create webhook github secret

go.mod

@@ -31,6 +31,7 @@ require (
 	github.com/go-test/deep v1.0.7
 	github.com/google/go-cmp v0.5.2
 	github.com/google/go-github v17.0.0+incompatible
+	github.com/google/go-github/v33 v33.0.0
 	github.com/google/go-querystring v1.0.0 // indirect
 	github.com/googleapis/gnostic v0.2.2 // indirect
 	github.com/gorilla/securecookie v1.1.1

go.sum

@@ -471,6 +471,8 @@ github.com/google/go-cmp v0.5.4 h1:L8R9j+yAqZuZjsqh/z+F1NCffTKKLShY6zXTItVIZ8M=
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-github v17.0.0+incompatible h1:N0LgJ1j65A7kfXrZnUDaYCs/Sf4rEjNlfyDHW9dolSY=
 github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ=
+github.com/google/go-github/v33 v33.0.0 h1:qAf9yP0qc54ufQxzwv+u9H0tiVOnPJxo0lI/JXqw3ZM=
+github.com/google/go-github/v33 v33.0.0/go.mod h1:GMdDnVZY/2TsWgp/lkYnpSAh6TrzhANBBwm6k6TTEXg=
 github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk=
 github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
 github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI=

internal/integrations/ci/actions/actions.go

@@ -0,0 +1,102 @@
+package actions
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/google/go-github/v33/github"
+	"github.com/porter-dev/porter/internal/models"
+	"github.com/porter-dev/porter/internal/repository"
+	"golang.org/x/crypto/nacl/box"
+	"golang.org/x/oauth2"
+
+	"strings"
+)
+
+type GithubActions struct {
+	GitRepo     *models.GitRepo
+	GitRepoName string
+	Repo        repository.Repository
+
+	GithubConf *oauth2.Config
+
+	WebhookToken string
+	ReleaseName  string
+}
+
+func (g *GithubActions) Setup() error {
+	client, err := g.getClient()
+
+	if err != nil {
+		return err
+	}
+
+	// create a new secret with a webhook token
+	err = g.createGithubWebhookSecret(client)
+
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (g *GithubActions) getClient() (*github.Client, error) {
+	// get the oauth integration
+	oauthInt, err := g.Repo.OAuthIntegration.ReadOAuthIntegration(g.GitRepo.OAuthIntegrationID)
+
+	if err != nil {
+		return nil, err
+	}
+
+	tok := &oauth2.Token{
+		AccessToken:  string(oauthInt.AccessToken),
+		RefreshToken: string(oauthInt.RefreshToken),
+		TokenType:    "Bearer",
+	}
+
+	client := github.NewClient(g.GithubConf.Client(oauth2.NoContext, tok))
+
+	return client, nil
+}
+
+func (g *GithubActions) createGithubWebhookSecret(client *github.Client) error {
+	// get the public key for the repo
+	key, _, err := client.Actions.GetRepoPublicKey(context.TODO(), "", g.GitRepoName)
+
+	if err != nil {
+		return err
+	}
+
+	// encrypt the webhook token with the public key
+	secretName := g.getSecretName()
+	secretValue := []byte(g.WebhookToken)
+	out := make([]byte, 0)
+
+	keyBytes := [32]byte{}
+
+	copy(keyBytes[:], *key.Key)
+
+	_, err = box.SealAnonymous(out, secretValue, &keyBytes, nil)
+
+	if err != nil {
+		return err
+	}
+
+	fmt.Println("OUT IS", out)
+
+	encryptedSecret := &github.EncryptedSecret{
+		Name:           secretName,
+		KeyID:          *key.KeyID,
+		EncryptedValue: string(out),
+	}
+
+	// write the secret to the repo
+	_, err = client.Actions.CreateOrUpdateRepoSecret(context.TODO(), "", g.GitRepoName, encryptedSecret)
+
+	return err
+}
+
+func (g *GithubActions) getSecretName() string {
+	return strings.Replace(strings.ToUpper(g.ReleaseName), "-", "_", -1)
+}