refactor: allow calling set secret for each repo (#15)

This required memoizing the public key GET call and splitting out the setSecretForRepo.
jpoehnelt · May 4, 2020 · 4441584 · 4441584
1 parent 7a403ec
commit 4441584
Show file tree

Hide file tree

Showing 3 changed files with 88 additions and 35 deletions.
diff --git a/__tests__/github.test.ts b/__tests__/github.test.ts
@@ -20,6 +20,7 @@ import {
   DefaultOctokit,
   filterReposByPatterns,
   listAllMatchingRepos,
+  publicKeyCache,
   setSecretsForRepo
 } from "../src/github";
 
@@ -103,6 +104,7 @@ describe("setSecretsForRepo", () => {
 
   beforeEach(() => {
     nock.cleanAll();
+    publicKeyCache.clear();
     publicKeyMock = nock("https://api.github.com")
       .get(`/repos/${repo.full_name}/actions/secrets/public-key`)
       .reply(200, publicKey);

diff --git a/dist/index.js b/dist/index.js
@@ -7425,6 +7425,7 @@ const rest_1 = __webpack_require__(889);
 const utils_1 = __webpack_require__(611);
 const config_1 = __webpack_require__(478);
 const plugin_retry_1 = __webpack_require__(755);
+exports.publicKeyCache = new Map();
 const RetryOctokit = rest_1.Octokit.plugin(plugin_retry_1.retry);
 function DefaultOctokit(_a) {
     var octokitOptions = __rest(_a, []);
@@ -7493,29 +7494,47 @@ function filterReposByPatterns(repos, patterns) {
     return repos.filter(repo => regexPatterns.filter(r => r.test(repo.full_name)).length);
 }
 exports.filterReposByPatterns = filterReposByPatterns;
+function getPublicKey(octokit, repo) {
+    return __awaiter(this, void 0, void 0, function* () {
+        let publicKey = exports.publicKeyCache.get(repo);
+        if (!publicKey) {
+            const [owner, name] = repo.full_name.split("/");
+            publicKey = (yield octokit.actions.getPublicKey({
+                owner,
+                repo: name
+            })).data;
+            exports.publicKeyCache.set(repo, publicKey);
+        }
+        return publicKey;
+    });
+}
+exports.getPublicKey = getPublicKey;
 function setSecretsForRepo(octokit, secrets, repo, dry_run) {
     return __awaiter(this, void 0, void 0, function* () {
-        const [owner, name] = repo.full_name.split("/");
-        const publicKey = (yield octokit.actions.getPublicKey({
-            owner,
-            repo: name
-        })).data;
         for (const k of Object.keys(secrets)) {
-            const encrypted_value = utils_1.encrypt(secrets[k], publicKey.key);
-            core.info(`Set \`${k} = ***\` on ${repo.full_name}`);
-            if (!dry_run) {
-                yield octokit.actions.createOrUpdateSecretForRepo({
-                    owner,
-                    repo: name,
-                    name: k,
-                    key_id: publicKey.key_id,
-                    encrypted_value
-                });
-            }
+            yield setSecretForRepo(octokit, k, secrets[k], repo, dry_run);
         }
     });
 }
 exports.setSecretsForRepo = setSecretsForRepo;
+function setSecretForRepo(octokit, name, secret, repo, dry_run) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const [repo_owner, repo_name] = repo.full_name.split("/");
+        const publicKey = yield getPublicKey(octokit, repo);
+        const encrypted_value = utils_1.encrypt(secret, publicKey.key);
+        core.info(`Set \`${name} = ***\` on ${repo.full_name}`);
+        if (!dry_run) {
+            return octokit.actions.createOrUpdateSecretForRepo({
+                owner: repo_owner,
+                repo: repo_name,
+                name,
+                key_id: publicKey.key_id,
+                encrypted_value
+            });
+        }
+    });
+}
+exports.setSecretForRepo = setSecretForRepo;
 
 
 /***/ }),

diff --git a/src/github.ts b/src/github.ts
@@ -25,6 +25,13 @@ export interface Repository {
   full_name: string;
 }
 
+export interface PublicKey {
+  key: string;
+  key_id: string;
+}
+
+export const publicKeyCache = new Map<Repository, PublicKey>();
+
 const RetryOctokit = Octokit.plugin(retry);
 
 export function DefaultOctokit({ ...octokitOptions }): any {
@@ -131,34 +138,59 @@ export function filterReposByPatterns(
   );
 }
 
+export async function getPublicKey(
+  octokit: any,
+  repo: Repository
+): Promise<PublicKey> {
+  let publicKey = publicKeyCache.get(repo);
+
+  if (!publicKey) {
+    const [owner, name] = repo.full_name.split("/");
+    publicKey = (
+      await octokit.actions.getPublicKey({
+        owner,
+        repo: name
+      })
+    ).data as PublicKey;
+
+    publicKeyCache.set(repo, publicKey);
+  }
+
+  return publicKey;
+}
+
 export async function setSecretsForRepo(
   octokit: any,
   secrets: { [key: string]: string },
   repo: Repository,
   dry_run: boolean
 ): Promise<void> {
-  const [owner, name] = repo.full_name.split("/");
+  for (const k of Object.keys(secrets)) {
+    await setSecretForRepo(octokit, k, secrets[k], repo, dry_run);
+  }
+}
 
-  const publicKey = (
-    await octokit.actions.getPublicKey({
-      owner,
-      repo: name
-    })
-  ).data;
+export async function setSecretForRepo(
+  octokit: any,
+  name: string,
+  secret: string,
+  repo: Repository,
+  dry_run: boolean
+): Promise<void> {
+  const [repo_owner, repo_name] = repo.full_name.split("/");
 
-  for (const k of Object.keys(secrets)) {
-    const encrypted_value = encrypt(secrets[k], publicKey.key);
+  const publicKey = await getPublicKey(octokit, repo);
+  const encrypted_value = encrypt(secret, publicKey.key);
 
-    core.info(`Set \`${k} = ***\` on ${repo.full_name}`);
+  core.info(`Set \`${name} = ***\` on ${repo.full_name}`);
 
-    if (!dry_run) {
-      await octokit.actions.createOrUpdateSecretForRepo({
-        owner,
-        repo: name,
-        name: k,
-        key_id: publicKey.key_id,
-        encrypted_value
-      });
-    }
+  if (!dry_run) {
+    return octokit.actions.createOrUpdateSecretForRepo({
+      owner: repo_owner,
+      repo: repo_name,
+      name,
+      key_id: publicKey.key_id,
+      encrypted_value
+    });
   }
 }