-
Notifications
You must be signed in to change notification settings - Fork 0
/
invoke_gh_action_with_pem.py
executable file
·86 lines (67 loc) · 2.29 KB
/
invoke_gh_action_with_pem.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
import jwt
import time
import requests
import argparse
def main():
parser = argparse.ArgumentParser(
description="Invoke a workflow_dispatch GitHub Action.")
parser.add_argument(
"--branch", required=True,
help="The branch/stage on which the tests are being invoked"
) # extracted from the execution branch
parser.add_argument(
"--private_key", required=True,
help="The contents of the private key in PEM format"
) # copied from the PEM file
parser.add_argument(
"--issuer", default="153910",
help="The GitHub App's identifier, used for the JWT issuer field"
)
parser.add_argument(
"--installation_id", default="20905774",
help="The GitHub App's installation id for the target repo"
)
parser.add_argument(
"--repo", default="MAAP-Project/maap-data-system-tests",
help="The GitHub repo on which to invoke the workflow dispatch"
)
parser.add_argument(
"--workflow", default="test.yml",
help="The workflow to dispatch"
)
args = parser.parse_args()
# Generate a JWT from the PEM
now = time.time()
jwt_token = jwt.encode(
{
"iat": int(now - 60),
"exp": int(now + (10 * 60)),
"iss": args.issuer
},
args.private_key,
algorithm="RS256"
)
s = requests.Session()
s.headers.update({"Accept": "application/vnd.github.v3+json"})
# use the PEM to get an access token
res = s.post(
f"https://api.github.com/app/installations/{args.installation_id}/access_tokens",
headers={"Authorization": f"Bearer {jwt_token}"}
)
if res.status_code != 201:
print(
f"Error: access token retrieval status code was {res.status_code}")
exit(1)
gh_api_token = res.json()["token"]
# use the access token to invoke the workflow dispatch
res = s.post(
f"https://api.github.com/repos/{args.repo}/actions/workflows/{args.workflow}/dispatches",
headers={"Authorization": f"Bearer {gh_api_token}"},
json={"ref": args.branch}
)
if res.status_code != 204:
print(
f"Error: workflow dispatch request got status code {res.status_code}")
exit(1)
if __name__ == '__main__':
main()