feat: ✨ post action to cleanup secret

bubkoo · bubkoo · commit 1c1811e35f54 · 2020-09-26T01:52:34.000+08:00
diff --git a/action.yml b/action.yml
@@ -16,6 +16,7 @@ outputs:
 runs:
   using: node12
   main: dist/index.js
+  post: dist/index.js
 branding:
   icon: smile
   color: orange # gray-dark purple red orange green blue yellow black white
diff --git a/src/action.ts b/src/action.ts
@@ -5,7 +5,9 @@ import isBase64 from 'is-base64'
 import { Util } from './util'
 
 export namespace Action {
-  export async function start() {
+  let token: string
+
+  export async function run() {
     try {
       const id = Number(core.getInput('APP_ID', { required: true }))
       const privateKeyInput = core.getInput('PRIVATE_KEY', { required: true })
@@ -18,7 +20,8 @@ export namespace Action {
       const {
         data: { id: installationId },
       } = await octokit.apps.getRepoInstallation(github.context.repo)
-      const token = await app.getInstallationAccessToken({
+
+      token = await app.getInstallationAccessToken({
         installationId,
       })
 
@@ -35,4 +38,16 @@ export namespace Action {
       core.setFailed(e.message)
     }
   }
+
+  export async function cleanup() {
+    try {
+      const secretName = core.getInput('SECRET_NAME')
+      if (secretName) {
+        await Util.deleteSecret(token, secretName)
+      }
+    } catch (e) {
+      core.error(e)
+      core.setFailed(e.message)
+    }
+  }
 }
diff --git a/src/index.ts b/src/index.ts
@@ -1,3 +1,9 @@
 import { Action } from './action'
 
-Action.start()
+const isPost = !!process.env['STATE_isPost']
+
+if (!isPost) {
+  Action.run()
+} else {
+  Action.cleanup()
+}
diff --git a/src/util.ts b/src/util.ts
@@ -1,16 +1,10 @@
-import * as core from '@actions/core'
-import * as github from '@actions/github'
+import { context } from '@actions/github'
 import { Octokit } from '@octokit/core'
 import sodium from 'tweetsodium'
 
 export namespace Util {
-  export function getOctokit() {
-    const token = core.getInput('GITHUB_TOKEN', { required: true })
-    return github.getOctokit(token)
-  }
-
   async function createSecret(octokit: Octokit, value: string) {
-    const repo = github.context.repo
+    const repo = context.repo
     const res = await octokit.request(
       'GET /repos/:owner/:repo/actions/secrets/public-key',
       repo,
@@ -37,23 +31,26 @@ export namespace Util {
     name: string,
     value: string,
   ) {
-    try {
-      const octokit = new Octokit({ auth: token })
-      const secret = await createSecret(octokit, value)
-      core.info(`created secret: ${JSON.stringify(secret, null, 2)}`)
+    const octokit = new Octokit({ auth: token })
+    const secret = await createSecret(octokit, value)
+    await octokit.request(
+      'PUT /repos/:owner/:repo/actions/secrets/:secret_name',
+      {
+        ...context.repo,
+        secret_name: name,
+        data: secret,
+      },
+    )
+  }
 
-      await octokit.request(
-        'PUT /repos/:owner/:repo/actions/secrets/:secret_name',
-        {
-          ...github.context.repo,
-          secret_name: name,
-          data: secret,
-        },
-      )
-    } catch (e) {
-      core.error(e)
-      core.error(JSON.stringify(e, null, 2))
-      core.setFailed(e.message)
-    }
+  export async function deleteSecret(token: string, name: string) {
+    const octokit = new Octokit({ auth: token })
+    await octokit.request(
+      'DELETE /repos/:owner/:repo/actions/secrets/:secret_name',
+      {
+        ...context.repo,
+        secret_name: name,
+      },
+    )
   }
 }
