fix(bot): moving to a github bot

Pocket · Mar 22, 2024 · 5629b20 · 5629b20
1 parent 91abaa5
commit 5629b20
Showing 1 changed file with 53 additions and 0 deletions.
diff --git a/.circleci/common.yml b/.circleci/common.yml
@@ -180,6 +180,58 @@ commands:
             rc="${rc}}"
             echo "$rc" > ~/.terraformrc
 
+  setup_github_bot:
+    steps:
+      - run:
+          name: Get Github Bot Token
+          command: |
+            app_id=$GITHUB_APP_ID # App ID as first argument
+            pem=$GITHUB_APP_PRIVATE_KEY # file path of the private key as second argument
+
+            now=$(date +%s)
+            iat=$((${now} - 60)) # Issues 60 seconds in the past
+            exp=$((${now} + 900)) # Expires 15 minutes in the future
+
+            b64enc() { openssl base64 | tr -d '=' | tr '/+' '_-' | tr -d '\n'; }
+
+            header_json='{
+                "typ":"JWT",
+                "alg":"RS256"
+            }'
+            # Header encode
+            header=$( echo -n "${header_json}" | b64enc )
+
+            payload_json='{
+                "iat":'"${iat}"',
+                "exp":'"${exp}"',
+                "iss":'"${app_id}"'
+            }'
+            # Payload encode
+            payload=$( echo -n "${payload_json}" | b64enc )
+
+            # Signature
+            header_payload="${header}"."${payload}"
+            signature=$( 
+                openssl dgst -sha256 -sign <(echo -n "${pem}") \
+                <(echo -n "${header_payload}") | b64enc 
+            )
+
+            # Create JWT
+            JWT="${header_payload}"."${signature}"
+
+            # Make a POST request to GitHub API to get the installation token
+            response=$(curl -s -X POST \
+              -H "Accept: application/vnd.github.v3+json" \
+              -H "Authorization: Bearer $JWT" \
+              -d "{}" \
+              "https://api.github.com/app/installations/$GITHUB_APP_ID/access_tokens")
+
+            # Extract the token from the response
+            token=$(echo "$response" | jq -r '.token')
+            echo "export GITHUB_TOKEN=$token" >> $BASH_ENV
+            echo "export GH_TOKEN=$token" >> $BASH_ENV
+
+
 jobs:
 
   infrastructure:
@@ -229,6 +281,7 @@ jobs:
           condition: <<parameters.uses_raw_hcl>>
           steps:
             - install_infrastructure_pnpm
+            - setup_github_bot
             - when:
                 condition: <<parameters.dev>>
                 steps: