debug

sencrop · Jun 19, 2024 · f9f5464 · f9f5464
1 parent 91571ba
commit f9f5464
Showing 1 changed file with 25 additions and 23 deletions.
diff --git a/.github/workflows/release-please-v1.yml b/.github/workflows/release-please-v1.yml
@@ -14,59 +14,61 @@ jobs:
       # from https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app
       - name: get app token
         id: app_token
+        env:
+          CREDENTIALS: ${{ secrets.SENCROP_BOT_CREDENTIALS_TOKEN }}
         run: |
           #!/usr/bin/env bash
           set -o pipefail
+
           if [[ -z "$CREDENTIALS" ]]; then
             echo "missing credentials"
             exit 1
           fi
-          client_id=$(echo "$CREDENTIALS" | base64 --decode | jq -r .appid)
-          pem=$(echo "$CREDENTIALS" | base64 --decode | jq -r .privatekey)
-          installation_id=$(echo "$CREDENTIALS" | base64 --decode | jq -r .installationid)
+
+          client_id=$(echo "$CREDENTIALS" | base64 --decode | jq -r .appId)
+          pem=$(echo "$CREDENTIALS" | base64 --decode | jq -r .privateKey)
+          installation_id=$(echo "$CREDENTIALS" | base64 --decode | jq -r .installationId)
 
           now=$(date +%s)
-          iat=$((now - 60)) # issues 60 seconds in the past
-          exp=$((now + 600)) # expires 10 minutes in the future
+          iat=$((${now} - 60)) # Issues 60 seconds in the past
+          exp=$((${now} + 600)) # Expires 10 minutes in the future
 
           b64enc() { openssl base64 | tr -d '=' | tr '/+' '_-' | tr -d '\n'; }
 
           header_json='{
-              "typ":"jwt",
-              "alg":"rs256"
+              "typ":"JWT",
+              "alg":"RS256"
           }'
-          # header encode
+          # Header encode
           header=$( echo -n "${header_json}" | b64enc )
 
           payload_json='{
               "iat":'"${iat}"',
               "exp":'"${exp}"',
               "iss":'"${client_id}"'
           }'
-          # payload encode
+          # Payload encode
           payload=$( echo -n "${payload_json}" | b64enc )
-
-          # signature
+          #
+          # Signature
           header_payload="${header}"."${payload}"
           signature=$(
               openssl dgst -sha256 -sign <(echo -n "${pem}") \
               <(echo -n "${header_payload}") | b64enc
           )
+          #
+          # Create JWT
+          JWT="${header_payload}"."${signature}"
 
-          # create jwt
-          jwt="${header_payload}"."${signature}"
-
-          # request access token
-          token=$(curl -s --request post \
+          # Request access token
+          token=$(curl --request POST \
             --url "https://api.github.com/app/installations/$installation_id/access_tokens" \
-            --header "accept: application/vnd.github+json" \
-            --header "authorization: bearer $jwt" \
-            --header "x-github-api-version: 2022-11-28" | jq -r .token)
-
-          echo "token=$token" >> "$GITHUB_OUTPUT"
-        env:
-          CREDENTIALS: ${{ secrets.SENCROP_BOT_CREDENTIALS_TOKEN }}
+            --header "Accept: application/vnd.github+json" \
+            --header "Authorization: Bearer $JWT" \
+            --header "X-GitHub-Api-Version: 2022-11-28" | jq -r .token)
 
+          echo $token
+          echo "token=$token" >> $GITHUB_OUTPUT
 
       - uses: googleapis/release-please-action@v4
         with: