MCPcopy Index your code
hub / github.com/SignTools/SignTools / SetSecrets

Method SetSecrets

src/builders/github.go:58–91  ·  view source on GitHub ↗
(secrets map[string]string)

Source from the content-addressed store, hash-verified

56}
57
58func (g *GitHub) SetSecrets(secrets map[string]string) error {
59 keyResp, response, err := g.client.Actions.GetRepoPublicKey(g.ctx, g.data.OrgName, g.data.RepoName)
60 if err != nil {
61 return errors.WithMessage(err, "get repo public key")
62 }
63 if err := util.Check2xxCode(response.StatusCode); err != nil {
64 return errors.WithMessage(err, "get repo public key")
65 }
66 keyBytes, err := base64.StdEncoding.DecodeString(keyResp.GetKey())
67 if err != nil {
68 return errors.WithMessage(err, "decode repo public key")
69 }
70 var recipient [32]byte
71 copy(recipient[:], keyBytes[:32])
72 for secretName, secretVal := range secrets {
73 sealedSecret, err := box.SealAnonymous(nil, []byte(secretVal), &recipient, rand.Reader)
74 if err != nil {
75 return errors.WithMessage(err, "seal secret: "+secretName)
76 }
77 body := github.EncryptedSecret{
78 Name: secretName,
79 KeyID: keyResp.GetKeyID(),
80 EncryptedValue: base64.StdEncoding.EncodeToString(sealedSecret),
81 }
82 response, err := g.client.Actions.CreateOrUpdateRepoSecret(g.ctx, g.data.OrgName, g.data.RepoName, &body)
83 if err != nil {
84 return errors.WithMessage(err, "create or update repo secret")
85 }
86 if err := util.Check2xxCode(response.StatusCode); err != nil {
87 return errors.WithMessage(err, "create or update repo secret")
88 }
89 }
90 return nil
91}

Callers

nothing calls this directly

Calls 1

Check2xxCodeFunction · 0.92

Tested by

no test coverage detected