fix: correct config usage (#5)

johnjcsmith · web-flow · commit fb1752d1564a · 2023-04-11T19:27:04.000+02:00
* Add GITHUB_APP_TOKEN and use key to sign JWT

* FindOrganizationInstallation using DEPENDABOT_ORG

* Remove unused DEPENDABOT_OWNER configuration
diff --git a/README.md b/README.md
@@ -53,10 +53,10 @@ The following instructions show how to setup the environment to run this code wi
     | CODEARTIFACT_DOMAIN_OWNER  | Owner (AWS acc) for the AWS CodeArtifact domain. Also used when [using CodeArtifact with AWS Cli](https://docs.aws.amazon.com/cli/latest/reference/codeartifact/login.html)  |
     | CODEARTIFACT_DURATION  | Duration of the AWS CodeArtifact authToken.  |
     | CODEARTIFACT_DOMAIN  | AWS CodeArtifact Domain for which access is required. Also used when [using CodeArtifact with AWS Cli](https://docs.aws.amazon.com/cli/latest/reference/codeartifact/login.html)  |
-    | GITHUB_PRIVATE_KEY  | GitHub secret for GitHub App authentication  |
-    | DEPENDABOT_OWNER  | Owner of the GitHub organization  |
     | DEPENDABOT_ORG  | The GitHub organization for which the secret should be created  |
+    | GITHUB_PRIVATE_KEY  | GitHub secret for GitHub App authentication  |
     | GITHUB_APP_ID  | The ID of the GitHub App used for authentication  |
+    | GITHUB_APP_TOKEN  | GitHub App token used for encrypting secrets |
 
 - Using env variables
     1. Setup environment variables regarding [point 1 from installation](#setup)
@@ -75,7 +75,7 @@ The following instructions show how to setup the environment to run this code wi
         ./codeartifact-dependabot-sync -h
 
         # run it with flag data
-        ./codeartifact-dependabot-sync -DEPENDABOT-ORG=exampleOrg -CODEARTIFACT_OWNER=exampleOwner ...
+        ./codeartifact-dependabot-sync -DEPENDABOT-ORG=exampleOrg  ...
         ```
 
 
diff --git a/github.go b/github.go
@@ -44,7 +44,7 @@ type Permissions struct {
 }
 
 func getJWT() (*string, error) {
-	pemBytes := []byte(viper.GetString("DEPENDABOT_GITHUB_TOKEN"))
+	pemBytes := []byte(viper.GetString("GITHUB_PRIVATE_KEY"))
 
 	block, _ := pem.Decode(pemBytes)
 	key, err := x509.ParsePKCS1PrivateKey(block.Bytes)
@@ -74,7 +74,8 @@ func setupGitHubAppClient(ctx context.Context) (*github.Client, error) {
 
 	tempClient := newGitHubClient(ctx, *signedToken)
 
-	inst, _, err := tempClient.Apps.FindOrganizationInstallation(ctx, "TierMobility")
+
+	inst, _, err := tempClient.Apps.FindOrganizationInstallation(ctx, viper.GetString("DEPENDABOT_ORG"))
 	if err != nil {
 		return nil, fmt.Errorf("setting up GitHub App client: %w", err)
 	}
@@ -147,7 +148,7 @@ func encryptSecret(plainSecret, key, tok string) (*string, error) {
 func createOrUpdateDependabotSecret(ctx context.Context, ghClient *github.Client, secret string) error {
 	var (
 		org   = viper.GetString("DEPENDABOT_ORG")
-		token = viper.GetString("DEPENDABOT_GITHUB_TOKEN")
+		token = viper.GetString("GITHUB_APP_TOKEN")
 	)
 
 	pk, _, err := ghClient.Dependabot.GetOrgPublicKey(ctx, org)
diff --git a/main.go b/main.go
@@ -21,10 +21,10 @@ import (
 
 func setupViper() {
 	var (
-		organization            = flag.String("DEPENDABOT_ORG", os.Getenv("DEPENDABOT_ORG"), "the GitHub organization for which the secret should be created")
 		githubSecret            = flag.String("GITHUB_PRIVATE_KEY", os.Getenv("GITHUB_PRIVATE_KEY"), "GitHub secret for GitHub App authentication")
 		githubAppID             = flag.String("GITHUB_APP_ID", os.Getenv("GITHUB_APP_ID"), "the ID of the GitHub App used for authentication")
-		organizationOwner       = flag.String("DEPENDABOT_OWNER", os.Getenv("DEPENDABOT_OWNER"), " owner of the GitHub organization")
+		githubAppToken          = flag.String("GITHUB_APP_TOKEN", os.Getenv("GITHUB_APP_TOKEN"), "the token of the GitHub App used for authentication")
+		organization            = flag.String("DEPENDABOT_ORG", os.Getenv("DEPENDABOT_ORG"), "the GitHub organization for which the secret should be created")
 		tokenDuration           = flag.String("CODEARTIFACT_DURATION", os.Getenv("CODEARTIFACT_DURATION"), "duration of the AWS CodeArtifact authToken")
 		codeartifactDomain      = flag.String("CODEARTIFACT_DOMAIN", os.Getenv("CODEARTIFACT_DOMAIN"), "AWS CodeArtifact Domain for which access is required")
 		codeartifactDomainOwner = flag.String("CODEARTIFACT_DOMAIN_OWNER", os.Getenv("CODEARTIFACT_DOMAIN_OWNER"), "owner (AWS acc) for the AWS CodeArtifact domain")
@@ -34,9 +34,9 @@ func setupViper() {
 	flag.Parse()
 
 	viper.Set("GITHUB_APP_ID", githubAppID)
+	viper.Set("GITHUB_APP_TOKEN", githubAppToken)
 	viper.Set("GITHUB_PRIVATE_KEY", githubSecret)
 	viper.Set("DEPENDABOT_ORG", organization)
-	viper.Set("DEPENDABOT_OWNER", organizationOwner)
 	viper.Set("CODEARTIFACT_DURATION", tokenDuration)
 	viper.Set("CODEARTIFACT_DOMAIN", codeartifactDomain)
 	viper.Set("CODEARTIFACT_DOMAIN_OWNER", codeartifactDomainOwner)
