public_git
/
actions-runner-controller
mirror of https://github.com/actions-runner-controller/actions-runner-controller.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #20 from summerwind/github-apps-support 

Add support of GitHub Apps authentication
This commit is contained in:
Moto Ishizawa 2020-03-28 22:18:36 +09:00 committed by GitHub
parent 934ec7f181 af81c7f4c9
commit cac199f16e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 77 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
config/manager/manager.yaml
View File

@ -35,6 +35,25 @@ spec:
secretKeyRef: secretKeyRef:
name: controller-manager name: controller-manager
key: github_token key: github_token
optional: true
- name: GITHUB_APP_ID
valueFrom:
secretKeyRef:
name: controller-manager
key: github_app_id
optional: true
- name: GITHUB_APP_INSTALLATION_ID
valueFrom:
secretKeyRef:
name: controller-manager
key: github_app_installation_id
optional: true
- name: GITHUB_APP_PRIVATE_KEY
value: /etc/actions-runner-controller/github_app_private_key
volumeMounts:
- name: controller-manager
mountPath: "/etc/actions-runner-controller"
readOnly: true
resources: resources:
limits: limits:
cpu: 100m cpu: 100m
@ -42,4 +61,8 @@ spec:
requests: requests:
cpu: 100m cpu: 100m
memory: 20Mi memory: 20Mi
volumes:
- name: controller-manager
secret:
secretName: controller-manager
terminationGracePeriodSeconds: 10 terminationGracePeriodSeconds: 10

63
main.go
View File

@ -20,8 +20,11 @@ import (
"context" "context"
"flag" "flag"
"fmt" "fmt"
"net/http"
"os" "os"
"strconv"
"github.com/bradleyfalzon/ghinstallation"
"github.com/google/go-github/v29/github" "github.com/google/go-github/v29/github"
actionsv1alpha1 "github.com/summerwind/actions-runner-controller/api/v1alpha1" actionsv1alpha1 "github.com/summerwind/actions-runner-controller/api/v1alpha1"
"github.com/summerwind/actions-runner-controller/controllers" "github.com/summerwind/actions-runner-controller/controllers"
@ -58,7 +61,13 @@ func main() {
runnerImage string runnerImage string
dockerImage string dockerImage string
ghToken string
ghToken string
ghAppID int64
ghAppInstallationID int64
ghAppPrivateKey string
ghClient *github.Client
) )
flag.StringVar(&metricsAddr, "metrics-addr", ":8080", "The address the metric endpoint binds to.") flag.StringVar(&metricsAddr, "metrics-addr", ":8080", "The address the metric endpoint binds to.")
@ -66,21 +75,57 @@ func main() {
"Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager.") "Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager.")
flag.StringVar(&runnerImage, "runner-image", defaultRunnerImage, "The image name of self-hosted runner container.") flag.StringVar(&runnerImage, "runner-image", defaultRunnerImage, "The image name of self-hosted runner container.")
flag.StringVar(&dockerImage, "docker-image", defaultDockerImage, "The image name of docker sidecar container.") flag.StringVar(&dockerImage, "docker-image", defaultDockerImage, "The image name of docker sidecar container.")
flag.StringVar(&ghToken, "github-token", "", "The access token of GitHub.") flag.StringVar(&ghToken, "github-token", "", "The personal access token of GitHub.")
flag.Int64Var(&ghAppID, "github-app-id", 0, "The application ID of GitHub App.")
flag.Int64Var(&ghAppInstallationID, "github-app-installation-id", 0, "The installation ID of GitHub App.")
flag.StringVar(&ghAppPrivateKey, "github-app-private-key", "", "The path of a private key file to authenticate as a GitHub App")
flag.Parse() flag.Parse()
if ghToken == "" { if ghToken == "" {
ghToken = os.Getenv("GITHUB_TOKEN") ghToken = os.Getenv("GITHUB_TOKEN")
} }
if ghToken == "" { if ghAppID == 0 {
fmt.Fprintln(os.Stderr, "Error: GitHub access token must be specified.") appID, err := strconv.ParseInt(os.Getenv("GITHUB_APP_ID"), 10, 64)
os.Exit(1) if err == nil {
ghAppID = appID
}
}
if ghAppInstallationID == 0 {
appInstallationID, err := strconv.ParseInt(os.Getenv("GITHUB_APP_INSTALLATION_ID"), 10, 64)
if err == nil {
ghAppInstallationID = appInstallationID
}
}
if ghAppPrivateKey == "" {
ghAppPrivateKey = os.Getenv("GITHUB_APP_PRIVATE_KEY")
} }
tc := oauth2.NewClient(context.Background(), oauth2.StaticTokenSource( if ghAppID != 0 {
&oauth2.Token{AccessToken: ghToken}, if ghAppInstallationID == 0 {
)) fmt.Fprintln(os.Stderr, "Error: The installation ID must be specified.")
ghClient := github.NewClient(tc) os.Exit(1)
}
if ghAppPrivateKey == "" {
fmt.Fprintln(os.Stderr, "Error: The path of a private key file must be specified.")
os.Exit(1)
}
tr, err := ghinstallation.NewKeyFromFile(http.DefaultTransport, ghAppID, ghAppInstallationID, ghAppPrivateKey)
if err != nil {
fmt.Fprintf(os.Stderr, "Error: Invalid GitHub App credentials: %v\n", err)
os.Exit(1)
}
ghClient = github.NewClient(&http.Client{Transport: tr})
} else if ghToken != "" {
tc := oauth2.NewClient(context.Background(), oauth2.StaticTokenSource(
&oauth2.Token{AccessToken: ghToken},
))
ghClient = github.NewClient(tc)
} else {
fmt.Fprintln(os.Stderr, "Error: GitHub App credentials or personal access token must be specified.")
os.Exit(1)
}
ctrl.SetLogger(zap.New(func(o *zap.Options) { ctrl.SetLogger(zap.New(func(o *zap.Options) {
o.Development = true o.Development = true