Add token revokal as post action (#18)

danielefranceschi · web-flow · commit 540f885995e2 · 2024-10-10T11:15:08.000+08:00
* add token deletion [skip ci]

* add locally-built dist for testing [skip ci]
diff --git a/.gitignore b/.gitignore
@@ -13,4 +13,3 @@ coverage
 .cache
 .DS_Store
 lib
-dist
diff --git a/dist/action.d.ts b/dist/action.d.ts
@@ -0,0 +1,2 @@
+export declare function run(): Promise<void>;
+export declare function cleanup(): Promise<void>;
diff --git a/dist/index.d.ts b/dist/index.d.ts
@@ -0,0 +1 @@
+export {};
diff --git a/dist/index.js b/dist/index.js
diff --git a/dist/licenses.txt b/dist/licenses.txt
diff --git a/dist/state.d.ts b/dist/state.d.ts
@@ -0,0 +1 @@
+export declare const isPost: boolean;
diff --git a/dist/util.d.ts b/dist/util.d.ts
@@ -0,0 +1,9 @@
+export declare function getAppSlugName(): string;
+export declare function getAppTokenName(): string;
+export declare function getAppInfo(): Promise<{
+    token: string;
+    slug: string;
+}>;
+export declare function createSecret(token: string, secretName: string, secretValue: string): Promise<void>;
+export declare function deleteSecret(token: string, secretName: string): Promise<void>;
+export declare function deleteToken(token: string): Promise<void>;
diff --git a/src/action.ts b/src/action.ts
@@ -18,6 +18,8 @@ export async function run() {
 
     core.setOutput('BOT_NAME', slug)
     core.setOutput('BOT_TOKEN', token)
+    // save token in state to be used in cleanup
+    core.saveState('token', token)
 
     core.exportVariable(appSlugName, slug)
     core.exportVariable(appTokenName, token)
@@ -31,13 +33,18 @@ export async function cleanup() {
   try {
     const clean = core.getBooleanInput('clean')
     const saveToSecret = core.getBooleanInput('secret')
-    if (saveToSecret && clean) {
-      const { token } = await util.getAppInfo()
-      const appSlugName = util.getAppSlugName()
-      const appTokenName = util.getAppTokenName()
-      await util.deleteSecret(token, appSlugName)
-      await util.deleteSecret(token, appTokenName)
-      core.info(`Secrets "${appSlugName}" and "${appTokenName}" was removed`)
+    const token = core.getState('token');
+    if (clean) {
+      if (saveToSecret) {
+        const { token } = await util.getAppInfo()
+        const appSlugName = util.getAppSlugName()
+        const appTokenName = util.getAppTokenName()
+        await util.deleteSecret(token, appSlugName)
+        await util.deleteSecret(token, appTokenName)
+        core.info(`Secrets "${appSlugName}" and "${appTokenName}" were removed`)
+      }
+      await util.deleteToken(token);
+      core.info("Token revoked");
     }
   } catch (e) {
     core.error(e)
diff --git a/src/util.ts b/src/util.ts
@@ -105,3 +105,10 @@ export async function deleteSecret(token: string, secretName: string) {
     },
   )
 }
+
+export async function deleteToken(token: string) {
+  const octokit = new Octokit({ auth: token })
+  await octokit.request(
+    'DELETE /installation/token',
+  )
+}

-Original file line number
+Diff line change
 .cache
 .DS_Store
 lib
 -dist
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+export declare function run(): Promise<void>;`
	`2`	`+export declare function cleanup(): Promise<void>;`
Original file line number	Diff line number	Diff line change
`@@ -105,3 +105,10 @@ export async function deleteSecret(token: string, secretName: string) {`
`105`	`105`	`},`
`106`	`106`	`)`
`107`	`107`	`}`
	`108`	`+`
	`109`	`+export async function deleteToken(token: string) {`
	`110`	`+ const octokit = new Octokit({ auth: token })`
	`111`	`+ await octokit.request(`
	`112`	`+ 'DELETE /installation/token',`
	`113`	`+ )`
	`114`	`+}`