Merge pull request ubiquity-os#70 from gentlementlegen/development

chore: removed unnecessary secrets
gentlementlegen · Jul 9, 2024 · a790b9b · a790b9b
2 parents 6fe8040 + afc9626
commit a790b9b
Show file tree

Hide file tree

Showing 7 changed files with 22 additions and 20 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -34,16 +34,14 @@ jobs:
 
       - uses: cloudflare/wrangler-action@v3
         with:
-          wranglerVersion: "3.57.0"
+          wranglerVersion: "3.63.1"
           apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
           accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
           secrets: |
-            WEBHOOK_PROXY_URL
-            WEBHOOK_SECRET
             APP_ID
-            PRIVATE_KEY
+            APP_PRIVATE_KEY
+            WEBHOOK_SECRET
         env:
-          WEBHOOK_PROXY_URL: ${{ secrets.WEBHOOK_PROXY_URL }}
           WEBHOOK_SECRET: ${{ secrets.WEBHOOK_SECRET }}
           APP_ID: ${{ secrets.APP_ID }}
-          PRIVATE_KEY: ${{ secrets.APP_PRIVATE_KEY }}
+          APP_PRIVATE_KEY: ${{ secrets.APP_PRIVATE_KEY }}
diff --git a/.github/workflows/bun-testing.yml b/.github/workflows/bun-testing.yml
@@ -8,7 +8,7 @@ env:
   NODE_ENV: "test"
   WEBHOOK_SECRET: ${{ secrets.WEBHOOK_SECRET }}
   APP_ID: ${{ secrets.APP_ID }}
-  PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }}
+  APP_PRIVATE_KEY: ${{ secrets.APP_PRIVATE_KEY }}
 
 jobs:
   testing:

diff --git a/README.md b/README.md
@@ -7,14 +7,14 @@ The kernel is designed to:
 
 ## Environment Variables
 
-- **`PRIVATE_KEY`**
+- **`APP_PRIVATE_KEY`**
   Obtain a private key from your GitHub App settings and convert it to the Public-Key Cryptography Standards #8 (PKCS#8) format. Use the following command to perform this conversion and append the result to your `.dev.vars` file:
 
   ```sh
-  echo "PRIVATE_KEY=\"$(openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in YOUR_PRIVATE_KEY.PEM | awk 'BEGIN{ORS="\\n"} 1')\"" >> .dev.vars
+  echo "APP_PRIVATE_KEY=\"$(openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in YOUR_APP_PRIVATE_KEY.PEM | awk 'BEGIN{ORS="\\n"} 1')\"" >> .dev.vars
   ```
 
-  **Note:** Replace `YOUR_PRIVATE_KEY.PEM` with the path to your actual PEM file when running the command.
+  **Note:** Replace `YOUR_APP_PRIVATE_KEY.PEM` with the path to your actual PEM file when running the command.
 
 - **`WEBHOOK_SECRET`**
   Set this value in both your GitHub App settings and here.
@@ -70,10 +70,10 @@ bun dev
 5. **Manage Secrets:**
 
    - Add (env) secrets using `npx wrangler secret put <KEY> --env dev`.
-   - For the private key, execute the following (replace `YOUR_PRIVATE_KEY.PEM` with the actual PEM file path):
+   - For the private key, execute the following (replace `YOUR_APP_PRIVATE_KEY.PEM` with the actual PEM file path):
 
      ```sh
-     echo $(openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in YOUR_PRIVATE_KEY.PEM) | npx wrangler secret put PRIVATE_KEY --env dev
+     echo $(openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in YOUR_APP_PRIVATE_KEY.PEM) | npx wrangler secret put APP_PRIVATE_KEY --env dev
      ```
 
 6. **Deploy the Kernel:**

diff --git a/src/github/github-event-handler.ts b/src/github/github-event-handler.ts
@@ -19,9 +19,9 @@ export class GitHubEventHandler {
   public onError: Webhooks<SimplifiedContext>["onError"];
   public pluginChainState: CloudflareKv<PluginChainState>;
 
-  private _webhookSecret: string;
-  private _privateKey: string;
-  private _appId: number;
+  private readonly _webhookSecret: string;
+  private readonly _privateKey: string;
+  private readonly _appId: number;
 
   constructor(options: Options) {
     this._privateKey = options.privateKey;

diff --git a/src/github/types/env.ts b/src/github/types/env.ts
@@ -1,6 +1,10 @@
 import { Type as T, type Static } from "@sinclair/typebox";
 
-export const envSchema = T.Object({ WEBHOOK_SECRET: T.String({ minLength: 1 }), APP_ID: T.String({ minLength: 1 }), PRIVATE_KEY: T.String({ minLength: 1 }) });
+export const envSchema = T.Object({
+  WEBHOOK_SECRET: T.String({ minLength: 1 }),
+  APP_ID: T.String({ minLength: 1 }),
+  APP_PRIVATE_KEY: T.String({ minLength: 1 }),
+});
 
 export type Env = Static<typeof envSchema> & {
   PLUGIN_CHAIN_STATE: KVNamespace;
@@ -12,7 +16,7 @@ declare global {
     interface ProcessEnv {
       APP_ID: string;
       WEBHOOK_SECRET: string;
-      PRIVATE_KEY: string;
+      APP_PRIVATE_KEY: string;
     }
   }
 }
diff --git a/src/worker.ts b/src/worker.ts
@@ -16,7 +16,7 @@ export default {
       const eventHandler = new GitHubEventHandler({
         webhookSecret: env.WEBHOOK_SECRET,
         appId: env.APP_ID,
-        privateKey: env.PRIVATE_KEY,
+        privateKey: env.APP_PRIVATE_KEY,
         pluginChainState: new CloudflareKv(env.PLUGIN_CHAIN_STATE),
       });
       bindHandlers(eventHandler);

diff --git a/tests/main.test.ts b/tests/main.test.ts
@@ -33,7 +33,7 @@ describe("Worker tests", () => {
     const res = await worker.fetch(req, {
       WEBHOOK_SECRET: "",
       APP_ID: "",
-      PRIVATE_KEY: "",
+      APP_PRIVATE_KEY: "",
       PLUGIN_CHAIN_STATE: {} as KVNamespace,
     });
     expect(res.status).toEqual(500);
@@ -51,7 +51,7 @@ describe("Worker tests", () => {
     const res = await worker.fetch(req, {
       WEBHOOK_SECRET: "webhook-secret",
       APP_ID: "app-id",
-      PRIVATE_KEY: "private-key",
+      APP_PRIVATE_KEY: "private-key",
       PLUGIN_CHAIN_STATE: {} as KVNamespace,
     });
     expect(res.status).toEqual(200);