diff options
| author | Frank <[email protected]> | 2025-07-11 06:55:13 +0800 |
|---|---|---|
| committer | Frank <[email protected]> | 2025-07-11 06:55:13 +0800 |
| commit | 3b9b391320f6ff59dd86970558fff8cd3f215a41 (patch) | |
| tree | 5d4ce20d1ac15560fecf09b1e01a2962638b745c /packages/function | |
| parent | 766bfd025c6fe515f7b5ad2bf8304b77bcacba47 (diff) | |
| download | opencode-3b9b391320f6ff59dd86970558fff8cd3f215a41.tar.gz opencode-3b9b391320f6ff59dd86970558fff8cd3f215a41.zip | |
wip: github actions
Diffstat (limited to 'packages/function')
| -rw-r--r-- | packages/function/package.json | 1 | ||||
| -rw-r--r-- | packages/function/src/api.ts | 21 |
2 files changed, 18 insertions, 4 deletions
diff --git a/packages/function/package.json b/packages/function/package.json index c033fa058..633aeff82 100644 --- a/packages/function/package.json +++ b/packages/function/package.json @@ -11,6 +11,7 @@ }, "dependencies": { "@octokit/auth-app": "8.0.1", + "@octokit/rest": "22.0.0", "jose": "6.0.11" } } diff --git a/packages/function/src/api.ts b/packages/function/src/api.ts index 12b54c844..a28f286fc 100644 --- a/packages/function/src/api.ts +++ b/packages/function/src/api.ts @@ -2,6 +2,7 @@ import { DurableObject } from "cloudflare:workers" import { randomUUID } from "node:crypto" import { jwtVerify, createRemoteJWKSet } from "jose" import { createAppAuth } from "@octokit/auth-app" +import { Octokit } from "@octokit/rest" import { Resource } from "sst" type Env = { @@ -238,11 +239,16 @@ export default { // verify token const JWKS = createRemoteJWKSet(new URL(JWKS_URL)) + let owner, repo try { - await jwtVerify(token, JWKS, { + const { payload } = await jwtVerify(token, JWKS, { issuer: GITHUB_ISSUER, audience: EXPECTED_AUDIENCE, }) + const sub = payload.sub // e.g. 'repo:my-org/my-repo:ref:refs/heads/main' + const parts = sub.split(":")[1].split("/") + owner = parts[0] + repo = parts[1] } catch (err) { console.error("Token verification failed:", err) return new Response(JSON.stringify({ error: "Invalid or expired token" }), { @@ -251,14 +257,21 @@ export default { }) } - // Create app token + // Create app JWT token const auth = createAppAuth({ appId: Resource.GITHUB_APP_ID.value, privateKey: Resource.GITHUB_APP_PRIVATE_KEY.value, }) - const appAuthentication = await auth({ type: "app" }) + const appAuth = await auth({ type: "app" }) - return new Response(JSON.stringify({ token: appAuthentication.token }), { + // Lookup installation + const octokit = new Octokit({ auth: appAuth.token }) + const { data: installation } = await octokit.apps.getRepoInstallation({ owner, repo }) + + // Get installation token + const installationAuth = await auth({ type: "installation", installationId: installation.id }) + + return new Response(JSON.stringify({ token: installationAuth.token }), { headers: { "Content-Type": "application/json" }, }) } |