akillibulut
/
porter
zrcadlo https://github.com/porter-dev/porter


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409
							package actions

import (
	"context"
	"encoding/base64"
	"fmt"

	"github.com/google/go-github/v33/github"
	"github.com/porter-dev/porter/internal/models"
	"github.com/porter-dev/porter/internal/repository"
	"golang.org/x/crypto/nacl/box"
	"golang.org/x/oauth2"

	"strings"

	"gopkg.in/yaml.v2"
)

type GithubActions struct {
	GitIntegration *models.GitRepo
	GitRepoName    string
	GitRepoOwner   string
	Repo           repository.Repository

	GithubConf *oauth2.Config

	WebhookToken string
	PorterToken  string
	BuildEnv     map[string]string
	ProjectID    uint
	ReleaseName  string

	GitBranch      string
	DockerFilePath string
	FolderPath     string
	ImageRepoURL   string

	defaultBranch string
}

func (g *GithubActions) Setup() (string, error) {
	client, err := g.getClient()

	if err != nil {
		return "", err
	}

	// get the repository to find the default branch
	repo, _, err := client.Repositories.Get(
		context.TODO(),
		g.GitRepoOwner,
		g.GitRepoName,
	)

	if err != nil {
		return "", err
	}

	g.defaultBranch = repo.GetDefaultBranch()

	// create a new secret with a webhook token
	err = g.createGithubSecret(client, g.getWebhookSecretName(), g.WebhookToken)

	if err != nil {
		return "", err
	}

	// create a new secret with a porter token
	err = g.createGithubSecret(client, g.getPorterTokenSecretName(), g.PorterToken)

	if err != nil {
		return "", err
	}

	// create a new secret with the build variables
	err = g.createEnvSecret(client)

	if err != nil {
		return "", err
	}

	fileBytes, err := g.GetGithubActionYAML()

	if err != nil {
		return "", err
	}

	return g.commitGithubFile(client, g.getPorterYMLFileName(), fileBytes)
}

func (g *GithubActions) Cleanup() error {
	client, err := g.getClient()

	if err != nil {
		return err
	}

	// get the repository to find the default branch
	repo, _, err := client.Repositories.Get(
		context.TODO(),
		g.GitRepoOwner,
		g.GitRepoName,
	)

	if err != nil {
		return err
	}

	g.defaultBranch = repo.GetDefaultBranch()

	// delete the webhook token secret
	err = g.deleteGithubSecret(client, g.getWebhookSecretName())

	if err != nil {
		return err
	}

	// delete the env secret
	err = g.deleteGithubSecret(client, g.getBuildEnvSecretName())

	if err != nil {
		return err
	}

	return g.deleteGithubFile(client, g.getPorterYMLFileName())
}

type GithubActionYAMLStep struct {
	Name string `yaml:"name,omitempty"`
	ID   string `yaml:"id,omitempty"`
	Uses string `yaml:"uses,omitempty"`
	Run  string `yaml:"run,omitempty"`
}

type GithubActionYAMLOnPushBranches struct {
	Branches []string `yaml:"branches,omitempty"`
}

type GithubActionYAMLOnPush struct {
	Push GithubActionYAMLOnPushBranches `yaml:"push,omitempty"`
}

type GithubActionYAMLJob struct {
	RunsOn string                 `yaml:"runs-on,omitempty"`
	Steps  []GithubActionYAMLStep `yaml:"steps,omitempty"`
}

type GithubActionYAML struct {
	On GithubActionYAMLOnPush `yaml:"on,omitempty"`

	Name string `yaml:"name,omitempty"`

	Jobs map[string]GithubActionYAMLJob `yaml:"jobs,omitempty"`
}

func (g *GithubActions) GetGithubActionYAML() ([]byte, error) {
	gaSteps := []GithubActionYAMLStep{
		getCheckoutCodeStep(),
		getDownloadPorterStep(),
		getConfigurePorterStep(g.getPorterTokenSecretName()),
	}

	if g.DockerFilePath == "" {
		gaSteps = append(gaSteps, getBuildPackPushStep(g.getBuildEnvSecretName(), g.FolderPath, g.ImageRepoURL))
	} else {
		gaSteps = append(gaSteps, getDockerBuildPushStep(g.getBuildEnvSecretName(), g.DockerFilePath, g.ImageRepoURL))
	}

	gaSteps = append(gaSteps, deployPorterWebhookStep(g.getWebhookSecretName(), g.ImageRepoURL))

	branch := g.GitBranch

	if branch == "" {
		branch = g.defaultBranch
	}

	actionYAML := &GithubActionYAML{
		On: GithubActionYAMLOnPush{
			Push: GithubActionYAMLOnPushBranches{
				Branches: []string{
					branch,
				},
			},
		},
		Name: "Deploy to Porter",
		Jobs: map[string]GithubActionYAMLJob{
			"porter-deploy": {
				RunsOn: "ubuntu-latest",
				Steps:  gaSteps,
			},
		},
	}

	return yaml.Marshal(actionYAML)
}

func (g *GithubActions) getClient() (*github.Client, error) {
	// get the oauth integration
	oauthInt, err := g.Repo.OAuthIntegration.ReadOAuthIntegration(g.GitIntegration.OAuthIntegrationID)

	if err != nil {
		return nil, err
	}

	tok := &oauth2.Token{
		AccessToken:  string(oauthInt.AccessToken),
		RefreshToken: string(oauthInt.RefreshToken),
		TokenType:    "Bearer",
	}

	client := github.NewClient(g.GithubConf.Client(oauth2.NoContext, tok))

	return client, nil
}

func (g *GithubActions) createGithubSecret(
	client *github.Client,
	secretName,
	secretValue string,
) error {
	// get the public key for the repo
	key, _, err := client.Actions.GetRepoPublicKey(context.TODO(), g.GitRepoOwner, g.GitRepoName)

	if err != nil {
		return err
	}

	// encrypt the secret with the public key
	keyBytes := [32]byte{}

	keyDecoded, err := base64.StdEncoding.DecodeString(*key.Key)

	if err != nil {
		return err
	}

	copy(keyBytes[:], keyDecoded[:])

	secretEncoded, err := box.SealAnonymous(nil, []byte(secretValue), &keyBytes, nil)

	if err != nil {
		return err
	}

	encrypted := base64.StdEncoding.EncodeToString(secretEncoded)

	encryptedSecret := &github.EncryptedSecret{
		Name:           secretName,
		KeyID:          *key.KeyID,
		EncryptedValue: encrypted,
	}

	// write the secret to the repo
	_, err = client.Actions.CreateOrUpdateRepoSecret(context.TODO(), g.GitRepoOwner, g.GitRepoName, encryptedSecret)

	return err
}

func (g *GithubActions) deleteGithubSecret(
	client *github.Client,
	secretName string,
) error {
	// delete the secret from the repo
	_, err := client.Actions.DeleteRepoSecret(
		context.TODO(),
		g.GitRepoOwner,
		g.GitRepoName,
		secretName,
	)

	return err
}

func (g *GithubActions) CreateEnvSecret() error {
	client, err := g.getClient()

	if err != nil {
		return err
	}

	return g.createEnvSecret(client)
}

func (g *GithubActions) createEnvSecret(client *github.Client) error {
	// convert the env object to a string
	lines := make([]string, 0)

	for key, val := range g.BuildEnv {
		lines = append(lines, fmt.Sprintf(`%s=%s`, key, val))
	}

	secretName := g.getBuildEnvSecretName()

	return g.createGithubSecret(client, secretName, strings.Join(lines, "\n"))
}

func (g *GithubActions) getWebhookSecretName() string {
	return fmt.Sprintf("WEBHOOK_%s", strings.Replace(
		strings.ToUpper(g.ReleaseName), "-", "_", -1),
	)
}

func (g *GithubActions) getBuildEnvSecretName() string {
	return fmt.Sprintf("ENV_%s", strings.Replace(
		strings.ToUpper(g.ReleaseName), "-", "_", -1),
	)
}

func (g *GithubActions) getPorterYMLFileName() string {
	return fmt.Sprintf("porter_%s.yml", strings.Replace(
		strings.ToLower(g.ReleaseName), "-", "_", -1),
	)
}

func (g *GithubActions) getPorterTokenSecretName() string {
	return fmt.Sprintf("PORTER_TOKEN_%d", g.ProjectID)
}

func (g *GithubActions) commitGithubFile(
	client *github.Client,
	filename string,
	contents []byte,
) (string, error) {
	filepath := ".github/workflows/" + filename
	sha := ""

	// get contents of a file if it exists
	fileData, _, _, _ := client.Repositories.GetContents(
		context.TODO(),
		g.GitRepoOwner,
		g.GitRepoName,
		filepath,
		&github.RepositoryContentGetOptions{},
	)

	if fileData != nil {
		sha = *fileData.SHA
	}

	opts := &github.RepositoryContentFileOptions{
		Message: github.String(fmt.Sprintf("Create %s file", filename)),
		Content: contents,
		Branch:  github.String(g.defaultBranch),
		SHA:     &sha,
		Committer: &github.CommitAuthor{
			Name:  github.String("Porter Bot"),
			Email: github.String("contact@getporter.dev"),
		},
	}

	resp, _, err := client.Repositories.UpdateFile(
		context.TODO(),
		g.GitRepoOwner,
		g.GitRepoName,
		filepath,
		opts,
	)

	if err != nil {
		return "", err
	}

	return *resp.Commit.SHA, nil
}

func (g *GithubActions) deleteGithubFile(
	client *github.Client,
	filename string,
) error {
	filepath := ".github/workflows/" + filename
	sha := ""

	// get contents of a file if it exists
	fileData, _, _, _ := client.Repositories.GetContents(
		context.TODO(),
		g.GitRepoOwner,
		g.GitRepoName,
		filepath,
		&github.RepositoryContentGetOptions{},
	)

	if fileData != nil {
		sha = *fileData.SHA
	}

	opts := &github.RepositoryContentFileOptions{
		Message: github.String(fmt.Sprintf("Delete %s file", filename)),
		Branch:  github.String(g.defaultBranch),
		SHA:     &sha,
		Committer: &github.CommitAuthor{
			Name:  github.String("Porter Bot"),
			Email: github.String("contact@getporter.dev"),
		},
	}

	_, _, err := client.Repositories.DeleteFile(
		context.TODO(),
		g.GitRepoOwner,
		g.GitRepoName,
		filepath,
		opts,
	)

	if err != nil {
		return err
	}

	return nil
}