Fix private key parameter

PRX · Apr 5, 2024 · 0f1c50e · 0f1c50e
1 parent 6479a59
commit 0f1c50e
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 6 deletions.
diff --git a/samconfig.toml b/samconfig.toml
@@ -11,6 +11,6 @@ capabilities = "CAPABILITY_IAM"
 region = "us-east-2"
 # Parameter overrides only need to be included when a parameter is changing
 # parameter_overrides = [
-#   "GitHubToken=",
+#   "GitHubAppPrivateKey=",
 #   "GitHubWebhookSecret="
 # ]
diff --git a/src/webhook-endpoint/index.mjs b/src/webhook-endpoint/index.mjs
@@ -8,12 +8,14 @@ async function handleIssue(payload) {
   if (payload.action === "opened" && payload.issue.state === "open") {
     const app = new App({
       appId: 311508,
-      // GITHUB_TOKEN is actually the GitHub app private key
+      // GITHUB_APP_PRIVATE_KEY is the GitHub app private key
       // The envar should look like:
       // -----BEGIN RSA PRIVATE KEY-----\nMIIEo…
       // with the newlines replaced with "\n".
       // Those will be replaced with real newlines below.
-      privateKey: process.env.GITHUB_TOKEN.replace(/\\n/g, "\n"),
+      // When generating a private key for a GitHub app, it will download a
+      // .pem file. The contents of that file is the private key.
+      privateKey: process.env.GITHUB_APP_PRIVATE_KEY.replace(/\\n/g, "\n"),
     });
 
     const octokit = await app.getInstallationOctokit(payload.installation.id);

diff --git a/template.yml b/template.yml
@@ -2,14 +2,16 @@ AWSTemplateFormatVersion: "2010-09-09"
 Transform: AWS::Serverless-2016-10-31
 
 Parameters:
-  GitHubToken:
+  GitHubAppPrivateKey:
     Description: >-
-      A GitHub access token with permissions to update issues
+      A GitHub App's private key that has all permissions required by the toolkit
     Type: String
+    NoEcho: true
   GitHubWebhookSecret:
     Description: >-
       The secret provided by GitHub for the issues request events webhook
     Type: String
+    NoEcho: true
 
 Resources:
   OctokitLambdaLayer:
@@ -32,7 +34,7 @@ Resources:
       Environment:
         Variables:
           GITHUB_WEBHOOK_SECRET: !Ref GitHubWebhookSecret
-          GITHUB_TOKEN: !Ref GitHubToken
+          GITHUB_APP_PRIVATE_KEY: !Ref GitHubAppPrivateKey
       FunctionUrlConfig:
         AuthType: NONE
         InvokeMode: BUFFERED