Organization support (#5)

* Adding support for getting a token if the application is installed on an organization * Adding more workflow tests for organization applications * Adding better tracking on execution when retrieving the token due to two major execution paths * Updating dependencies
peter-murray · Aug 11, 2021 · 33bc2a1 · 33bc2a1
1 parent 4a38172
commit 33bc2a1
Show file tree

Hide file tree

Showing 12 changed files with 1,662 additions and 147 deletions.
diff --git a/.github/workflows/test_failure_organization_not_installed.yml b/.github/workflows/test_failure_organization_not_installed.yml
@@ -0,0 +1,42 @@
+# Tests this action failure by the application not being installed on the organization
+
+name: Test Failure - organization - not installed
+
+on:
+  push:
+  workflow_dispatch:
+
+jobs:
+  test_failure:
+    runs-on: ubuntu-latest
+    continue-on-error: true
+
+    outputs:
+      action_step_outcome: ${{ steps.use_action.outcome }}
+      action_step_conclusion: ${{ steps.use_action.conclusion }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Use action 
+        id: use_action
+        uses: ./
+        with:
+          application_id: ${{ secrets.APPLICATION_ID_NOT_INSTALLED }}
+          application_private_key: ${{ secrets.APPLICATION_PRIVATE_KEY_NOT_INSTALLED }}
+          organization: devopsventures
+
+  validate_results:
+    needs: test_failure
+
+    runs-on: ubuntu-latest   
+
+    steps:
+      - name: Validate failure
+        if: needs.test_failure.outputs.action_step_outcome != 'failure'
+        run: |
+          echo "Outcome: ${{ needs.test_failure.outputs.action_step_outcome }}"
+          echo "Conclusion: ${{ needs.test_failure.outputs.action_step_conclusion }}"
+          echo "Outcome should have been failure for an application that is not installed."
+          exit 1
diff --git a/.../workflows/test_failure_not_installed.yml → ...test_failure_repository_not_installed.yml b/.../workflows/test_failure_not_installed.yml → ...test_failure_repository_not_installed.yml
@@ -1,9 +1,10 @@
 # Tests this action failure by the application not being installed on the repository
 
-name: Test Failure - not installed
+name: Test Failure - repository - not installed
 
 on:
   push:
+  workflow_dispatch:
 
 jobs:
   test_failure:

diff --git a/.github/workflows/test_installed_action.yml → ...workflows/test_organization_installed.yml b/.github/workflows/test_installed_action.yml → ...workflows/test_organization_installed.yml
@@ -1,9 +1,10 @@
 # Tests this action success by the application already being installed on the repository
 
-name: Test Success - installed action
+name: Test Success - repository - installed
 
 on:
   push:
+  workflow_dispatch:
 
 jobs:
   test:

diff --git a/.github/workflows/test_repository_installed.yml b/.github/workflows/test_repository_installed.yml
@@ -0,0 +1,31 @@
+# Tests this action success by the application already being installed on an organization
+
+name: Test Success - organization - installed
+
+on:
+  push:
+  workflow_dispatch:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Use action 
+        id: use_action
+        uses: ./
+        with:
+          application_id: ${{ secrets.APPLICATION_ID }}
+          application_private_key: ${{ secrets.APPLICATION_PRIVATE_KEY }}
+          organization: octodemo
+
+      - name: Use token to read details
+        uses: actions/github-script@v2
+        with:
+          github-token: ${{ steps.use_action.outputs.token }}
+          script: |
+            const repo = await github.repos.get({owner: 'octodemo', repo: 'demo-bootstrap'});
+            console.log(JSON.stringify(repo, null, 2));
diff --git a/action.yml b/action.yml
@@ -13,6 +13,10 @@ inputs:
     description: GitHub Application ID value.
     required: true
 
+  organization:
+    description: The GitHub Organization to get the application installation for, if not specified will use the current repository instead
+    required: false
+
 outputs:
   token:
     description: A valid token representing the Application that can be used to access what the Application has been scoped to access.

diff --git a/dist/index.js b/dist/index.js
diff --git a/index.js b/index.js
@@ -15,22 +15,48 @@ async function run() {
   }
 
   if (app) {
+    core.info(`Found GitHub Application: ${app.name}`);
+
     try {
-      const repository = process.env['GITHUB_REPOSITORY']
+      const userSpecifiedOrganization = core.getInput('organization')
+        , repository = process.env['GITHUB_REPOSITORY']
         , repoParts = repository.split('/')
       ;
-
-      const installation = await app.getRepositoryInstallation(repoParts[0], repoParts[1]);
-      if (installation && installation.id) {
-        const accessToken = await app.getInstallationAccessToken(installation.id);
-
+
+      let installationId;
+
+      if (userSpecifiedOrganization) {
+        core.info(`Obtaining application installation for organization: ${userSpecifiedOrganization}`);
+
+        // use the organization specified to get the installation
+        const installation = await app.getOrganizationInstallation(userSpecifiedOrganization);
+        if (installation && installation.id) {
+          installationId = installation.id;
+        } else {
+          fail(null, `GitHub Application is not installed on the specified organization: ${userSpecifiedOrganization}`);
+        }
+      } else {
+        core.info(`Obtaining application installation for repository: ${repository}`);
+
+        // fallback to getting a repository installation
+        const installation = await app.getRepositoryInstallation(repoParts[0], repoParts[1]);
+        if (installation && installation.id) {
+          installationId = installation.id;
+        } else {
+          fail(null, `GitHub Application is not installed on repository: ${repository}`);
+        }
+      }
+
+      if (installationId) {
+        const accessToken = await app.getInstallationAccessToken(installationId);
+
         // Register the secret to mask it in the output
         core.setSecret(accessToken.token);
         core.setOutput('token', accessToken.token);
         core.info(JSON.stringify(accessToken));
         core.info(`Successfully generated an access token for application.`)
       } else {
-        fail(null, `GitHub Application is not installed on repository: ${repository}`);
+        fail('No installation of the specified GitHub application was abel to be retrieved');
       }
     } catch (err) {
       fail(err);

diff --git a/lib/github-application.js b/lib/github-application.js
@@ -63,7 +63,7 @@ class GitHubApplication {
   get client() {
     const client = this._client;
     if (client === null) {
-      throw new Error('Application has not been initialized correctly, call connect() to connect to GitHub.com first.');
+      throw new Error('Application has not been initialized correctly, call connect() to connect to GitHub first.');
     }
     return client;
   }
@@ -76,6 +76,10 @@ class GitHubApplication {
     return this._config.id;
   }
 
+  get name() {
+    return this._metadata.name;
+  }
+
   getApplicationInstallations() {
     return this.client.request('GET /app/installations', {
       mediaType: {
@@ -94,7 +98,7 @@ class GitHubApplication {
   //TODO can get other types of app installations too at org and enterprise
 
   getRepositoryInstallation(owner, repo) {
-    return this.client.apps.getRepoInstallation({
+    return this.client.rest.apps.getRepoInstallation({
       owner: owner,
       repo: repo
     }).catch(err => {
@@ -107,6 +111,19 @@ class GitHubApplication {
     });
   }
 
+  getOrganizationInstallation(org) {
+    return this.client.rest.apps.getOrgInstallation({
+      org: org
+    }).catch(err => {
+      throw new Error(`Failed to resolve installation of application on organization ${org}; ${err.message}`);
+    }).then(resp => {
+      if (resp.status === 200) {
+        return resp.data;
+      }
+      throw new Error(`Unexpected status code ${resp.status}; ${resp.data}`);
+    });
+  }
+
   getInstallationAccessToken(installationId) {
     if (!installationId) {
       throw new Error('GitHub Application installation id must be provided');

diff --git a/lib/github-application.test.js b/lib/github-application.test.js
@@ -104,6 +104,16 @@ describe('GitHubApplication', () => {
       expect(data).to.have.property('permissions');
     });
 
+    it('should be able to get installation for an organization', async () => {
+      const data = await app.getOrganizationInstallation(
+        testValues.getTestOrganization(APPLICATION_NAME)
+      );
+
+      expect(data).to.have.property('id');
+      expect(data).to.have.property('permissions');
+    });
+
+
     it('should be able to get access token for a repository installation', async () => {
       const repoInstall = await app.getRepositoryInstallation(
           testValues.getTestRepositoryOwner(APPLICATION_NAME),
@@ -117,7 +127,7 @@ describe('GitHubApplication', () => {
       const client = new github.getOctokit(accessToken.token)
         , repoName = testValues.getTestRepository(APPLICATION_NAME)
         , ownerName = testValues.getTestRepositoryOwner(APPLICATION_NAME)
-        , repo = await client.repos.get({
+        , repo = await client.rest.repos.get({
             owner: ownerName,
             repo: repoName,
         });