mirror of
https://github.com/grafana/grafana.git
synced 2025-07-26 14:42:10 +08:00
43 lines
1.2 KiB
Plaintext
43 lines
1.2 KiB
Plaintext
"""
|
|
This module is used to interface with the GitHub App to extract temporary installation tokens.
|
|
"""
|
|
|
|
load(
|
|
"scripts/drone/utils/images.star",
|
|
"images",
|
|
)
|
|
load(
|
|
"scripts/drone/vault.star",
|
|
"from_secret",
|
|
"github_app_app_id",
|
|
"github_app_app_installation_id",
|
|
"github_app_private_key",
|
|
)
|
|
|
|
def github_app_step_volumes():
|
|
return [
|
|
{"name": "github-app", "path": "/github-app"},
|
|
]
|
|
|
|
def github_app_pipeline_volumes():
|
|
return [
|
|
{"name": "github-app", "temp": {}},
|
|
]
|
|
|
|
def github_app_generate_token_step():
|
|
return {
|
|
"name": "github-app-generate-token",
|
|
"image": images["github_app_secret_writer"],
|
|
"environment": {
|
|
"GITHUB_APP_ID": from_secret(github_app_app_id),
|
|
"GITHUB_APP_INSTALLATION_ID": from_secret(github_app_app_installation_id),
|
|
"GITHUB_APP_PRIVATE_KEY": from_secret(github_app_private_key),
|
|
},
|
|
"commands": [
|
|
"echo $(/usr/bin/github-app-external-token) > /github-app/token",
|
|
],
|
|
"volumes": github_app_step_volumes(),
|
|
# forks or those without access would cause it to fail, but we can safely ignore it since there'll be no token.
|
|
"failure": "ignore",
|
|
}
|