Home Explore Project
Register Sign In
lyq
/
set_github_secret
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: d2825ded96
Branches Tags
set_github_secr...
/
set_github_secret
/
set_github_secret.py

set_github_secret.py 3.5 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102 
  1. #!/usr/bin/env python
    2. 

  2. # -*- encoding: utf-8 -*-
    3. 

  3. '''
    4. 

  4. @Contact :   liuyuqi.gov@msn.cn
    5. 

  5. @Time    :   2023/11/13 14:29:00
    6. 

  6. @License :   Copyright © 2017-2022 liuyuqi. All Rights Reserved.
    7. 

  7. @Desc    :   github api方式设置 Create or update a repository secret
    8. 

  8. '''
    9. 

  9. 

  10. import requests
    11. 

  11. import nacl.secret
    12. 

  12. from nacl.encoding import Base64Encoder
    13. 

  13. import json
    14. 

  14. 

  15. class GithubPulbicKey:
    16. 

  16.     ''' Github public key '''
    17. 

  17. 

  18.     def __init__(self, key_id: str, key: str):
    19. 

  19.         self.key_id = key_id
    20. 

  20.         self.key = key
    21. 

  21. 

  22. 

  23. class GithubApi:
    24. 

  24.     ''' Github api '''
    25. 

  25. 

  26.     _api_url = 'https://api.github.com'
    27. 

  27. 

  28.     def __init__(self, owner: str, token: str, repo: str):
    29. 

  29.         self.owner = owner
    30. 

  30.         self.token = token
    31. 

  31.         self.repo = repo
    32. 

  32.         self.public_key = None
    33. 

  33.         self.sess = requests.Session()
    34. 

  34.         self.sess.headers.update({
    35. 

  35.             'Accept': 'application/vnd.github.v3+json',
    36. 

  36.             'X-GitHub-Api-Version': '2022-11-28',
    37. 

  37.             'Authorization': f'Bearer {self.token}'
    38. 

  38.         })
    39. 

  39. 

  40.     def get_repo_public_key(self) -> GithubPulbicKey:
    41. 

  41.         ''' Get a repository public key 
    42. 

  42.         {
    43. 

  43.             "key_id": "012345678912345678",
    44. 

  44.             "key": "xx+dB7TJyvv1234"
    45. 

  45.         }
    46. 

  46.         '''
    47. 

  47.         url = f'{self._api_url}/repos/{self.owner}/{self.repo}/actions/secrets/public-key'
    48. 

  48.         response = self.sess.get(url)
    49. 

  49.         print(f'get public key response: {response.text}')
    50. 

  50.         if response.status_code == 200:
    51. 

  51.             res_json = response.json()
    52. 

  52.             self.public_key = GithubPulbicKey(
    53. 

  53.                 res_json['key_id'], res_json['key'])
    54. 

  54.             return self.public_key
    55. 

  55.         else:
    56. 

  56.             print("Failed to get repository public key.")
    57. 

  57.             print(f"Response status code: {response.status_code}")
    58. 

  58.             print(f"Response body: {response.text}")
    59. 

  59.             return None
    60. 

  60. 

  61.     def encrypt_secret_value(self, value: str, public_key: str):
    62. 

  62.         ''' Value for your secret, encrypted with LibSodium using the public key retrieved from 
    63. 

  63.         the Get a repository public key endpoint.
    64. 

  64.           '''
    65. 

  65.         key_bytes = Base64Encoder.decode(public_key)
    66. 

  66.         box = nacl.secret.SecretBox(key_bytes)
    67. 

  67.         encrypted = box.encrypt(value.encode(), encoder=Base64Encoder).decode()
    68. 

  68.         print(f'encrypt value: {value} -> {encrypted} success.')
    69. 

  69.         return encrypted
    70. 

  70. 

  71.     def set_update_github_secret(self, key: str, value: str):
    72. 

  72.         url = f'{self._api_url}/repos/{self.owner}/{self.repo}/actions/secrets/{key}'
    73. 

  73.         if self.public_key is None:
    74. 

  74.             self.get_repo_public_key()
    75. 

  75. 

  76.         if self.public_key is not None:
    77. 

  77.             secret_value = self.encrypt_secret_value(
    78. 

  78.                 value, self.public_key.key)
    79. 

  79.             data = {
    80. 

  80.                 'encrypted_value': secret_value,
    81. 

  81.                 'key_id': self.public_key.key_id
    82. 

  82.             }
    83. 

  83.             response = self.sess.put(url, json=data)
    84. 

  84.             if response.status_code == 204:
    85. 

  85.                 print("GitHub secret updated successfully!")
    86. 

  86.             else:
    87. 

  87.                 print("Failed to update GitHub secret.")
    88. 

  88.                 print(f"Response status code: {response.status_code}")
    89. 

  89.                 print(f"Response body: {response.text}")
    90. 

  90. 

  91. 

  92. if __name__ == '__main__':
    93. 

  93.     with open("account.json", "r") as file:
    94. 

  94.         data = json.load(file)
    95. 

  95.         owner = data["owner"]
    96. 

  96.         token = data["token"]
    97. 

  97.         repo = data["repo"]
    98. 

  98.         github_api = GithubApi(owner=owner, token=token, repo=repo)
    99. 

  99.         for i in range(data["secret"]):
    100. 

  100.             key = i["key"]
    101. 

  101.             value = i["value"]
    102. 

  102.             github_api.set_update_github_secret(key, value)
    103.