software-engineering-quality-framework/decisions/assets/ADR-003/examples/bash/script.sh at c951604617725b1be05091ec1994dceef25ab9e3 · NHSDigital/software-engineering-quality-framework · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
#!/bin/bash

function main() {

  if [[ -z "$GITHUB_APP_ID" || -z "$GITHUB_APP_PK_FILE" || -z "$GITHUB_ORG" ]]; then
    echo "Environment variables GITHUB_APP_ID, GITHUB_APP_PK_FILE and GITHUB_ORG must be passed to this program."
    exit 1
  fi

  jwt_token=$(get-jwt-token)
  installation_id=$(get-installation-id)
  access_token=$(get-access-token)

  echo "GITHUB_TOKEN=$access_token"
}

function get-jwt-token() {

  header=$(echo -n '{"alg":"RS256","typ":"JWT"}' | base64 | tr -d '=' | tr -d '\n=' | tr -- '+/' '-_')
  payload=$(echo -n '{"iat":'"$(date +%s)"',"exp":'$(($(date +%s)+600))',"iss":"'"$GITHUB_APP_ID"'"}' | base64 | tr -d '\n=' | tr -- '+/' '-_')
  signature=$(echo -n "$header.$payload" | openssl dgst -binary -sha256 -sign "$GITHUB_APP_PK_FILE" | openssl base64 | tr -d '\n=' | tr -- '+/' '-_')

  echo "$header.$payload.$signature"
}

function get-installation-id() {

  installations_response=$(curl -sX GET \
    -H "Authorization: Bearer $jwt_token" \
    -H "Accept: application/vnd.github.v3+json" \
    https://api.github.com/app/installations)

  echo "$installations_response" | jq '.[] | select(.account.login == "'"$GITHUB_ORG"'") .id'
}

function get-access-token() {

  token_response=$(curl -sX POST \
    -H "Authorization: Bearer $jwt_token" \
    -H "Accept: application/vnd.github.v3+json" \
    "https://api.github.com/app/installations/$installation_id/access_tokens")

  echo "$token_response" | jq .token -r
}

main