+        else:
+            return base64.encodebytes(value).decode("utf-8")
+        
+    @staticmethod
+    def encrypt_secret_value(value: str, public_key: str):
         ''' Value for your secret, encrypted with LibSodium using the public key retrieved from 
         the Get a repository public key endpoint.
+        https://github.com/anna-money/workflow-tools/blob/8a94d18254183847d3706e5a610739b40b48c4e6/workflow_tools/secret.py#L63
           '''
-        key_bytes = Base64Encoder.decode(public_key)
-        box = nacl.secret.SecretBox(key_bytes)
-        encrypted = box.encrypt(value.encode(), encoder=Base64Encoder).decode()
-        # print(f'encrypt value: {value} -> {encrypted} success.')
-        return encrypted
+        public_key_encoded = public.PublicKey(public_key.encode("utf-8"), encoding.Base64Encoder())
+        sealed_box = public.SealedBox(public_key_encoded)
+        encrypted = sealed_box.encrypt(value.encode("utf-8"))
+        encrypted_string = GithubApi._base64encode(encrypted)
+
+        # In Python 3.1+ base64.encodebytes inserts "\n" after every 76 bytes of output and
+        # adds a trailing newline character to follow RFC 2045
+        # https://docs.python.org/3/library/base64.html#base64.encodebytes
+        # To make sure GitHub API accepts payload, remove "\n" from the encrypted value.
+        result = encrypted_string.replace("\n", "")
+        return result
 
     def set_update_github_secret(self, key: str, value: str):
         url = f'{self._api_url}/repos/{self.owner}/{self.repo}/actions/secrets/{key}'