Skip to content

Commit 2632f5f

Browse files
aleksandr-gringauzaleksandr-gringauz
committed
RUM-10224: pr fixes
1 parent 2d2acd4 commit 2632f5f

File tree

2 files changed

+14
-30
lines changed

2 files changed

+14
-30
lines changed

.gitlab-ci.yml

Lines changed: 7 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,10 @@ stages:
6464
- export OSSRH_USERNAME=$(aws ssm get-parameter --region us-east-1 --name ci.dd-sdk-android.signing.ossrh_username --with-decryption --query "Parameter.Value" --out text)
6565
- export OSSRH_PASSWORD=$(aws ssm get-parameter --region us-east-1 --name ci.dd-sdk-android.signing.ossrh_password --with-decryption --query "Parameter.Value" --out text)
6666
- export GPG_PUBLIC_FINGERPRINT=$(aws ssm get-parameter --region us-east-1 --name ci.dd-sdk-android.signing.gpg_public_key --with-decryption --query "Parameter.Value" --out text | gpg --import --import-options show-only | grep -E -o -e "[A-F0-9]{40}")
67+
set-github-installation-token:
68+
- export GITHUB_APP_CLIENT_ID=$(aws ssm get-parameter --region us-east-1 --name ci.dd-sdk-android.gh_app_client_id --with-decryption --query "Parameter.Value" --out text)
69+
- export GITHUB_APP_INSTALLATION_ID=$(aws ssm get-parameter --region us-east-1 --name ci.dd-sdk-android.gh_app_installation_id --with-decryption --query "Parameter.Value" --out text)
70+
- export GITHUB_TOKEN=$(aws ssm get-parameter --region us-east-1 --name ci.dd-sdk-android.gh_app_private_key --with-decryption --query "Parameter.Value" --out text | bash ./create_github_installation_token.sh "$GITHUB_APP_CLIENT_ID" "$GITHUB_APP_INSTALLATION_ID")
6771

6872
# CI IMAGE
6973

@@ -970,33 +974,15 @@ notify:publish-release-failure:
970974
- 'MESSAGE_TEXT=":status_alert: $CI_PROJECT_NAME $CI_COMMIT_TAG publish pipeline <$BUILD_URL|$COMMIT_MESSAGE> failed."'
971975
- postmessage "#mobile-sdk-ops" "$MESSAGE_TEXT"
972976

973-
notify:prepare-github-token:
974-
tags: [ "arch:amd64" ]
975-
only:
976-
- tags
977-
image: $CI_IMAGE_DOCKER
978-
stage: notify
979-
when: on_success
980-
script:
981-
- aws ssm get-parameter --region us-east-1 --name ci.dd-sdk-android.gh_app_private_key --with-decryption --query "Parameter.Value" --out text >> ./gh_private_key.pem
982-
- export GITHUB_APP_CLIENT_ID=$(aws ssm get-parameter --region us-east-1 --name ci.dd-sdk-android.gh_app_client_id --with-decryption --query "Parameter.Value" --out text)
983-
- export GITHUB_APP_INSTALLATION_ID=$(aws ssm get-parameter --region us-east-1 --name ci.dd-sdk-android.gh_app_installation_id --with-decryption --query "Parameter.Value" --out text)
984-
- echo "GITHUB_TOKEN=$(bash ./create_github_installation_token.sh)" >> github.env
985-
artifacts:
986-
reports:
987-
dotenv: github.env
988-
access: none
989-
990977
notify:dogfood-app:
991978
tags: [ "arch:amd64" ]
992979
only:
993980
- tags
994981
image: $CI_IMAGE_DOCKER
995982
stage: notify
996983
when: on_success
997-
needs:
998-
- notify:prepare-github-token
999984
script:
985+
- !reference [ .snippets, set-github-installation-token ]
1000986
- pip3 install GitPython requests
1001987
- python3 dogfood.py -v $CI_COMMIT_TAG -t app
1002988

@@ -1007,9 +993,8 @@ notify:dogfood-demo:
1007993
image: $CI_IMAGE_DOCKER
1008994
stage: notify
1009995
when: on_success
1010-
needs:
1011-
- notify:prepare-github-token
1012996
script:
997+
- !reference [ .snippets, set-github-installation-token ]
1013998
- pip3 install GitPython requests
1014999
- python3 dogfood.py -v $CI_COMMIT_TAG -t demo
10151000

@@ -1021,6 +1006,7 @@ notify:dogfood-gradle-plugin:
10211006
stage: notify
10221007
when: on_success
10231008
script:
1009+
- !reference [ .snippets, set-github-installation-token ]
10241010
- pip3 install GitPython requests
10251011
- python3 dogfood.py -v $CI_COMMIT_TAG -t gradle-plugin
10261012

create_github_installation_token.sh

Lines changed: 7 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,8 @@
88

99
set -o pipefail
1010

11-
pem='./gh_private_key.pem'
11+
client_id=$1
12+
installation_id=$2
1213

1314
now=$(date +%s)
1415
iat=$((${now} - 60)) # Issues 60 seconds in the past
@@ -21,23 +22,20 @@ header_json='{
2122
"alg":"RS256"
2223
}'
2324
# Header encode
24-
header=$( echo -n "${header_json}" | b64enc )
25+
header=$(echo -n "${header_json}" | b64enc)
2526

2627
payload_json="{
2728
\"iat\":${iat},
2829
\"exp\":${exp},
29-
\"iss\":\"${GITHUB_APP_CLIENT_ID}\"
30+
\"iss\":\"${client_id}\"
3031
}"
3132

3233
# Payload encode
33-
payload=$( echo -n "${payload_json}" | b64enc )
34+
payload=$(echo -n "${payload_json}" | b64enc)
3435

3536
# Signature
3637
header_payload="${header}"."${payload}"
37-
signature=$(
38-
openssl dgst -sha256 -sign "${pem}" \
39-
<(echo -n "${header_payload}") | b64enc
40-
)
38+
signature=$(openssl dgst -sha256 -sign /dev/stdin <(echo -n "${header_payload}") | b64enc)
4139

4240
# Create JWT
4341
jwt_token="${header_payload}"."${signature}"
@@ -48,6 +46,6 @@ installation_token=$(curl \
4846
-X POST \
4947
-H "Authorization: Bearer $jwt_token" \
5048
-H "Accept: application/vnd.github+json" \
51-
https://api.github.com/app/installations/$GITHUB_APP_INSTALLATION_ID/access_tokens)
49+
https://api.github.com/app/installations/$installation_id/access_tokens)
5250

5351
echo $installation_token | jq -r '.token'

0 commit comments

Comments
 (0)